好的,我整个晚上一直在撞墙。
有人可以解释为什么这会返回false(用户模型):
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
/*
if($newPassword != $repeatPassword)
return false;
*/
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
$hash = $passwordHasher->hash($currentPassword);
if($current != $hash)
return false;
//set password to data
//save
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
我可以从调试$ current和$ hash看到生成的哈希值与从数据库中提取的哈希值不同。问题是原因。
顺便说一句,登录工作正常。 CakePHP版本是2.6.5
编辑: 问题解决了。完整的解决方案:
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
if($newPassword != $repeatPassword)
return false;
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
if(!$passwordHasher->check($currentPassword, $current))
return false;
//set password to data
$this->data['password'] = $newPassword;
//save
if(!$this->save($this->data))
return false;
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
答案 0 :(得分:1)
$ current和$ hash生成的哈希值不相同
这就是河豚的工作原理。它每次都会生成一个新哈希。
使用BlowfishPasswordHasher::check()来检查当前密码是否与数据库中的哈希值匹配,而不是对当前密码进行哈希处理并使用数据库中的现有哈希进行字符串比较。