我在cakePHP之前已经成功开发了身份验证机制,但这次我不知道什么是错误的,每次我都会被提示错误的用户名/密码。我使用了 Auth 组件,详情如下:
型号名称:用户,许可证
示例用户信息:用户名:ahmad_agha
密码:e10adc3949ba59abbe56e057f20f883e
,其为123456
的md5
我不知道在这种情况下是否重要,但我为我的控制器启用了管理路由。
的 AppController.php:
class AppController extends Controller {
public $components = array('DebugKit.Toolbar',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => array(
'className' => 'Simple',
'hashType' => 'sha256'
)
)
)),
'Cookie');
public function beforeFilter() {
Security::setHash('md5');
$this->Auth->loginRedirect = array('controller'
=> 'licenses', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller'
=> 'owners', 'action' => 'login');
$this->Auth->allow('signup', 'confirm', 'login', 'logout', 'notauthorized', 'display');
$this->Auth->authorize = array('controller');
$this->set('loggedIn', $this->Auth->user('id'));
$this->Auth->userScope = array('User.activated' => '1');
parent::beforeFilter();
}
public function isAuthorized($user) {
// Here is where we should verify the role and give access based on role
return true;
}
}
用户视图的Login.ctp
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo md5('136112'); ?>
<?php echo $this->Form->create('User', array('action' => 'login')); ?>
<fieldset>
<legend>
<?php echo __('لطفا نام کاربری و کلمه عبور را وارد کنید'); ?>
</legend>
<?php
echo $this->Form->input('username',array('label'=>'نام کاربری'));
echo $this->Form->input('password',array('label'=>'کلمه عبور'));
echo $this->Form->input('remember_me',array('label'=>'مرا به خاطر بسپار','type'=>'checkbox'));
?>
</fieldset>
<?php echo $this->Form->end(__('ورود')); ?>
</div>
这是 UsersController.php 的login()动作:
function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
/* if (!empty($this->data)) {
if (empty($this->data['User']['remember_me'])) {
$this->Cookie->delete('User');
} else {
$cookie = array();
$cookie['username'] = $this->data['User']
['username'];
$cookie['password'] = $this->data['User']
['password'];
$this->Cookie->write('User', $cookie, true, '+2 weeks');
}
unset($this->data['User']['remember_me']);
} */
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
答案 0 :(得分:0)
你说你的密码是md5哈希值,而在配置中,你设置了'hashType' => 'sha256'
。因此,哈希类型的不匹配非常明显。设置Security::setHash('md5')
不会做任何事情,因为在Auth配置中设置的hashtype将优先。
您需要将hashType
更改为md5
。另外,简单地在db中保存密码的md5哈希将不起作用,因为密码hasher在散列之前将盐(在core.php中指定的Security.salt)附加到密码。所以(new SimplePasswordHasher)->hash('123456')
得到需要存储在db中的散列值。所有这些都在CakePHP手册btw中解释。