問題描述

在使用 CakePHP 2 一段時間后，我開始使用 CakePHP 3，但在創建身份驗證登錄時遇到了麻煩.

新的身份驗證函數 $this->Auth->identify() 總是返回 false.

在數據庫上，密碼加密完美，查詢誰帶用戶也可以.

我的代碼:

應用控制器:

<代碼>[...]類 AppController 擴展控制器{公共函數初始化(){$this->loadComponent('Flash');$this->loadComponent('Auth', ['登錄重定向' =>['控制器' =>'行政'，'動作' =>'指數'],'注銷重定向' =>['控制器' =>'頁面','動作' =>'展示']]);}公共函數 beforeFilter(Event $event){$this->Auth->allow(['display']);}}

用戶控制器:

<代碼>[...]類 UsersController 擴展了 AppController{公共函數 beforeFilter(Event $event){parent::beforeFilter($event);$this->Auth->allow(['logout']);}[...]公共函數登錄(){如果 ($this->request->is('post')) {$user = $this->Auth->identify();如果($用戶){$this->Auth->setUser($user);返回 $this->redirect($this->Auth->redirectUrl());}$this->Flash->error(__('用戶名或密碼無效，再試一次'));}}[...]

用戶(模型實體):

hash($password);}}

查看:

<?= $this->Flash->render('auth') ?><?= $this->Form->create() ?><字段集><legend><?= __('請輸入您的用戶名和密碼') ?></legend><?= $this->Form->input('username') ?><?= $this->Form->input('password') ?></fieldset><?= $this->Form->button(__('Login'));?><?= $this->Form->end() ?>

CakePHP3 默認使用與 2 不同的哈希算法(bcrypt vs. SHA1)，因此您需要使密碼長度更長.將您的密碼字段更改為 VARCHAR(255) 以確保安全.

當 CakePHP 3 嘗試從 this->Auth->identify() 與數據庫中的散列密碼識別內存中的散列密碼時，它永遠不會匹配，因為缺少某些字符.更改為 255 是不必要的，但如果將來使用更安全的散列，則可以幫助將來證明.建議使用 255，因為字符數可以存儲在一個字節中.

I started using CakePHP 3 after a time using CakePHP 2 and I am having troubles to create the authentication login.

The new auth function $this->Auth->identify() always return false.

On the database, the password are encrypted perfect and the query who takes the user it's ok too.

My code:

AppController:

[...]
class AppController extends Controller{
    public function initialize(){
        $this->loadComponent('Flash');
        $this->loadComponent('Auth', [
            'loginRedirect' => [
                'controller' => 'Admin',
                'action' => 'index'
            ],
            'logoutRedirect' => [
                'controller' => 'Pages',
                'action' => 'display'
            ]
        ]);
    }

    public function beforeFilter(Event $event)
    {
        $this->Auth->allow(['display']);
    }
}

UserController:

[...]
class UsersController extends AppController{
    public function beforeFilter(Event $event)
    {
    parent::beforeFilter($event);
    $this->Auth->allow(['logout']);
    }
[...]
    public function login()
    {
        if ($this->request->is('post')) {
            $user = $this->Auth->identify();
            if ($user) {
                $this->Auth->setUser($user);
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again'));
        }
    }
[...]

User (Model Entity):

<?php
namespace AppModelEntity;

use CakeAuthDefaultPasswordHasher;
use CakeORMEntity;

class User extends Entity{
    protected $_accessible = [*];
    protected function _setPassword($password){
        return (new DefaultPasswordHasher)->hash($password);
    }
}

View:

<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
    <fieldset>
        <legend><?= __('Please enter your username and password') ?></legend>
        <?= $this->Form->input('username') ?>
        <?= $this->Form->input('password') ?>
    </fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>

CakePHP3 uses a different hashing algorithm by default than 2 (bcrypt vs. SHA1), so you need to make your password length longer. Change your password field to VARCHAR(255) to be safe.

When CakePHP 3 tries to identify your in-memory hashed password from this->Auth->identify() vs. the hashed password in the database, it will never match because some characters are missing. Changing to 255 is more than needed, but can help future proof if an even more secure hash is used in the future. 255 is recommended because the the character count can be stored in one byte.

這篇關于在 CakePHP 3 上登錄 [ Auth->identify() ] 始終為 false的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！