我有以下代码通过电子邮件链接重置我的密码(工作正常)。
在我的用户控制器中:
public function resetpw($token = null) {
$resetpw = $this->Users->findByToken('id');
if ($this->request->is('post')) {
$pw = $this->request->data['password'];
$pwtable = TableRegistry::get('Users');
$newpw = $pwtable->find($resetpw);
$newpw->password = $pw;
if ($pwtable->save($newpw)) {
$this->Flash->success(__('Your password has been successfully updated.'));
return $this->redirect(['action' => 'login']);
}
else {
$this->Flash->error(__('Your password could not be saved. Please, try again.'));
}
}
}
重置密码CTP文件:
重置密码?
<?= $this->Flash->render(); ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your new password.') ?></legend>
<?= $this->Form->input('password', ['label' => 'New Password']) ?>
<?= $this->Form->input('confirmpassword', ['type' => 'password', 'label' => 'Confirm New Password']) ?>
</fieldset>
<?= $this->Form->button(__('Update password')); ?>
<?= $this->Form->end() ?>
我还有以下有关比较两个密码的规则:
public function validatePasswords($validator)
{
$validator->add('confirmpassword', 'no-misspelling', [
'rule' => ['compareWith', 'password'],
'message' => 'The passwords are not the same.',
]);
return $validator;
}
输入密码和密码两个相同的密码后comfirmpassword字段,我收到以下错误:
未知的查找程序方法“SELECT Users.id AS
Users__id,Users.username ASUsers__username,Users.password ASUsers__password,Users.email ASUsers__email,Users.role ASUsers__role,Users.token ASUsers__tokenFROM users用户WHERE Users.token =:c0“
答案 0 :(得分:2)
问题中的代码中有许多奇怪的东西,所以在继续之前,需要阅读一些内容:
这些部分应该提供足够的信息,以便拥有逻辑上可行的代码结构。之所以提到这一点,是因为问题中包含以下代码:
TableRegistry::get('ControllerName')用法 - 没必要Table->findByToken('literal-string') - 将始终返回相同的内容(无)$table->find($notAString); - 与find方法的api不匹配重要的是要认识到,从根本上说,重置用户密码只是一个编辑操作。以下是编辑操作taken from the blog tutorial的示例:
// src/Controller/ArticlesController.php
public function edit($id = null)
{
$article = $this->Articles->get($id);
if ($this->request->is(['post', 'put'])) {
$this->Articles->patchEntity($article, $this->request->data);
if ($this->Articles->save($article)) {
$this->Flash->success(__('Your article has been updated.'));
return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to update your article.'));
}
$this->set('article', $article);
}
有以下步骤:
这些步骤与问题场景中所需的步骤相同。将上述代码改为此代码的问题:
// src/Controller/UsersController.php
public function edit($token = null)
{
$user = $this->Users->findByToken($token)->first();
if (!$user) {
$this->Flash->success(__('No user with that token found.'));
return $this->redirect('/');
}
if ($this->request->is(['post'])) {
$user->password = $this->request->data['password'];
$user->confirmpassword = $this->request->data['confirmpassword'];
if ($this->Users->save($user)) {
$this->Flash->success(__('Your password has been successfully updated.'));
return $this->redirect(['action' => 'login']);
}
$this->Flash->error(__('Your password could not be saved. Please, try again.'));
}
}
问题中没有提到,但上面的代码要求用户实体为hash the password when it's set:
您有责任在密码出现之前对其进行哈希处理 持久化到数据库,最简单的方法是使用setter函数 在您的用户实体中:
namespace App\Model\Entity; use Cake\Auth\DefaultPasswordHasher; use Cake\ORM\Entity; class User extends Entity { // ... protected function _setPassword($password) { if (strlen($password) > 0) { return (new DefaultPasswordHasher)->hash($password); } } // ... }
否则,明文密码将保存在users表中而不是哈希值,登录将无效。