我有一个现有的数据库,我试图在上面放置一个蛋糕应用程序。旧应用程序在 Perl 中使用 crypt() 来散列密码。我需要在 PHP 应用程序中做同样的事情。
在标准 cakephp 应用程序中进行更改的正确位置在哪里?这样的变化会是什么样子?
danb
问问题
7320 次
3 回答
8
我让它工作...
这是我的 AppController:
class AppController extends Controller {
var $components = array('Auth');
function beforeFilter() {
// this is part of cake that serves up static pages, it should be authorized by default
$this->Auth->allow('display');
// tell cake to look on the user model itself for the password hashing function
$this->Auth->authenticate = ClassRegistry::init('User');
// tell cake where our credentials are on the User entity
$this->Auth->fields = array(
'username' => 'user',
'password' => 'pass',
);
// this is where we want to go after a login... we'll want to make this dynamic at some point
$this->Auth->loginRedirect = array('controller'=>'users', 'action'=>'index');
}
}
然后是用户:
<?php
class User extends AppModel {
var $name = 'User';
// this is used by the auth component to turn the password into its hash before comparing with the DB
function hashPasswords($data) {
$data['User']['pass'] = crypt($data['User']['pass'], substr($data['User']['user'], 0, 2));
return $data;
}
}
?>
其他都正常,我觉得。
这是一个很好的资源:http ://teknoid.wordpress.com/2008/10/08/demystifying-auth-features-in-cakephp-12/
于 2009-02-21T23:35:57.307 回答
2
实际上,上面描述的 danb 方法在 CakePHP 2.x 中对我不起作用相反,我最终创建了一个自定义身份验证组件来绕过标准哈希算法:
/app/Controller/Component/Auth/CustomFormAuthenticate.php
<?php
App::uses('FormAuthenticate', 'Controller/Component/Auth');
class CustomFormAuthenticate extends FormAuthenticate {
protected function _password($password) {
return self::hash($password);
}
public static function hash($password) {
// Manipulate $password, hash, custom hash, whatever
return $password;
}
}
...然后在我的控制器中使用它...
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'CustomForm' => array(
'userModel' => 'Admin'
)
)
)
);
最后一个块也可以放在AppController的beforeFilter方法中。在我的情况下,我只是选择将它专门放在一个控制器中,在该控制器中我将使用具有不同用户模型的自定义身份验证。
于 2012-05-02T22:17:12.107 回答
1
为了在 CakePHP 2.4.1 中跟进这一点,我正在为遗留数据库构建一个前端,该数据库将现有用户密码存储为 md5(accountnumber:statictext:password),并允许用户登录,我们需要使用该散列系统也是如此。
解决方案是:
使用以下命令创建文件 app/Controller/Component/Auth/CustomAuthenticate.php:
<?php
App::uses('FormAuthenticate', 'Controller/Component/Auth');
class CustomAuthenticate extends FormAuthenticate {
protected function _findUser($username, $password = null) {
$userModel = $this->settings['userModel'];
list(, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
if (is_array($username)) {
$conditions = $username;
} else {
$conditions = array(
$model . '.' . $fields['username'] => $username
);
}
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => $this->settings['recursive'],
'contain' => $this->settings['contain'],
));
if (empty($result[$model])) {
return false;
}
$user = $result[$model];
if ($password) {
if (!(md5($username.":statictext:".$password) === $user[$fields['password']])) {
return false;
}
unset($user[$fields['password']]);
}
unset($result[$model]);
return array_merge($user, $result);
}
}
“扩展 FormAuthenticate” 意味着该文件接管 _findUser 函数,但对所有其他函数正常执行 FormAuthenticate。然后通过编辑 AppController.php 并添加到 AppController 类中来激活它,如下所示:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'accounts', 'action' => 'login'),
'loginRedirect' => array('controller' => 'accounts', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home'),
'authenticate' => array (
'Custom' => array(
'userModel' => 'Account',
'fields' => array('username' => 'number'),
)
),
)
);
特别注意关联数组键“自定义”的使用。
最后,在创建新用户时需要对密码进行哈希处理,因此我在模型文件(在我的情况下为 Account.php)中添加了:
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = md5($this->data[$this->alias]['number'].":statictext:".$this->data[$this->alias]['password']);
}
return true;
}
于 2013-10-21T07:31:30.947 回答