dpeqsfx5186 2015-07-19 18:29
浏览 47
已采纳

CakePHP身份验证:无效的用户名或密码无效?

I'm going through the CakePHP tutorial and trying to test basic login functionality. I'm making slight tweaks along the way to match how my database needs to look (email and token instead of username and password as columns in the users table), I believe that I have messed something up when it comes to using Blowfish hashing. Can someone take a look and see if anything apparent pops out? Right now I can add new users, but their password in the database look to be plaintext. The token column is of type VARCHAR(75), is that enough space for Blowfish to work?

I'm getting the error:

**Warning (512): Invalid salt: pass for blowfish **

and then "Invalid username or password," when putting in a correct user/pass combo. When I put in incorrect credentials I only get the invalid user/pass error, so it looks like it is still getting through somewhere along the line.

app/Model/User.php

App::uses('AppModel', 'Model'); 
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

    public $validate = array(
        'email' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'An email is required'
            )
        ),
        'token' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        ),
        'group' => array(
            'valid' => array(
                'rule' => array('inList', array('user', 'admin', 'manager')),
                'message' => 'Please enter a valid group role',
                'allowEmpty' => false
            )
        )
    );

    public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['token'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['token'] = $passwordHasher->hash(
            $this->data[$this->alias]['token']
        );
    }
    return true;
        }
}

app/Controller/AppController.php

class AppController extends Controller {
    //...

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'posts',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish',
                    'fields' => array('username' => 'email', 'password' => 'token')

                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');

    }
    //...
}

add.ctp

<div class="users form">
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend><?php echo __('Add User'); ?></legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
        echo $this->Form->input('group', array(
            'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
        ));
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

login.ctp

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
  • 写回答

1条回答 默认 最新

  • dsizmmwnm56437180 2015-07-19 22:20
    关注

    Check the blowfish salt to make sure it has the correct number of characters, and use the add / edit form to set the password initally.

    You should also set the token length in the db to 256 chars

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 ssh登录页面的问题
  • ¥60 渗透一个指定银行app,拿到客户信息,需要什么级别
  • ¥50 关于在matlab上对曲柄摇杆机构上一点的运动学仿真
  • ¥15 jetson nano
  • ¥15 :app:debugCompileClasspath'.
  • ¥15 windows c++内嵌qt出现数据转换问题。
  • ¥15 stm32 串口通讯过程中的问题
  • ¥20 公众号如何实现点击超链接后自动发送文字
  • ¥15 用php隐藏类名和增加类名
  • ¥15 算法设计与分析课程的提问