Ion Auth不允许使用包含＆符号的密码

I'm developing a bespoke web system for a client using CodeIgniter and Ion Auth. Everything has been going fine so far however I have just come across an issue whereby if I try to set a password with an ampersand in, that user can no longer log in to the system.

At first I thought this issue may be related to character coding as I was setting the passwords manually using a literal string, however the same happens if I take the input directly from a HTML form. I haven't changed any encryption/hash settings in Ion Auth, only the site title, default user group, and the table attribute used for the username.

I'm using CodeIgniter 3 and Ion Auth. Please let me know if you need anymore information.

Any ideas what is happening here?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanbinian2243 2015-05-17 18:47
关注
I've just discovered the issue, and it has made me feel just a little bit daft but I thought I'd let everyone else know the solution because if I've had this issue, I'm sure somebody else is bound to.

The problem was nothing to do with Ion Auth, but instead to with me incorrectly using CodeIgniter functions. To obtain the password from the form, I was using set_value('password) which actually escapes values for HTML as documented here and written about here. Obviously by just printing the password using echo, which was how I was attempting to debug, I couldn't see that the the original string was being altered in any way but it made a difference to the hash.

The solution is to simply use $this->input->post('password') to get the password instead, as this function makes no changes to the original input.

Hope that helps somebody. The moral of the story is to get familiar with any framework before you start using it and read the documentation thoroughly.

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Ion Auth Codeigniter - 默认用户/密码无法识别 php
2014-03-24 18:10

回答 1 已采纳 It turns out I made an error when running the SQL scripts - I simply created the table structure b
Laravel 5.6 - 在自定义表上使用内置Auth - 不验证用户/密码 laravel php
2018-03-22 15:55

回答 1 已采纳 You will need to override the getAuthPassword() method in your User model, like this: /** * Get
没有记住Ion AUTH登录的CodeIgniter php
2016-03-08 09:15

回答 1 已采纳 I can see that you answered the problem yourself, but to add a solution to make it easier to find
[转]杂谈如何绕过WAF（Web应用防火墙）
2016-05-05 20:12

黑夜路人的博客因为如果不使用引号，词法分析器会认为回车、换行就是结束了，如果你运行上面这段代码，webkit会把java当做地址传给src。词法分析器跳过的前提就是建立在引号里的，切记。这里在说一个：回车、换行只在属性中...
使用Httpful和Basic Auth Header进行PHP API调用 php
2017-04-10 20:42

回答 1 已采纳 Should I be placing the auth key into a separate file Probably. As a general rule, you should
Laravel 5重置JWTAuth的密码 laravel php
2018-10-22 13:52

回答 2 已采纳 Well, It seems you need a json resonse from the reset method. Modify your ResetPasswordController
Auth :: attempt不检查用户名和密码 php
2015-03-03 07:51

回答 2 已采纳 Change this part: $credentials = array( 'username' => "'$email'", 'password' =
Python基础学习-简要记录
2023-02-22 11:44

watson_pillow的博客如下所示： >>> s = {'a', 'a', 'b', 'c', 'c'} >>> s {'a', 'c', 'b'} #添加元素可以使用 add 或 update 方法，如果元素已经存在，则不进行操作，如下所示： >>> s = {'a', 'b', 'c'} >>> s.add('d') >>> s {'a', '...
CakePHP Auth不允许显示图像 jquery php
2014-04-01 09:51

回答 1 已采纳 I think found the solution. Try doing this. put debug mode to 0; empty the timthumb folder. refre
Laravel 5.7 - 使用命令'php artisan make：auth'后，Ckeditor停止显示 laravel php
2018-08-27 13:53

回答 1 已采纳 You done everything right, but after running this command php artisan make:auth The newly crea
如何使用没有标准auth的laravel RegisterController（php artisan make：Auth） laravel php
2018-08-19 11:39

回答 1 已采纳 You have a couple of options here: Use validate() public function register(Request $request) {
Notes Fifteenth Day-渗透攻击-红队-内部信息搜集
2020-10-01 22:07

大余xiyou的博客这里使用的技术仅用于学习教育目的，如果列出的技术用于其他任何目标，我概不负责。我必须再重申一遍：务必不要做未授权测试！不要未经授权在真实网络环境中复现任何本书中描述的攻击。即使是出于好奇而不是恶意，...
PHP Laravel 5.7 Tymon / jwt-auth无法安装 laravel php
2018-12-23 02:08

回答 2 已采纳 It would be nice to get this released soon you can just using this "tymon/jwt-auth": "dev-develop
CCIE重认证350-401
2023-01-04 13:59

fo安方的博客 SD-Access选inter-xTR，wireless选inter-controller不选intra-controller，VLAN选intra-controller不选inter-controller；（Intra内部，inter模块间）； VLAN；GLBP、MHSRP（MG芒果）；题目有gateway，答案有glbp，...
高通平台环境搭建，编译，系统引导流程分析
2015-06-30 08:15

loongembedded的博客根据选择的 Android 源代码分支不同， vendor 代码的选择也是不一样的，BUILD ID 必须一致 M7630AABBQMLZA1150 对应 HY11-VR881-5.zip M7630AABBQMLZA1250 对应 HY11-VR881-11.zip M7630AABBQMLZA...
Notes Ninth Day-渗透攻击-红队-打入内网
2020-09-25 22:30

大余xiyou的博客这里使用的技术仅用于学习教育目的，如果列出的技术用于其他任何目标，我概不负责。我必须再重申一遍：务必不要做未授权测试！不要未经授权在真实网络环境中复现任何本书中描述的攻击。即使是出于好奇而不是恶意，...
Notes Twelfth Day-渗透攻击-红队-命令与控制
2020-09-28 20:41

大余xiyou的博客这里使用的技术仅用于学习教育目的，如果列出的技术用于其他任何目标，我概不负责。我必须再重申一遍：务必不要做未授权测试！不要未经授权在真实网络环境中复现任何本书中描述的攻击。即使是出于好奇而不是恶意，...
没有解决我的问题, 去提问

悬赏问题

¥15 关于#matlab#的问题：在模糊控制器中选出线路信息，在simulink中根据线路信息生成速度时间目标曲线（初速度为20m/s，15秒后减为0的速度时间图像）我想问线路信息是什么
¥15 banner广告展示设置多少时间不怎么会消耗用户价值
¥16 mybatis的代理对象无法通过@Autowired装填
¥15 可见光定位matlab仿真
¥15 arduino 四自由度机械臂
¥15 wordpress 产品图片 GIF 没法显示
¥15 求三国群英传pl国战时间的修改方法
¥15 matlab代码代写，需写出详细代码，代价私
¥15 ROS系统搭建请教（跨境电商用途）
¥15 AIC3204的示例代码有吗，想用AIC3204测量血氧，找不到相关的代码。

Ion Auth不允许使用包含＆符号的密码

1条回答 默认 最新

悬赏问题

1条回答默认最新