我第一次尝试使用cakephp而且我编写的代码不允许我记录任何用户。用户的创建工作得很好,因为我能够查询我的数据库和输出用户名和哈希密码。我不确定我是否只是在某处丢失了一行代码,或者我是不是在数据库中使密码字段足够大。我摆弄了我的数据库变量,但改变大小和类型似乎都没有帮助。
AppController的:
class AppController extends Controller
{
public $helpers = array('Html');
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'login',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'home',
'action' => 'index', 'home'
),
'Auth' => array('authorize' => 'Controller'),
'authenticate' => array(
'Form' => array('passwordHasher' => 'Blowfish')
)
)
);
public function beforeFilter()
{
$this->Auth->allow('index', 'view');
$this->set('loggedin', $this->Auth->loggedIn());
}
public function isAuthorized($user)
{
if(($this->Auth->user('id')) === $user['user_id'])
{
return true;
}
else
{
$this->Session->setFlash(__('Please log in to view this page'));
return false;
}
}
}
我的UsersController:
class UsersController extends AppController
{
public $helpers = array('HTML', 'Form');
public function beforeFilter()
{
parent::beforeFilter();
$this->Auth->allow('add');
}
public function index()
{
$this->set('users', $this->User->find('all'));
}
public function add()
{
if($this->request->is('post'))
{
$this->User->create();
if($this->User->save($this->data))
{
$this->Session->setFlash(__('Created new user'));
return $this->redirect(array('controller' => 'users', 'action' => 'login'));
}
$this->Session->setFlash(__('Could not create new user. Please try again.'));
}
}
public function login()
{
//$this->set('allUsers', $this->User->query("SELECT `User`.`user_id`, `User`.`username`,
//`User`.`password` FROM `ead44db`.`users` AS `User` WHERE 1 = 1"));
if($this->request->is('post'))
{
if($this->Auth->login())
{
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Incorrect user name or password, please try again.'));
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
}
我的用户模型:
<?php
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel
{
public $validate = array('username' => array('required' => array('rule' => 'notEmpty')),
'password' => array('required' => array('rule' => 'notEmpty')));
/*public $hasMany = array('Review' => array('className' => 'Review', 'foreignKey' => 'reviewer_id'),
'Message' => array('className' => 'Message', 'foreignKey' => 'user_to_id'),
'Message' => array('className' => 'Message', 'foreignKey' => 'user_from_id'),
'Comment' => array('className' => 'Comment', 'foreignKey' => 'commenter_id'));*/
public $hasMany = array('Review', 'Message', 'Comment');
public function beforeSave($options = array())
{
if(isset($this->data['User']['password']))
{
$passwordHasher = new BlowfishPasswordHasher();
$this->data['User']['password'] = $passwordHasher->hash($this->data['User']['password']);
}
return true;
}
}
?>
我的用户数据库表:
CREATE TABLE users (
user_id int AUTO_INCREMENT PRIMARY KEY,
username varchar(50) UNIQUE,
password TEXT NOT NULL
);
答案 0 :(得分:1)
BlowfishPasswordHash.php中似乎有一个错误
读取
public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
}
它将密码的哈希版本从数据库中的用户记录传递为“盐”。这毫无意义。
应该阅读
public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', false);
}
这与&#39; hash&#39;生成密码哈希的方法。
该错误似乎仅限于2.5.x Cake版本。
答案 1 :(得分:0)
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
),
'loginRedirect' => array('controller' => 'login', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'home', 'action' => 'index', 'home'),
'authorize' => array('Controller')
),
'Session'
);