密码在 cakephp 中没有散列
以下代码无法对用户的密码进行哈希处理,而是以明文形式将密码存储在数据库中。更改密码后,我无法登录,因为密码需要采用哈希值。 以下代码在我的模型中。
'password_confirm'=>array(
'compare' => array(
'rule' => array('password_match', 'password', true),
'message' => 'Password does not match',
'required' => true,
),
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Confirm password is empty',
'allowEmpty' => false,
'required' => true)
),
'password'=>array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Password is empty',
'allowEmpty' => false,
'required' => true)
)
function password_match($data, $password_field, $hashed = true)
{
$password = $this->data[$this->alias][$password_field];
$keys = array_keys($data);
$password_confirm = $hashed ?
Security::hash($data[$keys[0]], null, true) :
$data[$keys[0]];
return $password === $password_confirm;
}
以下代码在我的user_controller中
function change_password(){
#CURRENTLY NOT WORKING
$this->layout = "mainLayout";
$in_user_id = $id = $this->Auth->user('id');
if($this->data){
$this->User->validate['password_confirm']['compare']['rule'] =
array('password_match', 'password', false);
$this->User->set($this->data);
$this->User->useValidationRules('ChangePassword');
if($this->User->validates()){
$this->data['User']['id']=$in_user_id;
$this->User->save($this->data,array('validate'=>false));
}
}
}
the following code is not able to hash the user's password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash.
The following code is in my model.
'password_confirm'=>array(
'compare' => array(
'rule' => array('password_match', 'password', true),
'message' => 'Password does not match',
'required' => true,
),
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Confirm password is empty',
'allowEmpty' => false,
'required' => true)
),
'password'=>array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Password is empty',
'allowEmpty' => false,
'required' => true)
)
function password_match($data, $password_field, $hashed = true)
{
$password = $this->data[$this->alias][$password_field];
$keys = array_keys($data);
$password_confirm = $hashed ?
Security::hash($data[$keys[0]], null, true) :
$data[$keys[0]];
return $password === $password_confirm;
}
The following code is in my user_controller
function change_password(){
#CURRENTLY NOT WORKING
$this->layout = "mainLayout";
$in_user_id = $id = $this->Auth->user('id');
if($this->data){
$this->User->validate['password_confirm']['compare']['rule'] =
array('password_match', 'password', false);
$this->User->set($this->data);
$this->User->useValidationRules('ChangePassword');
if($this->User->validates()){
$this->data['User']['id']=$in_user_id;
$this->User->save($this->data,array('validate'=>false));
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您的模型和验证函数仅检查password 和confirm_password 输入是否匹配。它在任何时候都不会改变数据来散列输入值。
验证输入后、保存模型之前,您需要对输入的密码进行哈希处理。像这样的事情:
Your model and validation function are only checking that the password and confirm_password inputs match. At no point does it alter the data to hash the input value.
After you validate your input, and before you save your model, you need to hash the password input. Something like this:
你不应该在 cake1.3 中使用字段名称“password”,因为它是自动的。
使用不同的字段并在保存之前重命名。
如果您想使用更干净的方法,请考虑使用以下行为:
http://www.dereuromark.de/2011/ 08/25/working-with-passwords-in-cakephp/
you shouldn't use the field name "password" in cake1.3 due to its automatic.
use a different field and rename it prior to saving.
if you want to use a cleaner approach, consider using a behavior:
http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/