cakephp Auth组件:每次登录失败

时间:2014-08-27 13:49:28

标签: cakephp authentication

我在cakePHP之前已经成功开发了身份验证机制,但这次我不知道什么是错误的,每次我都会被提示错误的用户名/密码。我使用了 Auth 组件,详情如下:
型号名称:用户许可证
示例用户信息:用户名:ahmad_agha密码:e10adc3949ba59abbe56e057f20f883e,其为123456的md5 我不知道在这种情况下是否重要,但我为我的控制器启用了管理路由。
AppController.php:

class AppController extends Controller {

    public $components = array('DebugKit.Toolbar',
        'Auth' => array(
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => array(
                        'className' => 'Simple',
                        'hashType' => 'sha256'
                    )
                )
            )),
        'Cookie');

    public function beforeFilter() {
        Security::setHash('md5');
        $this->Auth->loginRedirect = array('controller'
            => 'licenses', 'action' => 'index');
        $this->Auth->logoutRedirect = array('controller'
            => 'owners', 'action' => 'login');
        $this->Auth->allow('signup', 'confirm', 'login', 'logout', 'notauthorized', 'display');
        $this->Auth->authorize = array('controller');
        $this->set('loggedIn', $this->Auth->user('id'));
        $this->Auth->userScope = array('User.activated' => '1');
        parent::beforeFilter();
    }

    public function isAuthorized($user) {
        // Here is where we should verify the role and give access based on role

        return true;
    }

}

用户视图的Login.ctp

<div class="users form">
    <?php echo $this->Session->flash('auth'); ?>
    <?php echo md5('136112'); ?>
    <?php echo $this->Form->create('User', array('action' => 'login')); ?>
    <fieldset>
        <legend>
            <?php echo __('لطفا نام کاربری و کلمه عبور را وارد کنید'); ?>
        </legend>
        <?php
        echo $this->Form->input('username',array('label'=>'نام کاربری'));
        echo $this->Form->input('password',array('label'=>'کلمه عبور'));
        echo $this->Form->input('remember_me',array('label'=>'مرا به خاطر بسپار','type'=>'checkbox'));
        ?>
    </fieldset>
    <?php echo $this->Form->end(__('ورود')); ?>
</div>

这是 UsersController.php 的login()动作:

function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            /* if (!empty($this->data)) {
              if (empty($this->data['User']['remember_me'])) {
              $this->Cookie->delete('User');
              } else {
              $cookie = array();
              $cookie['username'] = $this->data['User']
              ['username'];
              $cookie['password'] = $this->data['User']
              ['password'];
              $this->Cookie->write('User', $cookie, true, '+2 weeks');
              }
              unset($this->data['User']['remember_me']);
              } */
            $this->redirect($this->Auth->redirect());
        } else {
            $this->Session->setFlash(__('Invalid username or password, try again'));
        }
    }
}

1 个答案:

答案 0 :(得分:0)

你说你的密码是md5哈希值,而在配置中,你设置了'hashType' => 'sha256'。因此,哈希类型的不匹配非常明显。设置Security::setHash('md5')不会做任何事情,因为在Auth配置中设置的hashtype将优先。

您需要将hashType更改为md5。另外,简单地在db中保存密码的md5哈希将不起作用,因为密码hasher在散列之前将盐(在core.php中指定的Security.salt)附加到密码。所以(new SimplePasswordHasher)->hash('123456')得到需要存储在db中的散列值。所有这些都在CakePHP手册btw中解释。