我下载了最新版本的cakephp 2.4。
当我使用身份验证组件时,它没有检查密码。
当我看到sql转储时,它显示
SELECT User.id, User.role_id, User.username, User.password,
User.email, User.first_name, User.last_name, User.activation_key,
User.status, User.created, User.modified
FROM cakephp.users AS User WHERE User.username = 'admin'
AND User.status = 1 LIMIT 1
它应该是
SELECT User.id, User.role_id, User.username, User.password, User.email,
User.first_name, User.last_name, User.activation_key, User.status,
User.created, User.modified FROM cakephp.users AS User
WHERE User.username = 'admin'
AND User.password = '32ddqdsd34sfgtbvge434' AND User.status = 1 LIMIT 1
我的身份验证组件代码是
$this->Auth->userModel = 'User';
$this->Auth->authenticate = array(
'Form' => array(
'scope' => array('User.status' => 1)
)
);
$this->Auth->loginError = __("login_failed_invalid_username_or_password");
$this->Auth->loginAction = array('admin' => true, 'controller' => 'admins', 'action' => 'login');
$this->Auth->loginRedirect = array('admin' => true, 'controller' => 'admins', 'action' => 'dashboard');
$this->Auth->authError = __('you_must_login_to_view_this_information');
$this->Auth->autoRedirect = true;
哈希算法在 2.4 中已更改。密码检查现在使用 PHP 完成,并使用了不同的 has 类型。
在您的模型中
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
和您的控制器
public $components = array(
'Session',
/* add Auth component and set the urls that will be loaded after the login and logout actions is performed */
'Auth' => array(
'loginRedirect' => array('controller' => 'admins', 'action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'home')
)
);
抽出时间阅读本文
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
它不会在一个SQL中通过查找用户进行密码检查。2.4 的蛋糕将找到用户(您会看到此查询),然后检查密码。您需要在表中具有正确的密码才能从身份验证>登录中获得真实
解决方案:在 CakePHP 2.4 中使用 AuthComponent 登录