duancuan6466 2014-07-29 12:19
浏览 33
已采纳

CakePHP 2.5 - 身份验证不起作用

Following tutorial I tried to create simple authentication, but I can't log in - always get a message "Invalid username or password, try again". I don't understand why - username and password are correct. Please, help to find mistake.

My model

// app/Model/User.php
App::uses('AppModel', 'Model');
App::uses('SimplePasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {
    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A username is required'
            )
        ),
        'password' => array(
            'required' => array(
            'rule' => array('notEmpty'),
            'message' => 'A password is required'
            )
        )
    );

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new SimplePasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                $this->data[$this->alias]['password']
            );
        }
        return true;
    }
}

My controller

// app/Controller/UsersController.php
class UsersController extends AppController {

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('logout');
    }

    public function login() {
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirect());
            }
            $this->Session->setFlash(__('Invalid username or password, try again'));
        } 
    }

    public function logout() {
        return $this->redirect($this->Auth->logout());
    }
}

AppController.php

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'good',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'login',
                'action' => 'index',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => array(
                    'className' => 'Simple',
                    'hashType' => 'md5'
                    )
                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->deny();
    }
}

My view (login.ctp)

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('username', array('label' => 'Username'));
        echo $this->Form->input('password', array('label' => 'Password'));
        ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>

DB table "users": id,username, password (as md5)

  • 写回答

1条回答 默认 最新

  • dongxie9169 2014-07-29 13:24
    关注

    1. For AuthComponent you have configured SimplePasswordHasher to use "md5" but in your beforeSave() callback you are not configuring it to use md5 (it uses sha1 by default).

    2. SimplePasswordHasher will append security salt to your password before hashing, so if you have manually added records in your user table without salting them it won't work. Unsalted md5 hashing is extremely weak. Would strong recommend not using that. But if you really want to, you will have to make and use a custom password hasher class which generates md5 hashes without salt.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?