CakePHP的2:覆盖AuthComponent的"密码"方法 [英] CakePHP 2: Override AuthComponent's "password" method
问题描述
我的目标是为每个用户的唯一盐,而不是仅仅使用配置::阅读('Security.salt')
为每一位用户。
My goal is to have a unique salt for each user rather than just using Configure::read('Security.salt')
for every user.
我知道,CakePHP的2.x的不再自动散列密码。这让我对执行密码模型验证,这是非常好的。不过,我没有看到一个方式,我可以覆盖AuthComponent的密码的方法。因此,即使我可以控制它们如何被保存到数据库之前的密码散列,我可以执行实际登录的时候无法控制密码哈希如何。从食谱:
I know that CakePHP 2.x no longer hashes passwords automatically. This allows me to perform model validation on passwords, which is very nice. However, I don't see a way that I can override the AuthComponent's "password" method. So even though I can control how passwords are hashed before they are saved to the database, I cannot control how passwords are hashed when performing the actual login. From the cookbook:
您不必致电前,哈希密码
$这个 - > Auth-方式>登录()
You don’t need to hash passwords before calling
$this->Auth->login()
.
我能做些什么,使 $这个 - > Auth->登录()
使用密码哈希的自定义方法
What can I do to make $this->Auth->login()
use a custom method of password hashing?
感谢。
更新:我结束了博士汉尼拔的回答会(创建自定义的验证对象)。以下是如何做到这一点:
UPDATE: I ended up going with dr Hannibal Lecter's answer (creating a custom authentication object). Here's how to do it:
旧code:
$this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email')));
新的code(变形到自定义):
New code (change "Form" to "Custom"):
$this->Auth->authenticate = array('Custom' => array('fields' => array('username' => 'email')));
创建应用程序/控制器/组件/认证/ CustomAuthenticate.php,并使它看起来像这样:
Create "app/Controller/Component/Auth/CustomAuthenticate.php" and make it look like this:
<?php
App::uses('FormAuthenticate', 'Controller/Component/Auth');
class CustomAuthenticate extends FormAuthenticate {
}
复制_findUser,并从LIB /蛋糕/控制器/组件/认证/ BaseAuthenticate.php_password的方法,并将其粘贴到CustomAuthenticate级。然后进行以下两处修改_findUser的方法:
Copy the "_findUser" and "_password" methods from "lib/Cake/Controller/Component/Auth/BaseAuthenticate.php" and paste them into the "CustomAuthenticate" class. Then make the following two modifications to the "_findUser" method:
-
从$条件数组删除此行:
$模式。 '。 。 $域['密码'] =&GT; $这个 - &GT; _password($密码)
修改如果(空($结果)||空($结果[$模式])){
到如果(空($结果)||空($结果[$模式])|| $结果[$模型] [$域['密码'] = $这个 - &GT;!_password($的密码,$结果[$型号] ['身份证'])){
然后进行以下两处修改_password的方法:
Then make the following two modifications to the "_password" method:
-
创建通过更改
保护功能_password($密码){
到保护功能_password($密码的$ id参数,的$ id){
通过改变更新盐值返回安全::哈希($的密码,空,真);
到返回安全::哈希($的密码,空,配置::阅读('Security.salt')的$ id);
最后,更新 AuthComponent ::密码
使用的所有实例安全::哈希
通过相同的逻辑以上。
Lastly, update all occurrences of AuthComponent::password
to use Security::hash
with the same logic as above.
推荐答案
您也许可以创建一个<一个href=\"http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#creating-custom-authentication-objects\"相对=nofollow>自定义的身份验证对象并散列但是你喜欢的密码。看看在现有的权威性对象到得到它们是如何工作的总体思路。
You could probably create a custom auth object and hash the password however you like. Take a look at the existing auth objects to get the general idea of how they work.
这篇关于CakePHP的2:覆盖AuthComponent的&QUOT;密码&QUOT;方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!