SilverStripe密码/加密不起作用 [英] SilverStripe password de/encrypting doesn't work

问题描述

由于3dgoo在这里的巨大帮助将敏感数据存储在Silverstripe中
我可以创建此数据对象来存储ClientPasswords - > http://www.sspaste.com/paste/show/5257a5ccdf990

Because of the huge help from 3dgoo here Store Sensitive Data in Silverstripe I was able to create this Dataobject to store ClientPasswords -> http://www.sspaste.com/paste/show/5257a5ccdf990

问题是，在使用创建字段后， getCMSFields ，de / and加密不再工作，密码作为明文存储在数据库中：/

The Problem is, after creating the fields with getCMSFields the de/and encryption doesn't work anymore and the password is stored as plaintext in the database :/

有人可以帮我修复吗？这个bug在哪里？

Can someone help me to fix it? Where is the bug?

推荐答案

我没有发现一个bug，因为你没有，如果你没有调用一个意识形态的一个。

I can't spot a bug per se there as you have none, if you don't call an ideological one that.

当您使用文本字段时，您实际上不会将密码重写为散列版本。

You arent actually rewriting the password anywhere to the hashed version when you use the text field.

这与db元素的实际字段有关：

this relates to the actual field to the db element:

new TextField('Password', _t('Dict.PASSWORD', 'Password'))

所以你没有抓住写入或读取功能隐藏或解密。

So you aren't catching the write or read to feature the crypting or decrypting.

使其工作的一种方法是将文本框绑定到一个自定义的getter / setter，而不是直接与db关系，然后获取并设置实际的db字段。

One way to make it work is to bound the textfield to a custom getter/setter that is not the db relation directly and then on get and set the actual db field.

该示例为：

1）以此方式添加字段

1) add the field as this way

$fields->addFieldToTab("Root.Main", new TextField('CusotomgetterSetter', "Set the password")

2）创建类的设置者：

2) create the setters to the class:

public function setCusotomgetterSetter($value){
    if(!$this->Salt){
        $this->Salt = uniqid(mt_rand());
    }
    $test = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->Salt), $value, MCRYPT_MODE_CBC, md5(md5($this->Salt))));
    $this->Password = $test;
}

public function getCusotomgetterSetter(){
    return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->Salt), base64_decode($this->Password), MCRYPT_MODE_CBC, md5(md5($this->Salt))), "\0");
}

3）向数据库添加新的盐场，记得运行/ dev /建立

3) add new salt field to the db, remember to run /dev/build

static $db = array (
    'Type' => 'Text', 
    'Username' => 'Text', 
    'Password' => 'Text',
    'URL' => 'Text',
    'Webadmin' => 'Text',
    'Editable' => 'Text',
"Salt" => "Text"
);

我修改了获取和设置字段以使用此处创建的盐。不是在会员中发现的那个，因为在这一点上我们现在没有实际的会员关系，所以$ this-> Member（）可能是null。

I amended the get and set fields to use the salt created here. Not the one found in the member as there is a possibility that on that point we dont actually now the member relation so $this->Member() might be null.

工作示例 http：/ /www.sspaste.com/paste/show/5257f7743cf0b

这篇关于SilverStripe密码/加密不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！