0

嗨,我正在使用数据库进行身份验证,我遇到了一个问题,即如果电子邮件地址的格式不正确,则会将同一页面返回给用户,并在页面上显示错误。问题是密码仍然被散列并被添加到返回的表单中。

我的控制器::actionRegister():

$model = new User('register');
        if (isset($_POST['User']))
        {
            $model->attributes = $_POST['User'];
            $model->password = crypt($model->password, $model->blowfishSalt());
            if ($model->save())
            {
                $this->redirect(Yii::app()->user->returnUrl);
            }
        }   
        $this->render('register', array('model'=>$model));

我的观点:register.php

<div class="row">
        <?php echo $form->labelEx($model,'email'); ?>
        <?php echo $form->textField($model,'email'); ?>
        <?php echo $form->error($model,'email'); ?>
    </div>

    <div class="row">
        <?php echo $form->labelEx($model,'password'); ?>
        <?php echo $form->passwordField($model,'password'); ?>
        <?php echo $form->error($model,'password'); ?>
    </div>


    <div class="row buttons">
        <?php echo CHtml::submitButton('Submit'); ?>
    </div>

如何确保使用“注册”方案时密码不会返回到表单和/或在所有其他错误消除之前密码不会被散列。由于哈希需要一些时间?

4

2 回答 2

0

lysenkobv 的评论是正确的,或者您可以将代码更改为此,使用 validate 并且在验证之前不要修改密码:

if (isset($_POST['User']))
    {
        $model->attributes = $_POST['User'];
        if ($model->validate())
        {
            $model->password = crypt($model->password, $model->blowfishSalt());
            $model->save();
            $this->redirect(Yii::app()->user->returnUrl);
        } else {
            //if you want password to clear so they have to retype it
            $model->password = null;
        }
    }
于 2013-10-07T19:30:21.830 回答
0 
$model = new User('register');
    if (isset($_POST['User']))
    {
        $model->attributes = $_POST['User'];
        $password = $model->password;
        $model->password = crypt($model->password, $model->blowfishSalt());
        if ($model->save())
        {
            $this->redirect(Yii::app()->user->returnUrl);
        }
        else {
            $model->password = $password;
        }
    }   
    $this->render('register', array('model'=>$model));
于 2013-10-08T07:41:45.893 回答