0

我正在运行一个 2.2.2 CakePHP 应用程序,一切正常。现在我正在为它开发一个 Android 应用程序,因此需要在这两个应用程序之间创建接口。这就是为什么我需要手动登录用户。所以我创建了一个全新的控制器,AndroidController,以便将所有东西捆绑在一个地方。首先要做的是登录操作。所以我设置了以下控制器:

<?php
App::uses('AppController', 'Controller');

/**
 * Android Controller
 * 
 * @package       app.Controller
 */
class AndroidController extends AppController {
    public $components = array('RequestHandler','Auth');
    public $uses = array('User');

    public function beforeFilter() {
        $this->Auth->allow();
    }

    public function login() {
        //For testing purposes
        $postarray = array('_method' => 'POST','data' => array('User' => array('email' => 'user@gmail.com', 'password' => 'THISisDEFINITELYaWRONGpassword')));

        $id = $this->tryToGetUserID($postarray['data']['User']['email']);
        if($id == 0){
            //return Error json, unknown User
            $this->set('result', array(
                'tag' => 'login',
                'success' => 0,
                'error' => 1,
                'error_msg' => 'Unknown User'           
            )); 
        }else{
        //  if ($this->request->is('post')) {
            $postarray['data']['User'] = array_merge($postarray['data']['User'], array('id' => $id));
                    $this->User->id = $id;
                if ( $this->Auth->login($postarray['data']['User'])) {
                    // Login successfull
                    $this->User->saveField('lastlogin', date(DATE_ATOM));
                    $user = $this->User->find('all', array(
                        'recursive' => 0, //int
                        'conditions' => array('User.id' => $id)
                    ));
                    $loggedInUser = array(
                        'tag' => 'login',
                        'success' => 1,
                        'error' => 0,
                        'uid' => '??',
                        'user' => array(
                            'name' => $user['0']['User']['forename'].' '.$user['0']['User']['surname'],
                            'email' => $user['0']['User']['email'],
                            'created_at' => $user['0']['User']['created'],
                            'updated_at' => $user['0']['User']['lastlogin']                 
                        )
                    );
                    $this->set('result', $loggedInUser);                
                } else {
                    // Login failed
                    $this->set('result', array(
                        'tag' => 'login',
                        'success' => 0,
                        'error' => 2,
                        'error_msg' => 'Incorrect password!'            
                    ));
                }
        //  }
        }

    }

    public function tryToGetUserID($email = null) { 
        $user = $this->User->find('list', array(
            'conditions' => array('User.email' => $email)
        ));
        if(!empty($user)){
            return array_keys($user)['0'];
        }else{
            return 0;
        }

    }
}

您需要知道此方法将作为 POST 请求调用,但出于测试目的,我手动创建了一个 post-array。将来我将使用 $_POST 数组。那么,会发生什么:注册用户的登录有效,但每次都有效!即使密码错误或丢失!程序永远不会到达带有“登录失败”注释的代码部分。

我在这里错过了什么..?

谢谢!

4

1 回答 1

0

如果您仔细查看文档,您会注意到 AuthComponent::login() 将...

在 2.x 中 $this->Auth->login($this->request->data) 将使用发布的任何数据登录用户

于 2013-11-11T05:11:55.220 回答