我正在使用带有codeigniter的Ion auth库并创建了登录,注册,记住我并忘记了密码功能(到目前为止)。
对于忘记密码功能,用户输入他们的电子邮件地址,然后会发送一封电子邮件,其中包含重置密码的链接。
打开一个页面,输入新密码和确认密码,当我点击提交时,我的php日志中出现此错误:
PHP Fatal error: Call to undefined method Auth::_valid_csrf_nonce() in /Applications/MAMP/htdocs/Auth/application/controllers/auth.php on line 273
下载这个库时我没有改变任何东西,所以想知道我哪里出错了?
由于
以下是我的代码支持:
Auth Controller:
function _get_csrf_nonce()
{
$this->load->helper('string');
$key = random_string('alnum', 8);
$value = random_string('alnum', 20);
$this->session->set_flashdata('csrfkey', $key);
$this->session->set_flashdata('csrfvalue', $value);
return array($key => $value);
}
//reset password - final step for forgotten password
public function reset_password($code = NULL)
{
if (!$code)
{
show_404();
}
$user = $this->ion_auth->forgotten_password_check($code);
if ($user)
{
//if the code is valid then display the password reset form
$this->form_validation->set_rules('new', 'New Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
$this->form_validation->set_rules('new_confirm', 'Confirm New Password', 'required');
if ($this->form_validation->run() == false)
{
//display the form
//set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
$this->data['min_password_length'] = $this->config->item('min_password_length', 'ion_auth');
$this->data['new_password'] = array(
'name' => 'new',
'id' => 'new',
'type' => 'password',
'pattern' => '^.{'.$this->data['min_password_length'].'}.*$'
);
$this->data['new_password_confirm'] = array(
'name' => 'new_confirm',
'id' => 'new_confirm',
'type' => 'password',
'pattern' => '^.{'.$this->data['min_password_length'].'}.*$'
);
$this->data['user_id'] = array(
'name' => 'user_id',
'id' => 'user_id',
'type' => 'hidden',
'value' => $user->id
);
$this->data['csrf'] = $this->_get_csrf_nonce();
$this->data['code'] = $code;
//render
$this->_render_page('reset_password', $this->data);
}
else
{
// do we have a valid request?
if ($this->_valid_csrf_nonce() === FALSE || $user->id != $this->input->post('user_id'))
{
//something fishy might be up
$this->ion_auth->clear_forgotten_password_code($code);
show_error('This form post did not pass our security checks.');
}else{
// finally change the password
$identity = $user->{$this->config->item('identity', 'ion_auth')};
$change = $this->ion_auth->reset_password($identity, $this->input->post('new'));
if ($change)
{
//if the password was successfully changed
$this->session->set_flashdata('message', $this->ion_auth->messages());
$this->logout();
}else{
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect('reset_password/' . $code, 'refresh');
}
}
}
}
else
{
//if the code is invalid then send them back to the forgot password page
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("forgot_password", 'refresh');
}
}
忘记密码模型功能:
/**
* Forgotten Password Complete
*
* @return string
* @author Mathew
**/
public function forgotten_password_complete($code, $salt=FALSE)
{
$this->trigger_events('pre_forgotten_password_complete');
if (empty($code))
{
$this->trigger_events(array('post_forgotten_password_complete', 'post_forgotten_password_complete_unsuccessful'));
return FALSE;
}
$profile = $this->where('forgotten_password_code', $code)->users()->row(); //pass the code to profile
if ($profile) {
if ($this->config->item('forgot_password_expiration', 'ion_auth') > 0) {
//Make sure it isn't expired
$expiration = $this->config->item('forgot_password_expiration', 'ion_auth');
if (time() - $profile->forgotten_password_time > $expiration) {
//it has expired
$this->set_error('forgot_password_expired');
$this->trigger_events(array('post_forgotten_password_complete', 'post_forgotten_password_complete_unsuccessful'));
return FALSE;
}
}
$password = $this->salt();
$data = array(
'password' => $this->hash_password($password, $salt),
'forgotten_password_code' => NULL,
'active' => 1,
);
$this->db->update($this->tables['users'], $data, array('forgotten_password_code' => $code));
$this->trigger_events(array('post_forgotten_password_complete', 'post_forgotten_password_complete_successful'));
return $password;
}
$this->trigger_events(array('post_forgotten_password_complete', 'post_forgotten_password_complete_unsuccessful'));
return FALSE;
}
重置密码视图:
<div id="infoMessage"><?php echo $message;?></div>
<?php echo form_open('auth/reset_password/' . $code);?>
<p>
New Password (at least <?php echo $min_password_length;?> characters long): <br />
<?php echo form_input($new_password);?>
</p>
<p>
Confirm New Password: <br />
<?php echo form_input($new_password_confirm);?>
</p>
<?php echo form_input($user_id);?>
<?php echo form_hidden($csrf); ?>
<p><?php echo form_submit('submit', 'Change');?></p>
<?php echo form_close();?>
答案 0 :(得分:0)
你的auth文件中有这个方法吗?
function _valid_csrf_nonce()
{
if ($this->input->post($this->session->flashdata('csrfkey')) !== FALSE && $this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue')) {
return TRUE;
} else {
return FALSE;
}
}
如果没有,那就添加它。