在 CakePHP 3 上登录 [ Auth->identify() ] 始终为 false
- 作者: 海贼主
- 来源: 51数据库
- 2023-02-02
问题描述
在使用 CakePHP 2 一段时间后,我开始使用 CakePHP 3,但在创建身份验证登录时遇到了麻烦.
新的身份验证函数 $this->Auth->identify() 总是返回 false.
在数据库上,密码加密完美,查询谁带用户也可以.
我的代码:
应用控制器:
<代码>[...]类 AppController 扩展控制器{公共函数初始化(){$this->loadComponent('Flash');$this->loadComponent('Auth', ['登录重定向' =>['控制器' =>'行政','动作' =>'指数'],'注销重定向' =>['控制器' =>'页面','动作' =>'展示']]);}公共函数 beforeFilter(Event $event){$this->Auth->allow(['display']);}}用户控制器:
<代码>[...]类 UsersController 扩展了 AppController{公共函数 beforeFilter(Event $event){parent::beforeFilter($event);$this->Auth->allow(['logout']);}[...]公共函数登录(){如果 ($this->request->is('post')) {$user = $this->Auth->identify();如果($用户){$this->Auth->setUser($user);返回 $this->redirect($this->Auth->redirectUrl());}$this->Flash->error(__('用户名或密码无效,再试一次'));}}[...]用户(模型实体):
hash($password);}}
查看:
<?= $this->Flash->render('auth') ?><?= $this->Form->create() ?><字段集><legend><?= __('请输入您的用户名和密码') ?></legend><?= $this->Form->input('username') ?><?= $this->Form->input('password') ?></fieldset><?= $this->Form->button(__('Login'));?><?= $this->Form->end() ?>
CakePHP3 默认使用与 2 不同的哈希算法(bcrypt vs. SHA1),因此您需要使密码长度更长.将您的密码字段更改为 VARCHAR(255) 以确保安全.
当 CakePHP 3 尝试从 this->Auth->identify() 与数据库中的散列密码识别内存中的散列密码时,它永远不会匹配,因为缺少某些字符.更改为 255 是不必要的,但如果将来使用更安全的散列,则可以帮助将来证明.建议使用 255,因为字符数可以存储在一个字节中.
I started using CakePHP 3 after a time using CakePHP 2 and I am having troubles to create the authentication login.
The new auth function $this->Auth->identify() always return false.
On the database, the password are encrypted perfect and the query who takes the user it's ok too.
My code:
AppController:
[...]
class AppController extends Controller{
public function initialize(){
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => '*****',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display'
]
]);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['display']);
}
}
UserController:
[...]
class UsersController extends AppController{
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['logout']);
}
[...]
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again'));
}
}
[...]
User (Model Entity):
<?php
namespace AppModelEntity;
use CakeAuthDefaultPasswordHasher;
use CakeORMEntity;
class User extends Entity{
protected $_accessible = [*];
protected function _setPassword($password){
return (new DefaultPasswordHasher)->hash($password);
}
}
View:
<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your username and password') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
</fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>
CakePHP3 uses a different hashing algorithm by default than 2 (bcrypt vs. SHA1), so you need to make your password length longer. Change your password field to VARCHAR(255) to be safe.
When CakePHP 3 tries to identify your in-memory hashed password from this->Auth->identify() vs. the hashed password in the database, it will never match because some characters are missing. Changing to 255 is more than needed, but can help future proof if an even more secure hash is used in the future. 255 is recommended because the the character count can be stored in one byte.
