cakephp3-哈希密码在比较时不匹配

时间:2017-04-05 12:38:07

标签: php cakephp cakephp-3.0 cakephp-3.x cakephp-3.3

CakePHP版本:3.3.5

我正在建立一个简单的系统,用户可以使用该系统登录(使用电子邮件和密码),登录后他们可以更改密码。

为此,我正在使用DefaultPasswordHasher

我的数据库中已经有一些用户了。他们的记录已经存在。所以当我执行登录功能时,它起作用了。我将用户输入的密码与数据库中已存在的密码进行了比较。检查成功,用户可以登录。

现在登录后,我写了更改密码功能,更新了用户密码。新的哈希字符串替换了旧的密码字符串,但是当我再次尝试登录时,登录失败。

我将在这里分享我的控制器。这很基本。

namespace Api\Controller;
use Cake\Utility\Security;
use Cake\Utility\Hash;
use Cake\Auth\DefaultPasswordHasher;
use Api\Controller\AppController;

class LoginController extends AppController
{
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
    }

    //Function to reset the password
    public function resetPassword()
    {
        $pass   = $this->request->data['pass'];
        $hasher = new DefaultPasswordHasher();
        $hashedPass = $hasher->hash($pass);

        $this->loadModel('Login');
        //save it to db
        $responseArray      = $this->Login->resetPassword($hashedPass); 
        $this->set(compact('responseArray'));
        $this->set('_serialize', ['responseArray']);
    }

     //Function to login
     public function login()
     {
        if ($this->request->is('post')) 
        {
            //Password submitted via form
            $pass   = $this->request->data['pass'];

            //Hashed password fetched from db via a function call
            $actualPassword = 'hashedPasswordString'

            //Compare password submitted and hash from db
            if($this->checkPassword($pass,$actualPassword))
            {
                $result = 'password matched';
            }
            else
            {
                $result = 'password doesnot match';
            }
        }
        $this->set(compact('result'));
        $this->set('_serialize', ['result']);       
     }

    //Function to compare password and hash
    public function checkPassword($passedPassword , $actualPassword) 
    {
        if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
            return true;
        } else {
            return false;
        }
    }

}

任何人都可以告诉我为什么密码不匹配。我是CakePHP框架的新手。提前谢谢!

2 个答案:

答案 0 :(得分:1)

这是我的重置密码工作流程的样子。我无法从你的帖子中看出你的实体和表格是什么样的。

任何时候发布的数据都会转换为用户实体,现在将进行哈希

系统管理员/ UsersController.php

public function password($id = null)
{
    $user = $this->Users->get($id, [
        'fields' => ['id', 'first_name', 'last_name', 'username']
    ]);
    if ($this->request->is('put')) {
        if ($this->request->data['password'] == $this->request->data['password2']) {
            $this->Users->patchEntity($user, ['password' => $this->request->data['password']]);
            $this->Users->save($user);
            $this->Flash->success('Password has been updated');
            return $this->redirect('/admin/users/password/' . $id);
        } else {
            $this->Flash->error('Passwords do not match');
        }
    }

    $this->set(compact('user'));
}

<强>模型/实体/ user.php的

protected function _setPassword($password)
{
    if (strlen($password) > 0) {
        return (new DefaultPasswordHasher)->hash($password);
    }
}

答案 1 :(得分:0)

public function changePassword(){
    if ($this->request->is('post')) {
        $data = $this->request->data();
        $res['success'] = FALSE;
        $user = $this->Users->get($this->Auth->user('id'))->toArray();
        if ((new DefaultPasswordHasher)->check($data['oldPassword'], $user['password'])) {
            if($data['newPassword'] == $data['confPassword']){
                $userEntity = $this->Users->get($this->Auth->user('id'));
                $userEntity->password = $data['newPassword'];
                if($this->Users->save($userEntity)){
                    $res['success'] = TRUE;
                    $res['message'] = 'Password Changed Successfully.';
                }
            }else{
                $res['success'] = FALSE;
                $res['message'] = 'Confirm password is not same as new password. please enter both password again!!';
            }

        }else{
             $res['success'] = FALSE;
             $res['message'] = 'Your old password is wrong!';
        }
        echo json_encode($res);
        exit();

    }
}