添加新用户时隐藏密码

时间:2013-09-18 06:29:05

标签: cakephp encryption cakephp-2.4

CakePHP 2.4

添加新用户时,我必须在将密码存储到数据库之前对其进行哈希处理。为此,我做了:

//UsersController
public $helpers = array('Html', 'Form');
public $components = array(
    'Session',
    'Auth' => array(
    'loginRedirect' => array('controller' => 'users', 'action' => 'home', 'home'),
    'logoutRedirect' => array('controller' => 'users', 'action' => 'logout')
    )
);
public function add(){
    if($this->request->is('post')){
        $this->User->create();
        if($this->User->save($this->request->data)){
            $this->Session->setFlash('Saved!');
        }
    }
}

//UserModel
public function beforeSave(){
    if(isset($this->data[$this->alias]['password']))
        $this->data[$this->alias]['password'] = md5($this->data[$this->alias]['password']);
    return true;
}

//add.ctp
echo $this->Form->create();
echo $this->Form->input('text', array('label'=>'Username', 'name'=>'username'));
echo $this->Form->input('text', array('label'=>'Full name', 'name'=>'fullname'));
echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));
echo $this->Form->input('text', array('label'=>'Password hint', 'name'=>'pass_hint'));
echo $this->Form->input('text', array('label'=>'Email', 'name'=>'email'));
echo $this->Form->input('text', array('label'=>'Contact', 'name'=>'cell'));
echo $this->Form->end('Create account');

但问题是密码是在没有哈希的情况下存储的!

提前致谢...

更新:将观看代码更改为

echo $this->Form->create('User');
echo $this->Form->input('username', array('label'=>'Username'));
echo $this->Form->input('fullname', array('label'=>'Full name'));
echo $this->Form->input('pwd', array('label'=>'Password', 'type'=>'password'));
echo $this->Form->input('pass_hint', array('label'=>'Password hint'));
echo $this->Form->input('email', array('label'=>'Email'));
echo $this->Form->input('cell', array('label'=>'Contact'));
echo $this->Form->end('Create account');

3 个答案:

答案 0 :(得分:2)

我不知道为什么,但我刚刚用user table烘焙了一个项目,发现CakePHP 2.4将模型命名为User而不是UserModel。所以,我将我的名字从UserModel重命名为User并且神奇地为我工作:)

答案 1 :(得分:0)

您正在通过在输入类型

中设置名称属性来更改默认行为

删除名称属性,然后它就可以了,

在您的用户模型beforesave函数中,您正在检查

if(isset($this->data[$this->alias]['password']))

由于您正在设置此密码

,因此

不再存在

echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));

将其更改为

echo $this->Form->input('User.password', array('label'=>'Password'));

<强>更新

并且还像这样更新表单然后它将完美地工作。

echo $this->Form->create('User');
echo $this->Form->input('username', array('label'=>'Username'));
echo $this->Form->input('fullname', array('label'=>'Full name'));
echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));
echo $this->Form->input('pass_hint', array('label'=>'Password hint'));
echo $this->Form->input('email', array('label'=>'Email'));
echo $this->Form->input('cell', array('label'=>'Contact'));
echo $this->Form->end('Create account');

答案 2 :(得分:0)

您忘记了添加操作的重要部分:

public function add(){
    if ($this->request->is('post')){
        $this->User->create(); // important!
        if ($this->User->save($this->request->data)){
            $this->Session->setFlash('Saved!');
        }
    }
}

它可能适用于你的情况(有时),但是一旦你在beforeFilter()回调中等等就可以轻易破解

相关问题
最新问题