CakePHP密码重置不更改密码

时间:2011-10-27 23:38:55

标签: php cakephp

我在CakePHP 1.3应用程序中具有以下功能,该应用程序采用令牌并允许用户更改其密码。一切似乎工作正常,除了密码实际上没有改变:/任何想法是什么问题?

function admin_changepassword ( $token = null )
    {
        // If has a token or form has been submitted
        if (!empty($token) || !(empty($this->data)))
        {   
            $user = $this->User->find('first',array("MD5(User.email + '".Configure::read('Security.salt')."')"=>$token));

            if (empty($user))
            { 
                $this->redirect(array('admin'=>false,'controller'=>'pages','action'=>'display','home'));
                $this->Session->setFlash('Invalid token'); 
            }
            else
            {
                $this->set('user',$user);
                if (!empty($this->data['User']['password']))
                { 
                    $user['User']['password'] = $this->data['User']['password']; 
                    $this->User->save($this->data); 
                    $this->Session->setFlash('Your password has been changed! Please log in.'); 
                    $this->redirect(array('admin'=>true,'controller' => 'users', 'action' => 'login'));
                }   
            }
        }
        else
        {
            $this->redirect(array('admin'=>false,'controller'=>'home','action'=>'display','home'));
            $this->Session->setFlash('No token');
        }
    }

3 个答案:

答案 0 :(得分:1)

就个人而言,我会做这样的事情;但我假设您的用户实际上是使用auth组件或类似用户登录的。未测试;但逻辑看起来应该对我有用。

<?php
function admin_changepassword ($token = NULL) {
    // bail out early if there is no token set, and always set the flash before redirecting.
    if($token==NULL) {
        $this->Session->setFlash('No token');
        $this->redirect(array('admin'=>false,'controller'=>'home','action'=>'display','home'));
    }

    // this is an admin action; the user already be logged in right?
    $this->User->id = $this->Auth->user('id');
    $user_password = $this->User->field('password');

    // does the token match the hashed password, and did they enter a new password?
    if($token==md5($user_password . Configure::read('Security.salt')) && !empty($this->data['User']['password'])) {
        $this->User->saveField('password', $this->data['User']['password']);    
        $this->Session->setFlash('Your password has been changed! Please log in.'); 
        $this->redirect(array('admin'=>true,'controller' => 'users', 'action' => 'login'));
    }

    // somethings gone wrong/password was not updated
    $this->Session->setFlash('Your password was not changed.'); 
    $this->redirect(array('admin'=>false,'controller'=>'home','action'=>'display','home'));
}

答案 1 :(得分:1)

确定经过一些测试,您的问题就像我最初在评论中提到的那样。

您没有设置用户的id,因此:

$this->User->save($this->data);

没有更新密码,而是在数据库中添加新行。

您需要指定要更新的用户的ID。

$user = $this->User->find('first',array("MD5(User.email + 
                            '".Configure::read('Security.salt')."')"=>$token));

// this line is redundant 
$user['User']['password'] = $this->data['User']['password'];  


$this->User->id = $user['User']['id']; // set user id
$this->User->save($this->data);  //  save it

如果您检查users表,我怀疑您会发现有很多空记录带有“已更改”的密码。我的测试同意蛋糕手册。

答案 2 :(得分:0)

这是一个旧线程,但它可能会帮助某人

function changePwd(){
     $this->User->id = $this->data->['User']['id']; //assuming this is set
     //check if the password fields are empty
     //check if the password fields match (password and confirm password one)

    //convert password 
    $this->request->data['User']['password'] = $this->Auth->password($this->data['User']['password'] );

    //saveField worked for me
    if($this->User->saveField('password',$this->request->data['User']['password'])){
        $this->Session->setFlash('Password changed successfully.','flashSuccess');
    }else{ ....
}
相关问题
最新问题