我是蛋糕php的新手,我有一个问题。 当用户更新他的个人资料时,我要求输入他的密码。现在我不知道如何使用存储的密码进行检查。
<?php echo $form->create('UserProfile', array('url' => array('action' => 'edit_profile', 'controller' => 'users'))); ?>
<?php
echo $form->input('nickname', array('label' => __('Display Name', true), 'class' => 'INPUT required'));
?>
<b>To save these settings, please enter your password</b><br /><br />
<?php
echo $form->input('repeat_password', array('label' => __('Password', true), 'class' => 'INPUT required','type'=>'password'));
echo $form->input('private', array('label' => __('Set Profile Private', true), 'class' => 'INPUT required'));
?>
<!-- <div id="CityList">
<?php
// echo $form->input('city', array('id' => 'citySelect', 'name' => 'data[UserProfile][city]', 'empty' => __('Please select city', true), 'label' => __('City', true), 'class' => 'INPUT required'));
?>
</div> -->
<?php echo $form->submit(__('Submit', true), array('class' => 'save_btn')) ?>`
>
在我的模型中,我对重复密码应用了以下验证。
'repeat_password' => array(
array('rule' => 'check_repeatPassword'),
array('rule' => 'notempty', 'message' => __('Required', true), 'require' => true),
array('rule' => 'alphaNumeric', 'allowEmpty' => true, 'message' => __('Password must only contain letters and numbers.', true)),
array('rule' => array('minLength', 6), 'allowEmpty' => true,
'message' => __('Password must be at least 6 characters long.', true)),
array('rule' => array('maxLength', 16), 'allowEmpty' => true,
'message' => __('Password must be at most 16 characters long.', true))
),
function check_repeatPassword($data) {
$repeatPassword = $data['repeat_passowrd'];
$passwordExists = $this->find('count', array('conditions' => array('User.repeat_password' => $repeatPassword)));
if ($passwordExists == 0) {
return false;
}
return true;
}
在我的控制器中,我制作了以下编辑个人资料方法。
function edit_profile() {
$this->loadModel('UserProfile');
$user = $this->_authenticate_user();
$id = $user['account_num'];
if (!empty($this->data)) {
$this->data['UserProfile']['account_name'] = $id;
unset($this->data['UserProfile']['country']);
unset($this->data['UserProfile']['city']);
if ($this->UserProfile->save($this->data)) {
$userInfo = $this->User->getUserInfo($id);
$this->User->reassign_session($userInfo);
$this->flashMessage(__('Your Profile has been Updated successfully', true), 'Sucmessage');
//$this->redirect(array('action' => 'profile'));
} else {
$this->flashMessage(__('Your Profile has not been updated. Please, try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->UserProfile->read(null, $id);
}
// $this->loadModel('Country');
// $countries = $this->Country->find('list');
// $this->set('countries', $countries);
$this->loadModel('Nationality');
$nationalities = $this->Nationality->find('list', array('fields' => array('name', 'name')));
$this->set('nationalities', $nationalities);
$this->pageTitle = __('Edit My Profile', true);
}
Kindly help me how to do this.Thankssssss in advance
答案 0 :(得分:1)
我无法避免看到这一点并感到惊讶:
$passwordExists = $this->find('count', array(
'conditions' => array(
'User.repeat_password' => $repeatPassword
)
));
请确认您没有以纯文本格式存储用户密码,如果您不再立即执行并执行以下sql:
ALTER TABLE users DROP repeat_password;
在数据库中,您应该将用户的现有密码存储为单向散列。假设情况如此,要验证用户输入了他们现有的帐户密码 - 只需对他们提供的内容进行哈希in the same way the Auth component does,并与db进行比较:
function check_repeatPassword($data) {
$userId = $this->data['UserProfile']['account_name']; // from the question
$userInput = current($data);
$hashedUserInput = Security::hash($userInput, null, true);
return $this->find('count', array(
'conditions' => array(
'password' => $hashedUserInput,
'id' => $userId
)
));
}
这将确认用户输入的密码与该用户的数据库中已有的密码相同。