cakePHP电子邮件登录Auth [英] cakePHP email login Auth
问题描述
我使用的是CakePHP版本2.3.6,我一直在尝试创建注册和登录,但是当我使用注册的用户名和密码登录时,它总是说错用户名或密码,而且我使用电子邮件作为用户名。
Hi I am using cakePHP version 2.3.6, ive been trying to create a registration and login, however when i login with a registered username and password it keeps on saying wrong username or password and also I im using email for username. Please help me out thanks.
AppController
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages''action' =>'display', 'home')
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
}
View Login
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Please enter your username and password'); ?></legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
UserController
<?php
class usersController extends AppController
{
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add','login','logout');
}
var $name = 'Users';
public function view($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
public function add()
{
if (!empty($this ->data))
{
$this->User->create();
if ($this->User->save($this->data))
{
$this->Session->setFlash('Thank you for registering');
$this->redirect(array('action'=>'index'));
}
}
}
function index()
{
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login())
{
$this->redirect($this->Auth->redirectUrl());
}
else
{
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
**UserModel**
App::uses('AuthComponent','Controller/Component');
class User extends AppModel
{
var $name = 'User';
public $validate = array(
'email' => array(
'valid' => array(
'rule' => 'email',
'message' => 'Please enter an email address for username',
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'This username has already been taken',
),
'eValid' => array(
'required' => true,
'rule' => array('notEmpty'),
'message' => 'Please enter a username'
)
),
'password' => array(
'pValid' => array(
'required' => true,
'rule' => array('notEmpty'),
'message' => 'Please enter a valid password'
),
'minPword' => array(
'rule' => array('minLength', 8),
'message' => 'Please enter a password that is minimum 8 characters'
)
),
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this- >data[$this->alias]['password']);
}
return true;
}
}
推荐答案
默认情况下,CakePHP的Auth组件与用户名和密码字段一起使用。首先,您必须告诉Auth组件使用电子邮件字段而不是用户名。
The CakePHP's Auth Component works by default with the "username" and "password" fields. First, you have to tell the Auth Component to use the "email" field instead of the "username" one.
'Auth' => array
(
'authenticate' => array
(
'Form' => array
(
'fields' => array('username' => 'email', 'password' => 'password')
)
),
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' =>'display', 'home')
)
我建议您激活isAuthorized支票以完全控制自己的授权政策( http://book.cakephp.org /2.0/zh-CN/core-libraries/components/authentication.html#authorization-objects )。请记住,您甚至可以设置自定义密码哈希方法来提高安全性。
I suggest you to activate the isAuthorized check for having a complete control over your authorization policies (http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authorization-objects). Remember that you can even set a custom password hash method for increasing security.
祝您编程愉快!
EDIT
您的来源中存在多个问题:首先,转储中的密码字段对于密码哈希而言太短了... 在CookBook的教程中,您将看到密码字段是VARCHAR(50)而不是VARCHAR(30)。
There were multiple issues in your sources: first of all, the password field in your dump was too short for the password hash... in the CookBook's tutorial you will see that the password field is a VARCHAR(50) instead of your VARCHAR(30).
第二,CakePHP是一个基于配置的约定框架,因此始终请记住遵守食谱中的说明。控制器的名称必须为CamelCased,因此usersController的名称必须为UsersController,依此类推:这样可以帮助您避免使用
Second, CakePHP's a "convention over configuration" framework, so always remember to follow the cookbook instructions. Controller's name must be CamelCased, so usersController must be UsersController and so on: this will help you avoiding the use of the
$name = 'Users';
声明。干式控制器更少的指令意味着更少的麻烦;)并且也要尊重文件夹名称的约定!
statement. Dry controllers & less instructions mean less headaches ;) And respect the conventions for the folder's name too!
第三,在SQL转储中,电子邮件的记录很多。这意味着即使解决该领域的问题,您也可以在登录策略中发现更多问题。幸运的是,您在使用模型验证进行了一些测试之后对此进行了修补……为解决此问题,只需清空您的User表并进行尝试。
Third, in your SQL dump there were a lot of multiple records for your email. This means that even solving the field's problem you could have found more issues in your login policies. Fortunately, you patched this after some test with the Model validation... for solving this issue, just empty your User table and give it a try.
第四,安全性改进:在通过电子邮件发送给您的源代码中,我添加了此
Fourth, a security improvement: in the source code I've sent you on email, I've added this
Security::setHash('sha256');
在您的login()和add()函数之上。这将为您的密码提供更强的哈希值,并结合应用程序的盐。请始终在必需的函数中(即您保存或编辑用户表格密码字段的位置)声明此内容。请记住,这需要对用户表的密码字段进行编辑:将其更改为VARCHAR(64)或更高版本(实际上,SHA256返回64个字符的字符串)。
on top of your login() and add() functions. This will provide a stronger hash for your password, combined with your application's salt. Always declare this in the required functions (that means, where your save or edit the User's table password field). Keep in mind that this requires an edit to your User Table's password field: alter it to VARCHAR(64) or higher (in fact, SHA256 returns a 64 chars string).
仅此而已,我真的希望您会喜欢CakePHP。
That's all, I really hope you'll enjoy CakePHP.
再次...快乐编码!
这篇关于cakePHP电子邮件登录Auth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
