Cake PHP简单密码Hasher()

时间:2014-05-04 22:42:04

标签: cakephp hash password-protection

我正在使用CakePHP SimplePasswordHasher来哈希我的客户密码。是否可以在编辑视图中检索未散列的密码?目前,我的编辑视图显示了哈希密码。我希望它显示原始密码,因为如果编辑中显示散列密码,并且用户提交表单,则散列哈希表示哈希值和密码更改。我的代码如下:

edit.ctp

  <div class="customers form">
<?php echo $this->Form->create('Customer'); ?>
    <fieldset>
        <legend><?php echo __('Edit Customer Details'); ?></legend>
    <?php
        echo $this->Form->input('id');
        echo $this->Form->input('customer_name', array('required'=>false));
        echo $this->Form->input('customer_address');
        echo $this->Form->input('customer_suburb');
        echo $this->Form->input('customer_state', array('options' => array('SA' => 'SA', 'VIC' => 'VIC','ACT' => 'ACT', 'NSW' => 'NSW', 'NT'=> 'NT', 'QLD'=>'QLD','TAS'=> 'TAS','WA'=>'WA','empty'=>'(choose one)')));
        echo $this->Form->input('customer_postcode', array('required'=>false));
        echo $this->Form->input('customer_dob',array('required'=>false,'id'=>'datepicker','type'=>'text'));
        echo $this->Form->input('customer_anniversary',array('required'=>false,'id'=>'datepicker2','type'=>'text'));
        echo $this->Form->input('customer_phone1', array('required'=>false));
        echo $this->Form->input('customer_phone2', array('required'=>false));
        echo $this->Form->input('customer_phone3', array('required'=>false));
        echo $this->Form->input('customer_fax', array('required'=>false));
        echo $this->Form->input('customer_email', array('required'=>false));
        echo $this->Form->input('customer_gender', array('required'=>false,'options' => array('M' => 'M', 'F' => 'F','empty'=>'(choose one)')));
        echo $this->Form->input('customer_type', array('required'=>false,'options' => array('Gold' => 'Gold', 'Silver' => 'Silver','Bronze'=> 'Bronze','empty'=>'(choose one)')));
        echo $this->Form->input('customer_username', array('required'=>false));
        echo $this->Form->input('customer_PW', array('required'=> false));
    echo $this->Form->input('companies_id', array('label' =>'Company Name','options'=>$companies, 'label'=>'Company Name','required'=>false));
        echo $this->Form->input('employees_id', array('label' =>'Employee name','options'=>$employees, 'label'=>'Employee name','required'=>false));

    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

customersController:

class CustomersController extends AppController {

//一些代码

public function edit($id = null) {
        if (!$this->Customer->exists($id)) {
            throw new NotFoundException(__('Invalid customer'));
        }
        if ($this->request->is(array('post', 'put'))) {
            if ($this->Customer->save($this->request->data)) {
                $this->Session->setFlash(__('The customer has been saved.'));
                return $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash(__('The customer could not be saved. Please, try again.'));
            }
        } else {
            $options = array('conditions' => array('Customer.' . $this->Customer->primaryKey => $id));
            $this->request->data = $this->Customer->find('first', $options);
        }
        //$companies = $this->Customer->Companies->find('list');
        $companies= $this->Customer->Companies->find('list',array('order'=>'company_name ASC','fields'=>array('id','company_name')));       
        $employees= $this->Customer->Employees->find('list',array('order'=>'employee_name ASC','fields'=>array('id','employee_name')));         
        $this->set(compact('companies'));
        $this->set(compact('employees'));
    }

//一些代码 }

有人可以帮忙吗?

2 个答案:

答案 0 :(得分:2)

SimplePassword Hasher使用md5加密。

md5应该是单向加密。您使用它的原因是只有用户知道他们的密码,但您仍然可以验证密码。 验证方法是创建用户提供的密码的md5哈希值,并将其与数据库中密码的md5哈希值进行比较。

单向加密背后的整个想法是生成一个无法解密以显示原始字符串的散列值。

这就是为什么在处理丢失的密码时,管理员通常会将其重置为新值。

我认为你必须在edit.ctp中编辑时清空密码字段,如

echo $this->Form->input('customer_PW', array('value'=> ''));

答案 1 :(得分:0)

您真的希望密码在表单上供用户编辑吗?

您可能只想清除密码字段,以便用户可以编辑并保存其余的个人资料,而无需使用密码。如果他们发布了表单,并且填写了密码字段,则表示他们已输入新密码,应对其进行哈希处理并保存。如果密码字段为空,则在从Controller保存模型之前,请确保从阵列中删除密码字段。

如果使用jquery,则确保密码字段为空是很简单的。

$(document).ready(function() {
    $('#CustomerPW').val('');
});