cakephp 中身份验证的奇怪异常
Weird exception with authentication in cakephp
如果登录失败,我想重定向 http://localhost/amrajegeachi14/admins/deshboard after successful login and http://localhost/amrajegeachi14/admins/login。我在 adminsController 中的代码:
class AdminsController extends AppController {
var $layout = 'admin';
public function beforeFilter() {
parent::beforeFilter();
// $this->Auth->allow('login');
}
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return FALSE;
}
function login() {
$this->loadModel('Admin');
$this->layout = "admin-login";
// if already logged in check this step
if ($this->Session->check('Auth.User')) {
return $this->redirect(
array('controller' => 'admins', 'action' => 'deshboard'));
}
// after submit login form check this step
if ($this->request->is('post')) {
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array('email' => $this->request->data['Admin']['email'], 'password' => $password)
));
if ($this->isAuthorized($admin)) {
$this->Auth->login($this->request->data['Admin']);
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
;
}
}
}
public function logout() {
// $user = $this->Auth->user();
// $this->Session->destroy();
$this->Session->setFlash('you have successfully logged out');
$this->Auth->logout();
return $this->redirect(array('controller' => 'admins', 'action' => 'login'));
}
function deshboard() {
}
}
内部代码AppController.php
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
),
'userModel' => 'Agent'
)
),
'loginAction' => array(
'controller' => 'admins',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'admins', 'action' => 'deshboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'login'),
'authError' => "You can't acces that page",
'authorize' => 'Controller'
)
);
public function beforeFilter() {
//parent::beforeFilter();
$this->Auth->allow('index');
}
}
当我尝试登录时,如果登录失败,它会重定向到 http://localhost/amrajegeachi14/admins/login。没关系。但是当我提供有效的电子邮件和密码并成功登录时,它会重定向到 http://localhost/amrajegeachi14/amrajegeachi14/admins/deshboard。错了应该是http://localhost/amrajegeachi14/admins/deshboard
当我按如下方式更改 isAuthorized() 函数时,我很惊讶:
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return true;
}
它重定向 http://localhost/amrajegeachi14/admins/deshboard 成功登录。但是在这种情况下,使用错误的用户名和密码登录是可以的。
这个问题让我无法入睡,让我发疯,我非常失望。我搜索了 google 两天,但没有合适的解决方案。请帮我。
问题是您的用户从未登录,因为您没有遵循 CakePHP 的用户身份验证方式。这是带有注释的代码:
// This should not be here... This should either be in a authentication
// component, or maybe not present at all if you use default authentication.
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array(
'email' => $this->request->data['Admin']['email'],
'password' => $password
)
));
// This should not be called manually.
if ($this->isAuthorized($admin)) {
// Your problem is probably here, since you never check the return
// value of the login function.
$this->Auth->login($this->request->data['Admin']);
// You should use $this->Auth->redirectUrl()
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
}
我很确定 $this->Auth->login () 调用总是 return false。登录方法将尝试使用您指定的身份验证组件(或默认组件)对用户进行身份验证。
您的密码可能在您的数据库中经过哈希处理,但您没有告诉组件如何对其进行哈希处理,因此它无法验证您的用户...
如果登录失败,我想重定向 http://localhost/amrajegeachi14/admins/deshboard after successful login and http://localhost/amrajegeachi14/admins/login。我在 adminsController 中的代码:
class AdminsController extends AppController {
var $layout = 'admin';
public function beforeFilter() {
parent::beforeFilter();
// $this->Auth->allow('login');
}
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return FALSE;
}
function login() {
$this->loadModel('Admin');
$this->layout = "admin-login";
// if already logged in check this step
if ($this->Session->check('Auth.User')) {
return $this->redirect(
array('controller' => 'admins', 'action' => 'deshboard'));
}
// after submit login form check this step
if ($this->request->is('post')) {
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array('email' => $this->request->data['Admin']['email'], 'password' => $password)
));
if ($this->isAuthorized($admin)) {
$this->Auth->login($this->request->data['Admin']);
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
;
}
}
}
public function logout() {
// $user = $this->Auth->user();
// $this->Session->destroy();
$this->Session->setFlash('you have successfully logged out');
$this->Auth->logout();
return $this->redirect(array('controller' => 'admins', 'action' => 'login'));
}
function deshboard() {
}
}
内部代码AppController.php
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
),
'userModel' => 'Agent'
)
),
'loginAction' => array(
'controller' => 'admins',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'admins', 'action' => 'deshboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'login'),
'authError' => "You can't acces that page",
'authorize' => 'Controller'
)
);
public function beforeFilter() {
//parent::beforeFilter();
$this->Auth->allow('index');
}
}
当我尝试登录时,如果登录失败,它会重定向到 http://localhost/amrajegeachi14/admins/login。没关系。但是当我提供有效的电子邮件和密码并成功登录时,它会重定向到 http://localhost/amrajegeachi14/amrajegeachi14/admins/deshboard。错了应该是http://localhost/amrajegeachi14/admins/deshboard
当我按如下方式更改 isAuthorized() 函数时,我很惊讶:
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return true;
}
它重定向 http://localhost/amrajegeachi14/admins/deshboard 成功登录。但是在这种情况下,使用错误的用户名和密码登录是可以的。
这个问题让我无法入睡,让我发疯,我非常失望。我搜索了 google 两天,但没有合适的解决方案。请帮我。
问题是您的用户从未登录,因为您没有遵循 CakePHP 的用户身份验证方式。这是带有注释的代码:
// This should not be here... This should either be in a authentication
// component, or maybe not present at all if you use default authentication.
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array(
'email' => $this->request->data['Admin']['email'],
'password' => $password
)
));
// This should not be called manually.
if ($this->isAuthorized($admin)) {
// Your problem is probably here, since you never check the return
// value of the login function.
$this->Auth->login($this->request->data['Admin']);
// You should use $this->Auth->redirectUrl()
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
}
我很确定 $this->Auth->login () 调用总是 return false。登录方法将尝试使用您指定的身份验证组件(或默认组件)对用户进行身份验证。
您的密码可能在您的数据库中经过哈希处理,但您没有告诉组件如何对其进行哈希处理,因此它无法验证您的用户...