【问题标题】:Auth not validating properly on saving passwordsAuth 在保存密码时未正确验证
【发布时间】:2011-06-10 12:53:38
【问题描述】:

这似乎工作得很好,我在表单中添加了一个复选框,以便用户可以决定是否更改密码。在添加用户操作中,验证工作正常,如果有任何错误不会保存用户,但使用我的编辑用户操作,当两个密码字段为空时,它仍然会保存它们,但如果有任何数据,仍然会正确验证它们要么密码输入。这是我的模型:

class User extends AppModel {
var $name = 'User';
var $displayField = 'name';
var $validate = array(
    'username' => array(
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'User must have a username to login with',
        ),
    ),
    'password' => array(
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'User must have a password',
        ),
        'alphanumeric' => array(
            'rule' => array('alphanumeric'),
            'required' => true,
            'message' => 'User must have a password'
        ),
        'minlength' => array(
            'rule' => array('minlength', 6),
            'message' => 'Password must be at least 6 characters',
        ),
        'confirmPassword' => array(
            'rule' => array('confirmPassword', 'password'),
            'message' => 'Passwords do not match'
        ),
    ),
    'password_confirm' => array(
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'User must have a password',
        ),
        'alphanumeric' => array(
            'rule' => array('alphanumeric'),
            'required' => true,
            'message' => 'User must have a password'
        ),
        'minlength' => array(
            'rule' => array('minlength', 6),
            'message' => 'Password must be at least 6 characters',
        ),
    ),
);

function confirmPassword($data) {
    return ($data['password'] === Security::hash(Configure::read('Security.salt').$this->data['User']['password_confirm']));
}

这是我的编辑用户操作:

function admin_edit($id = null) {
    $this->set('title_for_layout', 'Users / Editing User');

    if (!$id && empty($this->data)) {
        $this->Session->setFlash(__('Invalid user specified', true), 'flash_error');
        $this->redirect(array('action' => 'index'));
    }
    if (!empty($this->data)) {
        $redirect = array('action' => 'index');
        if ($this->data['User']['edit_password'] == 1) {
            $fields = array('username', 'confirm_password', 'password', 'name');
            if ($this->data['User']['id'] == $this->Auth->user('id')) {
                $redirect['action'] = 'logout';
            }
        } else {
            $fields = array('username', 'name');
        }

        if ($this->User->save($this->data, true, $fields)) {
            $this->Session->setFlash(__(sprintf('The user <i>%s</i> was saved successfully.', $this->data['User']['username']), true), 'flash_success');
            $this->redirect($redirect);
        } else {
            $this->Session->setFlash(__('There were errors when trying to save the user', true), 'flash_error');
        }
    }
    if (empty($this->data)) {
        $this->data = $this->User->read(null, $id);
        $this->data['User']['password'] = '';
        $this->data['User']['edit_password'] = 0;
    }
}

【问题讨论】:

    标签: cakephp cakephp-1.3 authentication


    【解决方案1】:

    提前抱歉,因为这只是一个半答案,但应该让你朝着正确的方向前进。

    如果用户名字段也存在于提交的数据中,Auth 组件将自动对密码字段进行哈希处理

    因此,您已将数据设置为预测这一点......或避免它。

    这个方法也会派上用场。 http://book.cakephp.org/view/1259/hashPasswords

    【讨论】:

    • 感谢您的帮助。设法解决了这个问题,让它验证confirm_password而不是password_confirm,并且由于密码被自动散列,然后它自动通过验证。
    猜你喜欢
    • 1970-01-01
    • 2014-01-08
    • 2011-04-25
    • 2016-05-27
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多