在2.0之前的CakePHP中,您可以允许用户使用他们的电子邮件地址登录,方法是停止autoRedirect,然后将用户名数据与数据库中的电子邮件列进行比较(显然,如果不是电子邮件,Cake可以回退到用户名检查)
在CakePHP 2.0中,这已经改变,您使用$this->Auth->login()
我的问题是如何让这个适用于2.0?我有一些相当复杂的代码,可以处理各种各样的事情,例如处理ajax和回发请求,如果用户尝试登录太多次,则锁定帐户等等,所以它很长!
正如您将看到我检查帐户是否实际存在,因此我可以在完成身份验证过程之前显示未找到帐户的消息,并且如果5次失败尝试也会使用此消息来锁定该用户的帐户
这里的主要问题是允许系统检查用户名和电子邮件地址以进行身份验证,如果您在上述检查中使用电子邮件地址,系统就会锁定用户,但它始终会失败因为身份验证无法处理它。
希望有人可以提供帮助,提供创意提示。感谢
if ($this->request->is('post'))
{
$opts = array(
'conditions'=>array(
'OR'=>array(
'User.username'=>$this->data['User']['username'],
'User.email'=>$this->data['User']['username']
)
)
);
$user = $this->User->find('first', $opts);
if(!empty($user))
{
if($user['User']['status'] == 0)
{
if($this->request->is('ajax'))
{
$this->autoRender = false;
echo json_encode(array('authenticated'=>false,'error'=>__('Sorry your account is currently locked. Please reset your password.?')));
}
else
{
$this->Session->setFlash(__('Sorry your account is currently locked. Please reset your password.'), 'default', array(), 'auth');
}
}
else
{
if ($this->Auth->login())
{
if ($this->request->is('ajax'))
{
$this->autoRender = false;
if(isset($this->params['url']['continue']))
{
$pathtoredirect = $this->UrlEncode->base64url_decode($this->params['url']['continue']);
echo json_encode(array('authenticated'=>true,'redirect'=>$pathtoredirect,'base'=>false));
}
else
{
$pathtoredirect = $this->Auth->redirect();
echo json_encode(array('authenticated'=>true,'redirect'=>$pathtoredirect,'base'=>true));
}
}
else
{
if(isset($this->params['url']['continue']))
{
$pathtoredirect = $this->UrlEncode->base64url_decode($this->params['url']['continue']);
}
else
{
$pathtoredirect = $this->Auth->redirect();
}
return $this->redirect($pathtoredirect);
}
}
else
{
if($this->Session->read('attempts'))
{
$attempts = $this->Session->read('attempts') + 1;
}
else
{
$attempts = 1;
}
$this->Session->write('attempts', $attempts);
if($attempts >= 5)
{
$this->User->id = $user['User']['id'];
$this->User->saveField('status', 0);
if ($this->request->is('ajax'))
{
$this->autoRender = false;
echo json_encode(array('authenticated'=>false,'error'=>__('Username or password is incorrect. For security reasons this account has now been locked and you must reset your password to unlock it.')));
}
else
{
$this->Session->setFlash(__('Username or password is incorrect. For security reasons this account has now been locked and you must reset your password to unlock it.'), 'default', array(), 'auth');
}
}
else
{
if ($this->request->is('ajax'))
{
$this->autoRender = false;
echo json_encode(array('authenticated'=>false,'error'=>__('Username or password is incorrect')));
}
else
{
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
}
}
else
{
if ($this->request->is('ajax'))
{
$this->autoRender = false;
echo json_encode(array('authenticated'=>false,'error'=>__('Sorry that account does not exist.')));
}
else
{
$this->Session->setFlash(__('Sorry that account does not exist.'), 'default', array(), 'auth');
}
}
}
答案 0 :(得分:3)
我不确定是否可以将AuthComponent配置为自动检查两个字段,但这是另一种选择:
/*
* AppController
*/
beforeFilter()
{
$this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
}
/*
* UsersController
*/
function login()
{
if($this->request->is('post'))
{
$logged_in = false;
if($this->Auth->login())
{
$logged_in = true;
}
else
{
$this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'username', 'password' => 'password')));
$this->Auth->constructAuthenticate();
$this->request->data['User']['username'] = $this->request->data['User']['email'];
if($this->Auth->login())
{
$logged_in = true;
}
}
if($logged_in)
{
/*
* Do what you want here
*/
}
else
{
/*
* Do what you want here
*/
}
}
}
当然,如果您希望只能执行一个测试以检查这两个字段,则可以将此代码移动到Component中,而不是直接调用$this->Auth->login()方法。