问题
I'm using CakePHP 1.2 with Auth and ACL components.
In my user register action, the password is coming in unhashed. Specifically, this expression:
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password']))
This is evaluating to true, even when I submit identical values for password and confirm_password. I know that password is unhashed because when I remove the call to Auth->password, the expression evaluates to false.
I expected the Auth module to automagically hash the password. What am I doing wrong?
Here is my view:
<?php
echo $form->create('User', array('action' => 'register'));
echo $form->input('email',
array('after' => $form->error(
'email_unique', 'This email is already registered.')));
echo $form->input('password');
echo $form->input('confirm_password', array('type' => 'password'));
echo $form->end('Register');
?>
Here is my register action from the user controller:
function register(){
if ($this->data) {
if ($this->data['User']['password'] !=
$this->Auth->password($this->data['User']['confirm_password'])) {
$this->Session->setFlash(__('Password and Confirm Password must match.', true));
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
}
else{
$this->User->create();
if ($this->User->save($this->data)){
$this->redirect(array('action' => 'index'), null, true);
}
else {
$this->data['User']['password'] = '';
$this->data['User']['confirm_password'] = '';
$this->Session->setFlash(__('Some problem saving your information.', true));
}
}
}
}
And here is my appController where I include the Auth and Acl modules:
class AppController extends Controller {
var $components = array('Acl', 'Auth');
function beforeFilter(){
if (isset($this->Auth)) {
$this->Auth->allow('display');
$this->Auth->fields =
array(
'username' => 'email',
'password' => 'password');
$this->Auth->authorize = 'actions';
}
}
}
What am I doing wrong?
回答1:
CakePHP won't hash passwords unless username contains a submitted value. I'm replacing the username field with email. However, I remapped those fields by setting the Auth->fields array. However, I was doing that in the appController instead of userController. So moving this line:
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
out of appController into userController solved it.
Now the question becomes "Why can't I reset the Auth->fields in appController?"
回答2:
You're probably overriding AppController::beforeFilter() with your UsersController::beforeFilter().
To "fix" it, just put parent::beforeFilter() at the beginning of the function.
回答3:
You should hash password before saving to database. Place this function into your User model:
function beforeSave() {
if(isset($this->data[$this->alias]['password']))
$this->data[$this->alias]['password'] = Security::hash($this->data[$this->alias]['password'], null, true);
return true;
}
And don't forget to put this in beforeFilter() to your users controller:
if(in_array($this->action, array('register'))) {
$this->Auth->fields = array('username' => 'email', 'password' => 'wrongfield');
}
That means that password will NOT be hashed during registration process (in case of failed validation of register form).
回答4:
i think you are looking for
hashPasswords ($data)
look at these pages. They should point you in the right direction. You can also try changing your debugging level in the core config file. changing it from 0 (production) to 3 allows you to see you sql output. may be helpful.
AuthComponent-Methods
Cakephp troubleshooting
Sorry i can't do anything but point you in the right direction. I'm new to cakephp.
来源:https://stackoverflow.com/questions/617471/why-is-the-cakephp-authentication-component-not-hashing-my-password