任何人都可以看到此行的问题:$emailtoken = md5($user['User']['password'].CAKE_SESSION_STRING);
因为它出现以下错误:Use of undefined constant CAKE_SESSION_STRING - assumed 'CAKE_SESSION_STRING'
它仍会创建一个令牌,但会出现该错误,然后在使用令牌时它表示它无效:/
这是完整的功能:
function admin_resetpassword ( $token = null )
{
// User submits their email address
if (!empty($this->data['User']['email']))
{
// user submitted initial form
$user = $this->User->findByEmail($this->data['User']['email']);
if (empty($user))
{
$this->Session->setFlash('Unknown email.');
return;
}
else
{
$emailtoken = md5($user['User']['password'].CAKE_SESSION_STRING);
// send email (temp flash to test code)
$this->Session->setFlash($emailtoken);
return;
}
}
// If the token is not empty on the url
if (!empty($token))
{
$user = $this->User->find(array("MD5(User.password + '".CAKE_SESSION_STRING."')"=>$token));
if (empty($user))
{
$this->Session->setFlash('Invalid token.');
return;
}
if (!empty($this->data['User']['password']))
{
$user['User']['password'] = $this->data['User']['password'];
$this->user->save($user);
$this->Session->setFlash('New password set.');
$this->redirect('/');
}
$this->set('token', $token);
$this->render('newpassword2');
}
}
答案 0 :(得分:0)
问题是未定义CAKE_SESSION_STRING(如错误中所述)。
如果你想获得salt或cipherSeed,请使用Configure::read('Security.salt');或$this-Session->id;但是你知道这个会话ID在某些不活动期后会丢失,对吧?您将无法在以后获取该会话ID(除非您将其保存在某处)。