我第一次尝试使用cakephp,我编写的代码不允许我登录任何用户。用户的创建工作得很好,因为我能够查询数据库并输出用户名和散列密码。我不确定是否我只是错过了一行代码的地方,或者如果我可能没有使密码字段在我的数据库足够大。我已经摆弄了我的数据库变量,但改变大小和类型似乎都没有帮助。
有:
class AppController extends Controller
{
public $helpers = array('Html');
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'login',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'home',
'action' => 'index', 'home'
),
'Auth' => array('authorize' => 'Controller'),
'authenticate' => array(
'Form' => array('passwordHasher' => 'Blowfish')
)
)
);
public function beforeFilter()
{
$this->Auth->allow('index', 'view');
$this->set('loggedin', $this->Auth->loggedIn());
}
public function isAuthorized($user)
{
if(($this->Auth->user('id')) === $user['user_id'])
{
return true;
}
else
{
$this->Session->setFlash(__('Please log in to view this page'));
return false;
}
}
}
我UsersController:
class UsersController extends AppController
{
public $helpers = array('HTML', 'Form');
public function beforeFilter()
{
parent::beforeFilter();
$this->Auth->allow('add');
}
public function index()
{
$this->set('users', $this->User->find('all'));
}
public function add()
{
if($this->request->is('post'))
{
$this->User->create();
if($this->User->save($this->data))
{
$this->Session->setFlash(__('Created new user'));
return $this->redirect(array('controller' => 'users', 'action' => 'login'));
}
$this->Session->setFlash(__('Could not create new user. Please try again.'));
}
}
public function login()
{
//$this->set('allUsers', $this->User->query("SELECT `User`.`user_id`, `User`.`username`,
//`User`.`password` FROM `ead44db`.`users` AS `User` WHERE 1 = 1"));
if($this->request->is('post'))
{
if($this->Auth->login())
{
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Incorrect user name or password, please try again.'));
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
}
My User model:
<?php
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel
{
public $validate = array('username' => array('required' => array('rule' => 'notEmpty')),
'password' => array('required' => array('rule' => 'notEmpty')));
/*public $hasMany = array('Review' => array('className' => 'Review', 'foreignKey' => 'reviewer_id'),
'Message' => array('className' => 'Message', 'foreignKey' => 'user_to_id'),
'Message' => array('className' => 'Message', 'foreignKey' => 'user_from_id'),
'Comment' => array('className' => 'Comment', 'foreignKey' => 'commenter_id'));*/
public $hasMany = array('Review', 'Message', 'Comment');
public function beforeSave($options = array())
{
if(isset($this->data['User']['password']))
{
$passwordHasher = new BlowfishPasswordHasher();
$this->data['User']['password'] = $passwordHasher->hash($this->data['User']['password']);
}
return true;
}
}
?>
And my database table for users:
CREATE TABLE users (
user_id int AUTO_INCREMENT PRIMARY KEY,
username varchar(50) UNIQUE,
password TEXT NOT NULL
);
在BlowfishPasswordHash.php中似乎有一个错误
读public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
}
它将数据库中用户记录中的密码的散列版本作为'salt'传递。这没有意义。
应该读
public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', false);
}
与生成初始密码哈希值的'hash'方法一致。
这个bug似乎仅限于2.5。x蛋糕释放。
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
),
'loginRedirect' => array('controller' => 'login', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'home', 'action' => 'index', 'home'),
'authorize' => array('Controller')
),
'Session'
);