cakephp auth-> login()始终返回true

时间:2013-11-26 12:58:16

标签: cakephp authentication login

我正在尝试用蛋糕2.4制作一个简单的登录应用程序。这是用户模型的代码。

App::uses('AuthComponent', 'Controller/Component');
class User extends AppModel
{
public $useTable = "user_master";
public $primaryKey = "user_id";
/*
public $validate = array(
    'username' => array(
        'required' => array(
            'rule' => array('notEmpty'),
            'message' => 'A username is required'
            )
            ),
    'password' => array(
        'required' => array(
            'rule' => array('notEmpty'),
            'message' => 'A password is required'
            )
            ));
*/

public function beforeSave($options = array())
{
   if (isset($this->data[$this->alias]['password'])) 
   {
        $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
   }
   return true;
}

}

在我的UsersController代码中是..

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->authorize = 'controller';
}

public function isAuthorized() {
    return true; 
}
public function index() {
    $this->User->recursive = 0;
    $this->set('users', $this->paginate());
}

public function view($id = null) {
    $this->User->id = $id;
    if (!$this->User->exists()) {
        throw new NotFoundException(__('Invalid user'));
    }
    $this->set('user', $this->User->read(null, $id));
}

public function add() {
    if ($this->request->is('post')) {
        $this->User->create();
        if ($this->User->save($this->request->data)) {
            $this->Session->setFlash(__('The user has been saved'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('The user could not be saved. Please, try again.'));
    }
}

public function edit($id = null) {
    $this->User->id = $id;
    if (!$this->User->exists()) {
        throw new NotFoundException(__('Invalid user'));
    }
    if ($this->request->is('post') || $this->request->is('put')) {
        if ($this->User->save($this->request->data)) {
            $this->Session->setFlash(__('The user has been saved'));
            return $this->redirect(array('action' => 'index'));
        }
        $this->Session->setFlash(__('The user could not be saved. Please, try again.'));
    } else {
        $this->request->data = $this->User->read(null, $id);
        unset($this->request->data['User']['password']);
    }
}

public function delete($id = null) {
    $this->request->onlyAllow('post');

    $this->User->id = $id;
    if (!$this->User->exists()) {
        throw new NotFoundException(__('Invalid user'));
    }
    if ($this->User->delete()) {
        $this->Session->setFlash(__('User deleted'));
        return $this->redirect(array('action' => 'index'));
    }
    $this->Session->setFlash(__('User was not deleted'));
    return $this->redirect(array('action' => 'index'));
}



public function login() {
if ($this->request->is('post')) {
    //pr(AuthComponent::password($this->request->data[$this->alias]['password'])); 
    //debug($this->Auth->login()); die();
    if ($this->Auth->login()) {
        $this->Session->setFlash(__('hi'));
        return $this->redirect($this->Auth->redirect());
    }
    $this->Session->setFlash(__('Invalid username or password, try again'));
}
}

public function logout() {
$this->Session->destroy();
return $this->redirect($this->Auth->logout());
}

AppController代码

App::uses('Controller', 'Controller');
App::uses('AuthComponent', 'Component');
class AppController extends Controller {

public $components = array(
    'DebugKit.Toolbar',
    'Session',
    'Auth' => array(
        'loginRedirect' => array('controller' => 'products', 'action' => 'index'),
        'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
        'loginError' => 'Invalid account specified',
        'authorize' => array('Controller')
    )
);

public function beforeFilter() {
    $this->Auth->allow('index', 'view');
}

login.ctp

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
    <legend><?php echo __('Please enter your username and password'); ?></legend>
    <?php echo $this->Form->input('username');
    echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>

现在的问题是每当我尝试使用错误的凭据登录时,它总是会重定向到产品控制器的索引页面。当我取消注释UsersController中的行时      调试($这 - &GT; Auth-&GT;登录());模具();

然后它总是显示所有用户名和密码都是真的。那么任何人都可以帮我找到我做错的地方吗?

提前致谢..

2 个答案:

答案 0 :(得分:3)

    public $components = array(
                    'loginAction' => array('controller'=>'Dashboard', 'action'=>'login'),
                    'loginRedirect' => array('contoller'=>'Dashboard', 'action'=>'login'),
                    'logoutRedirect' => array('controller'=>'Dashboard', 'action'=>'logout'),
                    'authenticate' => array(
                        'Form' => array(
                            'userModel' => 'User',
                            'fields' => array(
                                'username' => 'email',
                                'password'=>'password')
                        )
                    )
                )

);

答案 1 :(得分:0)

假设你的create.ctp是正确的,你的代码看起来很接近我的。我建议使用blowfish加密。

    if (isset($this->data['User']['password'])) {
        $hash = Security::hash($this->data['User']['password'], 'blowfish');            
        $this->data['User']['password'] = $hash;
    }

还可以尝试在appcontroller中的beforeFilter中设置Auth设置,而不是$ components变量。如果我没记错的话,我也无法以这种方式工作。

    public function beforeFilter() {  
        $this->Auth->authorize = array('Controller');
        $this->Auth->authenticate = array(
            'Blowfish' => array( 
                'userModel' => 'User',
                'fields' => array('username' => 'username', 'password' => 'password')
            )
        ); 
}