dpeqsfx5186
2015-07-19 18:29
浏览 45
已采纳

CakePHP身份验证:无效的用户名或密码无效?

I'm going through the CakePHP tutorial and trying to test basic login functionality. I'm making slight tweaks along the way to match how my database needs to look (email and token instead of username and password as columns in the users table), I believe that I have messed something up when it comes to using Blowfish hashing. Can someone take a look and see if anything apparent pops out? Right now I can add new users, but their password in the database look to be plaintext. The token column is of type VARCHAR(75), is that enough space for Blowfish to work?

I'm getting the error:

**Warning (512): Invalid salt: pass for blowfish **

and then "Invalid username or password," when putting in a correct user/pass combo. When I put in incorrect credentials I only get the invalid user/pass error, so it looks like it is still getting through somewhere along the line.

app/Model/User.php

App::uses('AppModel', 'Model'); 
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

    public $validate = array(
        'email' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'An email is required'
            )
        ),
        'token' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        ),
        'group' => array(
            'valid' => array(
                'rule' => array('inList', array('user', 'admin', 'manager')),
                'message' => 'Please enter a valid group role',
                'allowEmpty' => false
            )
        )
    );

    public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['token'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['token'] = $passwordHasher->hash(
            $this->data[$this->alias]['token']
        );
    }
    return true;
        }
}

app/Controller/AppController.php

class AppController extends Controller {
    //...

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'posts',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish',
                    'fields' => array('username' => 'email', 'password' => 'token')

                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');

    }
    //...
}

add.ctp

<div class="users form">
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend><?php echo __('Add User'); ?></legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
        echo $this->Form->input('group', array(
            'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
        ));
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

login.ctp

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dsizmmwnm56437180 2015-07-19 22:20
    已采纳

    Check the blowfish salt to make sure it has the correct number of characters, and use the add / edit form to set the password initally.

    You should also set the token length in the db to 256 chars

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题