0

我下载了 cakephp 的最新版本,即 cakephp 2.4。

当我使用 Auth 组件时,它不检查密码。

当我看到 sql dump 它显示

SELECT User.id, User.role_id, User.username, User.password,
User.email, User.first_name, User.last_name, User.activation_key,
User.status, User.created, User.modified
FROM cakephp.users AS User WHERE User.username = 'admin'
AND User.status = 1 LIMIT 1

它应该是

SELECT User.id, User.role_id, User.username, User.password, User.email,
User.first_name, User.last_name, User.activation_key, User.status,
User.created, User.modified FROM cakephp.users AS User
WHERE User.username = 'admin'
AND User.password = '32ddqdsd34sfgtbvge434' AND User.status = 1 LIMIT 1

我的 Auth 组件代码是

$this->Auth->userModel = 'User';

$this->Auth->authenticate = array(
                            'Form' => array(
                            'scope' => array('User.status' => 1)
                            )
                        );

$this->Auth->loginError     =   __("login_failed_invalid_username_or_password");

$this->Auth->loginAction    =   array('admin' => true, 'controller' => 'admins', 'action' => 'login');  

$this->Auth->loginRedirect  =    array('admin' => true, 'controller' => 'admins', 'action' => 'dashboard');

$this->Auth->authError      =   __('you_must_login_to_view_this_information');

$this->Auth->autoRedirect   =   true;
4

2 回答 2

1

哈希算法在 2.4 中发生了变化。密码检查现在使用 PHP 完成,并且使用了不同的 has 类型。

在你的模型中

    if (isset($this->data[$this->alias]['password'])) {

    $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);

}

return true;

}

和你的控制器

 public $components = array(
    'Session',
    /* add Auth component and set  the urls that will be loaded after the login and logout actions is performed */
    'Auth' => array(
        'loginRedirect' => array('controller' => 'admins', 'action' => 'dashboard'),
        'logoutRedirect' => array('controller' => 'admins', 'action' => 'home')
    )
);

花时间读这个

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

于 2013-09-12T16:37:18.000 回答
0

它不会通过查找用户在一个 sql 中进行密码检查。来自 2.4 的 Cake 会找到用户(你会看到这个查询)然后检查密码。您需要在表中有正确的密码才能从 Auth->login 中获取 true

解决方案:在 CakePHP 2.4 中使用 AuthComponent 登录

于 2013-10-15T13:53:15.377 回答