0

一直试图解决这个问题好几个小时,但没有成功。

$this->request->data['Login'] 数组包含与数据库中的条目匹配的正确用户名和哈希。$this->Auth->login(); 由于某种原因总是返回假。

Login 表有一个名为 UserID 和 Password 的列,Password 使用 MD5 和一个存储在表 Login 中的 salt 进行哈希处理。

我尝试在对密码进行哈希处理的登录模型中添加 beforeSave 函数,但这似乎也不起作用?

/app/Controller/AppController.php

<?php
App::uses('Controller', 'Controller');

class AppController extends Controller {
    public $helpers = array('App', 'Html', 'Form', 'Session');
    public $components = array(
        'Session', 
        'Auth' => array(
            'loginAction' => array('controller' => 'login', 'action' => 'authenticate'),
            'loginRedirect' => array('controller' => 'account', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'home', 'action' => 'index'),
            'authenticate' => array('Form' => array('userModel' => 'Login', 'fields' => array('username' => 'UserID', 'password' => 'Password'))))
    );

    // Execute on every page load.
    public function beforeFilter(){
        $this->Auth->allow('index', 'view');
    }
}

/app/Controller/LoginController.php

<?php
class loginController extends AppController{
    public $uses = array('Login');

    public function index(){
        $this->render('/login');
    }

    public function authenticate(){
        if($this->request->is('post')){
            $this->request->data['Login']['password'] = $this->hashPassword($this->data['Login']);
            if($this->Auth->login()){
                return $this->redirect($this->Auth->redirect());
            }
            $this->Session->setFlash('Invalid username or password.');
            return $this->redirect('/login');
        }
    }

    private function hashPassword($login){
        // Get the salt of the user.
        $salt = $this->Login->find('first', array(
            'fields' => array(
                'Salt'),
            'conditions' => array(
                'Login.UserID' => $login['username'])));
        return md5(md5($login['password']) . $salt['Login']['Salt']);
    }
}

/app/Model/Login.php

<?php
class Login extends AppModel{
    public $useTable = 'Login';

    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'Please fill in all of the fields.'
            )
        ),
        'password' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'Please fill in all of the fields.'
            )
        ));
}

/app/View/login.ctp

<?php 
    echo $this->Session->flash('flash', array('element' => 'fail'));
    echo $this->Form->create('Login', array('url' => '/login/authenticate'));
    echo $this->Form->input('username', array('label' => false, 'div' => false, 'autocomplete' => 'off'));
    echo $this->Form->input('password', array('label' => false, 'div' => false));
    echo $this->Form->end('Login');
?>
4

2 回答 2

0

好吧我解决了:

  • 更改了登录视图文件中的字段名称以匹配数据库中的列名称。
  • 添加了自定义 PasswordHasher
于 2014-09-05T21:44:24.497 回答
0

根据 CakePHP 书中令人难以置信的详细示例:

http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

您不应该在提交之前手动散列您的密码。

于 2014-09-05T17:07:51.713 回答