dongli8979 2017-04-05 12:38
浏览 30
已采纳

cakephp 3-哈希密码在比较时不匹配

CakePHP version: 3.3.5

I'm building a simple system using which users can login (using a email and password) and after login they can change their password.

For this, I'm using DefaultPasswordHasher

I had a few users already in my db. Their record were already present. So when I did the login function, it worked. I compared the password the user enters with the hased password already present in the db. The check was successful and user was able to login.

Now after login, I wrote change password function, which updated the user password. New hash string replaced the old password string but when I try to login again, login fails.

I will share my controller here. It's pretty basic.

namespace Api\Controller;
use Cake\Utility\Security;
use Cake\Utility\Hash;
use Cake\Auth\DefaultPasswordHasher;
use Api\Controller\AppController;

class LoginController extends AppController
{
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
    }

    //Function to reset the password
    public function resetPassword()
    {
        $pass   = $this->request->data['pass'];
        $hasher = new DefaultPasswordHasher();
        $hashedPass = $hasher->hash($pass);

        $this->loadModel('Login');
        //save it to db
        $responseArray      = $this->Login->resetPassword($hashedPass); 
        $this->set(compact('responseArray'));
        $this->set('_serialize', ['responseArray']);
    }

     //Function to login
     public function login()
     {
        if ($this->request->is('post')) 
        {
            //Password submitted via form
            $pass   = $this->request->data['pass'];

            //Hashed password fetched from db via a function call
            $actualPassword = 'hashedPasswordString'

            //Compare password submitted and hash from db
            if($this->checkPassword($pass,$actualPassword))
            {
                $result = 'password matched';
            }
            else
            {
                $result = 'password doesnot match';
            }
        }
        $this->set(compact('result'));
        $this->set('_serialize', ['result']);       
     }

    //Function to compare password and hash
    public function checkPassword($passedPassword , $actualPassword) 
    {
        if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
            return true;
        } else {
            return false;
        }
    }

}

Can anyone tell me why the passwords don't match. I'm new to CakePHP framework. Thanks in advance!

  • 写回答

2条回答 默认 最新

  • dongzhou1901 2017-04-05 20:03
    关注

    This is what my reset password workflow looks like. I cannot tell from your post what your entity and table look like.

    Anytime posted data is converted into a user entity it will now be hashed

    Admin/UsersController.php

    public function password($id = null)
{
    $user = $this->Users->get($id, [
        'fields' => ['id', 'first_name', 'last_name', 'username']
    ]);
    if ($this->request->is('put')) {
        if ($this->request->data['password'] == $this->request->data['password2']) {
            $this->Users->patchEntity($user, ['password' => $this->request->data['password']]);
            $this->Users->save($user);
            $this->Flash->success('Password has been updated');
            return $this->redirect('/admin/users/password/' . $id);
        } else {
            $this->Flash->error('Passwords do not match');
        }
    }

    $this->set(compact('user'));
}

    Model/Entity/User.php

    protected function _setPassword($password)
{
    if (strlen($password) > 0) {
        return (new DefaultPasswordHasher)->hash($password);
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • cakephp 3-哈希密码比较不匹配 php
    2017-04-05 12:38
    回答 2 已采纳 This is what my reset password workflow looks like. I cannot tell from your post what your entity
  • CakePHP 3 - 比较密码 php
    2015-02-09 02:22
    回答 2 已采纳 Generally you can access all data in a custom validation rule via the $context argument, where it'
  • Cakephp 3 - 转换自定义子查询出现问题 mysql php
    2019-01-08 10:14
    回答 2 已采纳 OK Guys, Eventually I have come up with solution of my own. Here below is my working code. $sa_
  • cakephp index.php,CakePHP - 中文手册
    2021-04-27 08:55
    y咯p秒杀软的博客 它们中有很多是对PHP长名方法更便利的包装,但是也有一些方法(比如verdor()和uses())可以用来包含代码,或者执行其他有用的功能。如果你想有一个短小精悍的方法来做一些烦人的事情,这里就可以找到答案。config读取...
  • Cakephp 3.3 - 如何在连接表删除嵌套级别 php
    2017-12-06 10:02
    回答 1 已采纳 You can make alias for joined fields by using associative keys in select() $result = $this -&
  • CakePHP 3 - 查找多个条件 php
    2017-12-17 14:47
    回答 1 已采纳 What you're looking for is called the IN operator. Add the word IN to the end of the field name.
  • CakePHP 3 - 放置自定义SQL代码的位置 mysql php
    2017-06-22 10:00
    回答 1 已采纳 As mentioned in the comments, I would suggest to not ditch the ORM, it has so many benefits, you'l
  • CakePHP系列(五)----路由
    2017-02-25 10:12
    码农致富的博客 路由 class Cake\Routing\ ... 通过定义路由,您可以分离应用程序的实现方式与其URL的结构。...在CakePHP中的路由还包括反向路由的想法,其中参数数组...如果您的应用程序不在根目录中,这可以用于生成“蛋糕相对...
  • CakePHP 3.3 - Formbuilder的第一个值为1 php
    2017-01-14 18:13
    回答 1 已采纳 Does categories table have category_id field ? If not you may trying to do: $category = $this-&
  • cakephp 2.3 - 更改密码方法错误 php
    2013-07-16 15:24
    回答 1 已采纳 Try setting the user id before checking if the user exists Assuming you are trying to change the
  • CakePHP - 实体对象不可访问 php
    2019-06-03 15:15
    回答 1 已采纳 To get a list of accessible and non-static properties of an object, use function get_object_vars.
  • CakePHP系列(四)----配置
    2017-02-25 00:13
    码农致富的博客 一、配置 虽然约定不再需要配置所有...配置通常存储在PHP或INI文件中,并在应用程序引导期间加载。 CakePHP默认提供一个配置文件,但如果需要,您可以添加其他配置文件并将其加载到应用程序的引导代码中。 Cake\Core\
  • CakePHP 3 - 使用afterSave()中保存的数据 php
    2016-01-27 12:41
    回答 2 已采纳 How can I access the data saved with $this->Requests->save($request) in a beforeSave() or
  • CakePHP系列(二)----Bookmarker案例(一)
    2017-02-23 16:42
    码农致富的博客 一、Bookmarker教程 本教程将引导您完成一个简单的书签应用程序(Bookmarker)的创建。 首先,我们将安装CakePHP,创建...我们将在本教程中使用MySQL服务器, 您将需要足够了解SQL以创建数据库:CakePHP将从那里接管
  • centos8PHP包,在CentOS 8系统上安装和使用PHP Composer的方法
    2021-04-11 12:54
    weixin_39568233的博客 关于安装,如果您急于不想验证文件的完整性,可以采用快速安装的方法,在安装之前您的CentOS 8系统要安装好PHP。Composer将提取您项目所依赖的所有必需PHP软件包,并为您管理它们,它用于所有现代PHP框架和平台,...
  • PHP – 最佳实践
    2022-09-16 11:08
    allway2的博客 PHP 中开发 Web 应用程序,您应该遵循一些好的做法。其中大多数都非常容易上手,其中一些甚至适用于一般的 Web 开发。这不是特定于 PHP 的。为避免用户刷新浏览器并两次提交相同的表单数据的情况,您应该始终...
  • PHP基础面试问题汇总
    2019-03-31 18:44
    PanQiHang的博客 PHP的意思 PHP是一个基于服务端来创建动态网站的脚本语言,您可以用PHP和HTML生成网站主页 什么是面向对象?主要特征是什么? 面向对象是程序的一种设计方式,它利于提高程序的重用性,使程序结构更加清晰。主要...
  • 4.1.8- Web 应用程序使用的组件进行指纹识别
    2023-09-13 19:45
    开启学习模式的博客 它们主要在正则表达式匹配上工作,除了在浏览器中加载页面之外,不需要任何内容。它完全在浏览器级别工作,并以图标的形式给出结果。尽管有它有误报,但了解在浏览页面后立即使用哪些技术构建目标站点非常方便。 ...
  • 渗透之——Metasploit命令及模块
    2019-01-26 10:26
    冰 河的博客 你本地可以让目标主机连接的IP地址,通常当目标主机不在同一个局域网内,就需要是一个公共IP地址,特别为反弹式shell使用。 RHOST 远程主机或是目标主机。 set function 设置特定的配置参数(EG:设置本地或...
  • CakePHP的全局常量及方法
    2014-10-28 14:32
    不净之心的博客 [url]http://docs.30c.org/cakephp/globalconstants.html[/url] [color=red][b]Section 1 全局方法[/b][/color] 这些都是Cake领域内全局可用的方法。它们中有很多是对PHP长名方法更便利的包装,但是也有一些方法...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 三因素重复测量数据R语句编写,不存在交互作用
  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表