CakePHP身份验证：无效的用户名或密码无效？

I'm going through the CakePHP tutorial and trying to test basic login functionality. I'm making slight tweaks along the way to match how my database needs to look (email and token instead of username and password as columns in the users table), I believe that I have messed something up when it comes to using Blowfish hashing. Can someone take a look and see if anything apparent pops out? Right now I can add new users, but their password in the database look to be plaintext. The token column is of type VARCHAR(75), is that enough space for Blowfish to work?

I'm getting the error:

**Warning (512): Invalid salt: pass for blowfish **

and then "Invalid username or password," when putting in a correct user/pass combo. When I put in incorrect credentials I only get the invalid user/pass error, so it looks like it is still getting through somewhere along the line.

app/Model/User.php

App::uses('AppModel', 'Model'); 
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

    public $validate = array(
        'email' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'An email is required'
            )
        ),
        'token' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        ),
        'group' => array(
            'valid' => array(
                'rule' => array('inList', array('user', 'admin', 'manager')),
                'message' => 'Please enter a valid group role',
                'allowEmpty' => false
            )
        )
    );

    public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['token'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['token'] = $passwordHasher->hash(
            $this->data[$this->alias]['token']
        );
    }
    return true;
        }
}

app/Controller/AppController.php

class AppController extends Controller {
    //...

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'posts',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish',
                    'fields' => array('username' => 'email', 'password' => 'token')

                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');

    }
    //...
}

add.ctp

<div class="users form">
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend><?php echo __('Add User'); ?></legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
        echo $this->Form->input('group', array(
            'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
        ));
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

login.ctp

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsizmmwnm56437180 2015-07-19 22:20
关注
Check the blowfish salt to make sure it has the correct number of characters, and use the add / edit form to set the password initally.

You should also set the token length in the db to 256 chars

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

CakePHP身份验证：无效的用户名或密码无效？ php
2015-07-19 18:29

回答 1 已采纳 Check the blowfish salt to make sure it has the correct number of characters, and use the add / ed
Cakephp身份验证：2.4.2 php
2013-12-15 15:55

回答 2 已采纳 As I couldn't do it without manual hashing, I used this code in the Controller login function: pu
cakephp 2.9.7数据验证无效 php
2017-06-02 11:20

回答 2 已采纳 This will validate and save your data if ($this->request->is('post')) { $this->Acti
PHP 面试知识点整理归纳
2018-09-05 18:33

php小学一年级生的博客全文已整理补充完毕，以后还...lz也是初学者，以下知识点均为自己整理且保持不断更新，也希望各路大神多多指点，若发现错误或有补充，可直接comment，lz时刻关注着。由于内容比较多，没有直接目录，请自行对照 Gi...
CakePHP验证:: naturalNumber（）不起作用 php
2012-10-09 17:36

回答 1 已采纳 if you take a look at the documentation ( http://book.cakephp.org/2.0/en/models/data-validation.ht
Cakephp 3.x：虚线休息api无效 json php
2016-05-13 08:21

回答 2 已采纳 Resource routes require separate inflection configuration You are missing the proper inflection c
CakePHP / mysql：select found_rows无法在循环中运行？ mysql php
2017-06-26 12:00

回答 1 已采纳 Check your models $cacheQueries property setting, it might be true, causing the query to be cached
cakephp2.X教程第三部分（基于cakephp1.3.4在线教程的改编）
2013-10-20 16:34

weixin_34318956的博客第 3 部分还介绍 CakePHP 安全组件、处理无效请求和其他高级请求认证。本文假设您已经学习了使用 CakePHP 快速打造 Web 站点，第 1 部分：入门和使用 CakePHP 快速打造 Web 站点...
CakePHP Router :: connect（）别名？ php
2010-03-01 02:15

回答 2 已采纳 Note that the Router "translates" a URL into Controllers, Actions and Params, it doesn't "forward"
CakePHP ORM ::断开数据库连接 php
2016-04-13 13:40

回答 1 已采纳 You can use disconnect() on the Connection object. $connectionObject->disconnect(); See: htt
CakePHP 2.x - Hash :: filter - 如何设置回调函数？ // PHP过滤器 php
2017-01-26 17:08

回答 1 已采纳 Hash::filter won't help you for your example, you better work with array_filterdirectly $res = ar
近期1年来PHP面试题整理
2018-05-31 09:33

wang_ze的博客中设置magic_quotes_gpc=onget_magic_quotes_gpc()检测字符串是否经过转义， strpos() 函数用于检索字符串内指定的字符或文本。如果找到匹配，则会返回首个匹配的字符位置。如果未找到匹配，则将返回 FALSE。 ...
未找到CakePhp 3插件身份验证适配器 php
2017-12-20 03:26

回答 1 已采纳 The problem was that the php function class_exists(...) didn't recognise the custom authentication
PHP常见的108个知识点
2017-03-22 14:11

jinglong.cha的博客 ------------------------------------... PHP知识大全 --------------------------------------------------------- 1. 变量如何定义？如何检查变量是否定义？如何删除一个变量？怎样检测变量是否设置？ $定义 iss
PHP知识大全
2016-06-27 16:09

lceBear的博客 -----------------------------------...PHP知识大全 --------------------------------------------------------- 1. 变量如何定义？如何检查变量是否定义？如何删除一个变量？怎样检测变量是否设置？ $定义 iss...
PHP知识大全【高级】
2016-11-15 12:29

weixin_33716941的博客魔术方法__call()的作用是当程序调用一个不存在或不可见的成员方法时，php会先调用__call()方法，将那个不存在的方法的方法名和参数都存储下来。 __call()包含两个参数，第一个参数是那个不存在的方法的方法名...
php知识点集合
2015-11-26 11:25

weixin_30413739的博客 ----------------------------------------...PHP知识大全 --------------------------------------------------------- 1.变量如何定义？如何检查变量是否定义？如何删除一个变量？怎样检测变量是否设置？ $定义...
PHP&Javascript&CSS&jQuery常用知识大全
2013-12-25 00:39

weixin_30650859的博客 --------------------------------------------------------- PHP知识大全 --------------------------------------------------------- 1. 变量如何定义？如何检查变量是否定义？如何删除一个变量？怎样检测变量...
【工具】Nmap
2018-12-02 12:30

miss枫的博客可以指定单个IP或IP段 eg：192.168.1.0/24、192.168.1.1,2,3-15 -iL &amp;lt;filename&amp;gt;：从文件中导入扫描目标 eg：nmap -iL ip.txt -iR &amp;lt;num hosts&amp;gt;：随机...
TLS协议分析与现代加密通信协议设计
2019-09-06 12:14

庚庚911的博客跟进一下密码学应用领域的历史和进展整理现代加密通信协议设计的一般思路本文有门槛，读者需要对现代密码学有清晰而系统的理解，建议花精力补足背景知识再读。本文最后的参考文献里有一些很不错的学习资料。 ...
没有解决我的问题, 去提问

悬赏问题

¥60 版本过低apk如何修改可以兼容新的安卓系统
¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
¥50 有数据，怎么建立模型求影响全要素生产率的因素
¥50 有数据，怎么用matlab求全要素生产率
¥15 TI的insta-spin例程
¥15 完成下列问题完成下列问题
¥15 C#算法问题, 不知道怎么处理这个数据的转换
¥15 YoloV5 第三方库的版本对照问题
¥15 请完成下列相关问题！
¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像，如何解决？

CakePHP身份验证：无效的用户名或密码无效？

1条回答 默认 最新

悬赏问题

1条回答默认最新