dongli8979 2017-04-05 12:38
浏览 30
已采纳

cakephp 3-哈希密码在比较时不匹配

CakePHP version: 3.3.5

I'm building a simple system using which users can login (using a email and password) and after login they can change their password.

For this, I'm using DefaultPasswordHasher

I had a few users already in my db. Their record were already present. So when I did the login function, it worked. I compared the password the user enters with the hased password already present in the db. The check was successful and user was able to login.

Now after login, I wrote change password function, which updated the user password. New hash string replaced the old password string but when I try to login again, login fails.

I will share my controller here. It's pretty basic.

namespace Api\Controller;
use Cake\Utility\Security;
use Cake\Utility\Hash;
use Cake\Auth\DefaultPasswordHasher;
use Api\Controller\AppController;

class LoginController extends AppController
{
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
    }

    //Function to reset the password
    public function resetPassword()
    {
        $pass   = $this->request->data['pass'];
        $hasher = new DefaultPasswordHasher();
        $hashedPass = $hasher->hash($pass);

        $this->loadModel('Login');
        //save it to db
        $responseArray      = $this->Login->resetPassword($hashedPass); 
        $this->set(compact('responseArray'));
        $this->set('_serialize', ['responseArray']);
    }

     //Function to login
     public function login()
     {
        if ($this->request->is('post')) 
        {
            //Password submitted via form
            $pass   = $this->request->data['pass'];

            //Hashed password fetched from db via a function call
            $actualPassword = 'hashedPasswordString'

            //Compare password submitted and hash from db
            if($this->checkPassword($pass,$actualPassword))
            {
                $result = 'password matched';
            }
            else
            {
                $result = 'password doesnot match';
            }
        }
        $this->set(compact('result'));
        $this->set('_serialize', ['result']);       
     }

    //Function to compare password and hash
    public function checkPassword($passedPassword , $actualPassword) 
    {
        if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
            return true;
        } else {
            return false;
        }
    }

}

Can anyone tell me why the passwords don't match. I'm new to CakePHP framework. Thanks in advance!

  • 写回答

2条回答 默认 最新

  • dongzhou1901 2017-04-05 20:03
    关注

    This is what my reset password workflow looks like. I cannot tell from your post what your entity and table look like.

    Anytime posted data is converted into a user entity it will now be hashed

    Admin/UsersController.php

    public function password($id = null)
{
    $user = $this->Users->get($id, [
        'fields' => ['id', 'first_name', 'last_name', 'username']
    ]);
    if ($this->request->is('put')) {
        if ($this->request->data['password'] == $this->request->data['password2']) {
            $this->Users->patchEntity($user, ['password' => $this->request->data['password']]);
            $this->Users->save($user);
            $this->Flash->success('Password has been updated');
            return $this->redirect('/admin/users/password/' . $id);
        } else {
            $this->Flash->error('Passwords do not match');
        }
    }

    $this->set(compact('user'));
}

    Model/Entity/User.php

    protected function _setPassword($password)
{
    if (strlen($password) > 0) {
        return (new DefaultPasswordHasher)->hash($password);
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • cakephp 3-哈希密码比较不匹配 php
    2017-04-05 12:38
    回答 2 已采纳 This is what my reset password workflow looks like. I cannot tell from your post what your entity
  • CakePHP 3 - 比较密码 php
    2015-02-09 02:22
    回答 2 已采纳 Generally you can access all data in a custom validation rule via the $context argument, where it'
  • Cakephp 3 - 转换自定义子查询出现问题 mysql php
    2019-01-08 10:14
    回答 2 已采纳 OK Guys, Eventually I have come up with solution of my own. Here below is my working code. $sa_
  • cakephp index.php,CakePHP - 中文手册
    2021-04-27 08:55
    y咯p秒杀软的博客 它们中有很多是对PHP长名方法更便利的包装,但是也有一些方法(比如verdor()和uses())可以用来包含代码,或者执行其他有用的功能。如果你想有一个短小精悍的方法来做一些烦人的事情,这里就可以找到答案。config读取...
  • Cakephp 3.3 - 如何在连接表删除嵌套级别 php
    2017-12-06 10:02
    回答 1 已采纳 You can make alias for joined fields by using associative keys in select() $result = $this -&
  • CakePHP 3 - 查找多个条件 php
    2017-12-17 14:47
    回答 1 已采纳 What you're looking for is called the IN operator. Add the word IN to the end of the field name.
  • CakePHP 3 - 放置自定义SQL代码的位置 mysql php
    2017-06-22 10:00
    回答 1 已采纳 As mentioned in the comments, I would suggest to not ditch the ORM, it has so many benefits, you'l
  • CakePHP系列(五)----路由
    2017-02-25 10:12
    码农致富的博客 路由 class Cake\Routing\ ... 通过定义路由,您可以分离应用程序的实现方式与其URL的结构。...在CakePHP中的路由还包括反向路由的想法,其中参数数组...如果您的应用程序不在根目录中,这可以用于生成“蛋糕相对...
  • CakePHP 3.3 - Formbuilder的第一个值为1 php
    2017-01-14 18:13
    回答 1 已采纳 Does categories table have category_id field ? If not you may trying to do: $category = $this-&
  • cakephp 2.3 - 更改密码方法错误 php
    2013-07-16 15:24
    回答 1 已采纳 Try setting the user id before checking if the user exists Assuming you are trying to change the
  • CakePHP - 实体对象不可访问 php
    2019-06-03 15:15
    回答 1 已采纳 To get a list of accessible and non-static properties of an object, use function get_object_vars.
  • CakePHP系列(四)----配置
    2017-02-25 00:13
    码农致富的博客 一、配置 虽然约定不再需要配置所有...配置通常存储在PHP或INI文件中,并在应用程序引导期间加载。 CakePHP默认提供一个配置文件,但如果需要,您可以添加其他配置文件并将其加载到应用程序的引导代码中。 Cake\Core\
  • CakePHP 3 - 使用afterSave()中保存的数据 php
    2016-01-27 12:41
    回答 2 已采纳 How can I access the data saved with $this->Requests->save($request) in a beforeSave() or
  • CakePHP系列(二)----Bookmarker案例(一)
    2017-02-23 16:42
    码农致富的博客 一、Bookmarker教程 本教程将引导您完成一个简单的书签应用程序(Bookmarker)的创建。 首先,我们将安装CakePHP,创建...我们将在本教程中使用MySQL服务器, 您将需要足够了解SQL以创建数据库:CakePHP将从那里接管
  • centos8PHP包,在CentOS 8系统上安装和使用PHP Composer的方法
    2021-04-11 12:54
    weixin_39568233的博客 关于安装,如果您急于不想验证文件的完整性,可以采用快速安装的方法,在安装之前您的CentOS 8系统要安装好PHP。Composer将提取您项目所依赖的所有必需PHP软件包,并为您管理它们,它用于所有现代PHP框架和平台,...
  • PHP – 最佳实践
    2022-09-16 11:08
    allway2的博客 PHP 中开发 Web 应用程序,您应该遵循一些好的做法。其中大多数都非常容易上手,其中一些甚至适用于一般的 Web 开发。这不是特定于 PHP 的。为避免用户刷新浏览器并两次提交相同的表单数据的情况,您应该始终...
  • PHP基础面试问题汇总
    2019-03-31 18:44
    PanQiHang的博客 PHP的意思 PHP是一个基于服务端来创建动态网站的脚本语言,您可以用PHP和HTML生成网站主页 什么是面向对象?主要特征是什么? 面向对象是程序的一种设计方式,它利于提高程序的重用性,使程序结构更加清晰。主要...
  • 4.1.8- Web 应用程序使用的组件进行指纹识别
    2023-09-13 19:45
    开启学习模式的博客 它们主要在正则表达式匹配上工作,除了在浏览器中加载页面之外,不需要任何内容。它完全在浏览器级别工作,并以图标的形式给出结果。尽管有它有误报,但了解在浏览页面后立即使用哪些技术构建目标站点非常方便。 ...
  • 渗透之——Metasploit命令及模块
    2019-01-26 10:26
    冰 河的博客 你本地可以让目标主机连接的IP地址,通常当目标主机不在同一个局域网内,就需要是一个公共IP地址,特别为反弹式shell使用。 RHOST 远程主机或是目标主机。 set function 设置特定的配置参数(EG:设置本地或...
  • CakePHP的全局常量及方法
    2014-10-28 14:32
    不净之心的博客 [url]http://docs.30c.org/cakephp/globalconstants.html[/url] [color=red][b]Section 1 全局方法[/b][/color] 这些都是Cake领域内全局可用的方法。它们中有很多是对PHP长名方法更便利的包装,但是也有一些方法...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 stata安慰剂检验作图但是真实值不出现在图上
  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题