我下载了最新版本的cakephp,即cakephp 2.4。
当我使用Auth组件时,它不会检查密码。
当我看到sql dump时显示
SELECT User.id, User.role_id, User.username, User.password,
User.email, User.first_name, User.last_name, User.activation_key,
User.status, User.created, User.modified
FROM cakephp.users AS User WHERE User.username = 'admin'
AND User.status = 1 LIMIT 1
应该是
SELECT User.id, User.role_id, User.username, User.password, User.email,
User.first_name, User.last_name, User.activation_key, User.status,
User.created, User.modified FROM cakephp.users AS User
WHERE User.username = 'admin'
AND User.password = '32ddqdsd34sfgtbvge434' AND User.status = 1 LIMIT 1
我的Auth组件代码是
$this->Auth->userModel = 'User';
$this->Auth->authenticate = array(
'Form' => array(
'scope' => array('User.status' => 1)
)
);
$this->Auth->loginError = __("login_failed_invalid_username_or_password");
$this->Auth->loginAction = array('admin' => true, 'controller' => 'admins', 'action' => 'login');
$this->Auth->loginRedirect = array('admin' => true, 'controller' => 'admins', 'action' => 'dashboard');
$this->Auth->authError = __('you_must_login_to_view_this_information');
$this->Auth->autoRedirect = true;
答案 0 :(得分:1)
散列算法在2.4中已更改。现在使用PHP完成密码检查,并使用不同的has类型。
在你的模特中
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
和您的控制器
public $components = array(
'Session',
/* add Auth component and set the urls that will be loaded after the login and logout actions is performed */
'Auth' => array(
'loginRedirect' => array('controller' => 'admins', 'action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'home')
)
);
腾出时间阅读本文
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
答案 1 :(得分:0)
在查找用户的一个sql中不会进行密码检查。 2.4中的蛋糕会找到用户(你看到这个查询),然后检查密码。 您需要在表格中使用正确的密码才能从Auth-> login
中获得真实信息