dragonsun00000 2013-10-14 14:41
浏览 106
已采纳

重置密码功能CakePHP

I am currently working with CakePHP now if my users forgot their password i wish to allow them to reset it. (i.e me sending a mail to them with their new temp password).

But there is a problem. Passwords stored in my Database are hashed by the Auth component which means that if i try to select all from my User model i will get a hashed version of the password. Futher more i don't know how i will be able to save the password HASHED after generating a new one.

Ive been googling aroung for some time to find an answer to this but couldn't seem to find any examples of how this would be done.

Has anyone tried something similar or know how i can be done?

  • 写回答

3条回答 默认 最新

  • duanshai4484 2013-10-14 15:42
    关注

    Ok, 2.x definitely gives more control. I only hash the passwords in my User model's beforeSave method just like you do: 

    public function beforeSave() {
    if (isset($this->data['User']['password'])) { 
        $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
    }
    return true;
}

    This allows you to create a password in your Controller's password reset action as plain text, email it to the user, and then you set the password in the User model and persist it (password is hashed before it hits the database). The important thing here is that your password stays plain text until your controller calls the save method.

    Generally I always add an unset on the password field in controller actions that will save the User record just to make sure it won't get rehashed. A second option would be to add an afterFind callback to your user model that does the unset each time the User model(s) are loaded.

    About the one time reset key.... I have an additional field in my User object that I use in two cases. Email verification and password reset. When the user is created it is set to the SHA1( + + ). A link is emailed to the user that sends them to the User controller's validate action. Once that key is verified, that column gets cleared out in the database.

    Same with the password reset. When they request a reset, the value gets generated in the same way and a link to the User controller's reset action gets emailed to the user. They enter their userid and if the key in the link matches the one in their database row, they can change their password. When their password is changed, this value is again cleared.

    The biggest issue with sending temporary passwords is that it creates a DoS mechanism (against users, not your site). If I decided to harass someone, I could create a task that keeps resetting their password every hour. They can't get in until they check their email, but then it'll change again. Using a key, they'll get an email with a reset link, but their current password will still work as the presence of a reset code would not keep them from logging in.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

  • 重置密码功能CakePHP php
    2013-10-14 14:41
    回答 3 已采纳 Ok, 2.x definitely gives more control. I only hash the passwords in my User model's beforeSave met
  • 重置密码CakePHP 2.X BlowfishPasswordHasher mysql php
    2017-08-01 23:34
    回答 1 已采纳 Try this from any function within controller: $password = "123"; $hash = Security::hash($password
  • CakePHP烘焙PHP版本错误 php
    2017-09-28 21:32
    回答 1 已采纳 That is your webserver problem. There is nothing to do with cake bake. Find a way to configure w
  • cakephp-tools:一个CakePHP Tools插件,其中包含许多有用的帮助程序,行为,组件,shell等。
    2021-04-29 18:38
    可设置密码的行为使前端和后端的密码功能易于使用。 MultiColumnAuthenticate用于登录,例如使用“电子邮件或用户名”。 ugg撞,重置和其他行为 用于处理(复杂)树及其输出的树帮助器。 进度条
  • 如何使用散列来确认密码验证cakephp php
    2016-08-12 07:57
    回答 1 已采纳 In your model (Driver.php) Validation <?php public $validate = array( 'password
  • cakephp中使用PHP Gender扩展 php
    2018-12-05 16:32
    回答 1 已采纳 Without your CakePHP code I can only guess but yes, most likely the namespace creates the problem.
  • 更改Cakephp路由功能 php
    2015-11-12 11:28
    回答 1 已采纳 You can use the CakePHP base configuration for that. Configure::write('App.baseUrl', 'http://exam
  • cakephp 安装mysql_CakePHP 2.x 安装与配置
    2021-03-07 16:51
    weixin_39897749的博客 Cakephp 2.x依然保持着Cakephp框架的各种优良传统,其中之一就是非常易于新手入门,几乎不做任何复杂的配置即可使用。非常可惜的是,Cakephp 2.x手册竟然没有了中文翻译,1.3的翻译又是有各种老,让想学习Cakephp...
  • Cakephp更新密码 php
    2013-10-21 11:55
    回答 1 已采纳 You are forgetting to set the current id to update, so Cake will try to create a new record by def
  • PHP版本5.4.19中运行CakePHP 1.2.9 php
    2014-10-14 17:37
    回答 1 已采纳 Since PHP 5.4 E_STRICT is included in E_ALL. Maybe CakePHP 1.x doesn't know of E_STRICT setting ?
  • cakephp中添加功能突然停止工作 php
    2014-10-23 15:48
    回答 2 已采纳 I don't see errors in your code. Add this in the controller add and make a debug for more informat
  • 博客系统忘记密码实现
    2021-07-15 17:24
    wyqgg123的博客 ​ 关于php如何安装phpemail插件我在前面的文章中有提到这里不做赘述,这里主要讲述的是关于如何实现该功能,我在这里实现的步骤为1、点击忘记密码展示的页面需要用户输入自己的用户名和邮箱,然后点击发送验证码...
  • CakePHP 3.0中供应商文件夹中缺少autoload.php php
    2017-05-22 07:06
    回答 1 已采纳 You can recreate your project autoload by this method: Open your terminal, cd /var/www/html/book
  • CakePHP系列(二)----Bookmarker案例(一)
    2017-02-23 16:42
    码农致富的博客 首先,我们将安装CakePHP,创建我们的数据库,并使用CakePHP提供的工具快速完成我们的应用程序。 以下是您需要的: 1.数据库服务器。  我们将在本教程中使用MySQL服务器, 您将需要足够了解SQL以创建数据库...
  • PHP – 最佳实践
    2022-09-16 11:08
    allway2的博客 PHP 中开发 Web 应用程序时,您应该遵循一些好的做法。其中大多数都非常容易上手,其中一些甚至适用于一般的 Web 开发。这不是特定于 PHP 的。为避免用户刷新浏览器并两次提交相同的表单数据的情况,您应该始终...
  • CakePHP快速入门
    2017-12-20 12:32
    amberom的博客 CakePHP的框架为您的应用程序提供了一个强大的基础。它可以处理每一个环节,从用户的初始请求一路到网页的最终渲染。 而且,由于该框架采用MVC的框构,它可以让你轻松定制和扩展你的应用程序。 该框架还提供了一...
  • 使用 CakePHP 快速打造 Web 站点
    2011-03-10 20:47
    pythoner的博客 无论您的经验水平如何,CakePHP 都可以使应用程序更易于快速编写和维护,从而简化您的工作。CakePHP 有很多非常酷而且十分有用的特性。CakePHP 可以为您处理 Ajax、数据检验和会话。如果可以编写插件告诉 CakePHP ...
  • CakePHP 2.x十分钟博客教程(一):安装与配置
    2012-11-10 08:49
    jiufreeman的博客 Cakephp 2.0依然保持着Cakephp框架的各种优良传统,其中之一就是非常易于新手入门,几乎不做任何复杂的配置即可使用。非常可惜的是,Cakephp 2.0手册竟然没有了中文翻译,1.3的翻译又是有各种老,让想学习Cakephp...
  • php 入门示例_最好PHP示例
    2020-08-14 13:59
    cumian9828的博客 php 入门示例PHP is a server-side scripting language created in 1995 by Rasmus Lerdorf. PHP是Rasmus Lerdorf于1995年创建的服务器端脚本语言。 PHP is a widely-used open source general-purpose scripting ...
  • Cakephp 入门
    2014-08-15 17:42
    Camel_Majesty的博客 Cakephp 2.0依然保持着Cakephp框架的各种优良传统,其中之一就是非常易于新手入门,几乎不做任何复杂的配置即可使用。非常可惜的是,Cakephp 2.0手册竟然没有了中文翻译,1.3的翻译又是有各种老,让想学习Cakephp...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥20 matlab计算中误差
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊