duancuan6466
2014-07-29 12:19
浏览 33
已采纳

CakePHP 2.5 - 身份验证不起作用

Following tutorial I tried to create simple authentication, but I can't log in - always get a message "Invalid username or password, try again". I don't understand why - username and password are correct. Please, help to find mistake.

My model

// app/Model/User.php
App::uses('AppModel', 'Model');
App::uses('SimplePasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {
    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A username is required'
            )
        ),
        'password' => array(
            'required' => array(
            'rule' => array('notEmpty'),
            'message' => 'A password is required'
            )
        )
    );

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['password'])) {
            $passwordHasher = new SimplePasswordHasher();
            $this->data[$this->alias]['password'] = $passwordHasher->hash(
                $this->data[$this->alias]['password']
            );
        }
        return true;
    }
}

My controller

// app/Controller/UsersController.php
class UsersController extends AppController {

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('logout');
    }

    public function login() {
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirect());
            }
            $this->Session->setFlash(__('Invalid username or password, try again'));
        } 
    }

    public function logout() {
        return $this->redirect($this->Auth->logout());
    }
}

AppController.php

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'good',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'login',
                'action' => 'index',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => array(
                    'className' => 'Simple',
                    'hashType' => 'md5'
                    )
                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->deny();
    }
}

My view (login.ctp)

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('username', array('label' => 'Username'));
        echo $this->Form->input('password', array('label' => 'Password'));
        ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>

DB table "users": id,username, password (as md5)

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongxie9169 2014-07-29 13:24
    已采纳
    1. For AuthComponent you have configured SimplePasswordHasher to use "md5" but in your beforeSave() callback you are not configuring it to use md5 (it uses sha1 by default).

    2. SimplePasswordHasher will append security salt to your password before hashing, so if you have manually added records in your user table without salting them it won't work. Unsalted md5 hashing is extremely weak. Would strong recommend not using that. But if you really want to, you will have to make and use a custom password hasher class which generates md5 hashes without salt.

    打赏 评论

相关推荐 更多相似问题