1. 技术文章
  2. Password does not hash in cakephp

Password does not hash in cakephp

怎甘沉沦 提交于 2020-01-17 01:21:51

问题


the following code is not able to hash the user's password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash. The following code is in my model.

'password_confirm'=>array(  
        'compare'    => array(
            'rule'      => array('password_match', 'password', true),
            'message'   => 'Password does not match',
            'required'  => true,
        ),
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Confirm password is empty',
            'allowEmpty' => false,
            'required' => true)
    ),

    'password'=>array(
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Password is empty',
            'allowEmpty' => false,
            'required' => true)
    )

function password_match($data, $password_field, $hashed = true)
    {
        $password         = $this->data[$this->alias][$password_field];
        $keys             = array_keys($data);
        $password_confirm = $hashed ?
              Security::hash($data[$keys[0]], null, true) :
              $data[$keys[0]];
        return $password === $password_confirm;
    }

The following code is in my user_controller

function change_password(){
        #CURRENTLY NOT WORKING
    $this->layout = "mainLayout";
    $in_user_id = $id = $this->Auth->user('id');

    if($this->data){
        $this->User->validate['password_confirm']['compare']['rule'] =
        array('password_match', 'password', false);

        $this->User->set($this->data);
        $this->User->useValidationRules('ChangePassword');
        if($this->User->validates()){
            $this->data['User']['id']=$in_user_id;
            $this->User->save($this->data,array('validate'=>false));
        }
    }
}

回答1:


Your model and validation function are only checking that the password and confirm_password inputs match. At no point does it alter the data to hash the input value.

After you validate your input, and before you save your model, you need to hash the password input. Something like this:

$this->data[ 'User' ][ 'Password' ] = Security::hash( $this->data[ 'User' ][ 'Password' ], null, true );



回答2:


you shouldn't use the field name "password" in cake1.3 due to its automatic. use a different field and rename it prior to saving.

if you want to use a cleaner approach, consider using a behavior: http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/



来源:https://stackoverflow.com/questions/7857168/password-does-not-hash-in-cakephp

标签
cakephp
cakephp-1.3
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!