登录[Auth->确定()]总是CakePHP的3个假 [英] Login [ Auth->identify() ] always false on CakePHP 3
问题描述
我开始使用CakePHP 2使用CakePHP 3时间后,我有麻烦创建认证登录。
新AUTH功能 $这个 - > Auth-方式>确定()总是返回false
在数据库中,口令被加密完美和查询谁需要它的确定太用户。
我的code:
AppController的:
[...]
类AppController的扩展控制器{
公共函数初始化(){
$这个 - > loadComponent('闪光');
$这个 - > loadComponent('验证',[
loginRedirect'=> [
控制器=> 管理员,
'行动'=> '指数'
]
logoutRedirect'=> [
控制器=> 页数,
'行动'=> '显示'
]
]);
} 公共职能beforeFilter(事件$事件)
{
$这个 - > Auth->允许(['显示']);
}
}
UserController的:
[...]
类UsersController扩展的AppController {
公共职能beforeFilter(事件$事件)
{
父:: beforeFilter($事件);
$这个 - > Auth->允许(['注销']);
}
[...]
公共职能登录()
{
如果($这个 - >请求 - '是('后')){
$ USER = $这个 - > Auth->确定();
如果($用户){
$这个 - > Auth-> SETUSER($用户);
返回$这个 - >重定向($这个 - > Auth->的redirectUrl());
}
$这个 - > FLASH-GT&;错误(__(无效的用户名或密码,请重试));
}
}
[...]
用户(模型实体):
< PHP
空间应用\\型号\\实体;用蛋糕\\验证\\ DefaultPasswordHasher;
用蛋糕\\ ORM \\实体;类用户扩展实体{
保护$ _accessible = [*];
保护功能_setPassword($密码){
返回(新DefaultPasswordHasher) - GT;哈希($密码);
}
}
查看:
< DIV CLASS =用户形成>
< = $这个 - > FLASH-GT&;渲染('权威性')>
< = $这个 - >&形式 - GT;创建()>
<&字段集GT;
<传奇>< = __('请输入您的用户名和密码)>< /传说>
< = $这个 - >&形式 - GT;输入(用户名)&GT?;
< = $这个 - >&形式 - GT;输入('密码')&GT?;
< /字段集>
< = $这个 - >&形式 - GT;按钮(__('登录')); ?>
< = $这个 - >&形式 - GT;结束()&GT?;
< / DIV>
CakePHP3默认情况下比2(bcrypt与SHA1),所以你需要使你的密码长度更长的使用不同的哈希算法。您的密码字段更改为VARCHAR(255)是安全的。
在CakePHP的尝试3次才能确定你的内存哈希从这个 - > Auth-密码>确定()与哈希密码在数据库中,它永远不会匹配,因为一些字符缺失。改变到255超过必要的,但可以帮助将来证明如果一个更安全散列在将来使用。建议255,因为字符计数可被存储在一个字节。
I started using CakePHP 3 after a time using CakePHP 2 and I am having troubles to create the authentication login.
The new auth function $this->Auth->identify() always return false.
On the database, the password are encrypted perfect and the query who takes the user it's ok too.
My code:
AppController:
[...]
class AppController extends Controller{
public function initialize(){
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Admin',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display'
]
]);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['display']);
}
}
UserController:
[...]
class UsersController extends AppController{
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['logout']);
}
[...]
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again'));
}
}
[...]
User (Model Entity):
<?php
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity{
protected $_accessible = [*];
protected function _setPassword($password){
return (new DefaultPasswordHasher)->hash($password);
}
}
View:
<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your username and password') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
</fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>
CakePHP3 uses a different hashing algorithm by default than 2 (bcrypt vs. SHA1), so you need to make your password length longer. Change your password field to VARCHAR(255) to be safe.
When CakePHP 3 tries to identify your in-memory hashed password from this->Auth->identify() vs. the hashed password in the database, it will never match because some characters are missing. Changing to 255 is more than needed, but can help future proof if an even more secure hash is used in the future. 255 is recommended because the the character count can be stored in one byte.
这篇关于登录[Auth-&GT;确定()]总是CakePHP的3个假的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
