CakePHP身份验证:无效的用户名或密码无效?

时间:2015-07-19 18:29:06

标签: php cakephp

我正在浏览CakePHP教程并尝试测试基本的登录功能。我正在进行一些细微的调整,以匹配我的数据库需要查看的方式(电子邮件和令牌而不是用户名表中的用户名和密码),我相信在使用Blowfish哈希时我已经搞砸了。有人可以看看是否有任何明显的弹出?现在我可以添加新用户,但他们在数据库中的密码看起来是纯文本。令牌列的类型为VARCHAR(75),是否有足够的空间供Blowfish工作?

我收到了错误:

**警告(512):无效盐:通过河豚**

输入正确的用户/通行证组合时,

然后“无效的用户名或密码”。当我输入不正确的凭据时,我只会收到无效的用户/通行错误,因此看起来它仍然在通过该行的某个地方。

应用/型号/ user.php的 

App::uses('AppModel', 'Model'); 
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {

    public $validate = array(
        'email' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'An email is required'
            )
        ),
        'token' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        ),
        'group' => array(
            'valid' => array(
                'rule' => array('inList', array('user', 'admin', 'manager')),
                'message' => 'Please enter a valid group role',
                'allowEmpty' => false
            )
        )
    );

    public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['token'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['token'] = $passwordHasher->hash(
            $this->data[$this->alias]['token']
        );
    }
    return true;
        }
}

应用/控制器/ AppController.php 

class AppController extends Controller {
    //...

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'posts',
                'action' => 'index'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
                'home'
            ),
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish',
                    'fields' => array('username' => 'email', 'password' => 'token')

                )
            )
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');

    }
    //...
}

add.ctp 

<div class="users form">
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend><?php echo __('Add User'); ?></legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
        echo $this->Form->input('group', array(
            'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
        ));
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

login.ctp 

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
    <fieldset>
        <legend>
            <?php echo __('Please enter your username and password'); ?>
        </legend>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('token');
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>

1 个答案:

答案 0 :(得分:1)

检查河豚盐以确保其具有正确的字符数,并使用添加/编辑表单初始设置密码。

您还应该将db中的令牌长度设置为256个字符

相关问题
最新问题