CakePhp 2.6.3 Auth 组件不工作。接受任何 userID/password 组合
CakePhp 2.6.3 Auth component not working. Accepting any userID/password combination
我一直在尝试让我的网站的 cakephp 2.6.3 授权组件工作一个星期。
我面临的问题是,每当我输入任何虚假用户 ID/password 组合时,登录功能 returns 为真。我已经阅读了所有可以阅读和观看的教程,但我似乎无法让它工作。
我刚开始使用 Cake,非常感谢您的帮助。提前致谢。
下面是我的appController。
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'Authenticate' => array(
'Form' => array(
'fields' => array('username' => 'student_id', 'password' => 'password')
)
)
)
);
public function isAuthorized($user){
return true;
}
public function beforeFilter(){
$this->Auth->allow('login');
}
}
用户控制器:
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->redirect($this->Auth->redirectUrl());
}
else{
$this->Session->setFlash('Invalid User ID or password');
}
}
}
用户型号:
class User extends AppModel{
public $name = 'User';
public $validate = array(
'student_id' => array(
'Please enter your User ID' => array(
'rule' => 'notEmpty',
'message' => 'Please enter your User ID.'
)
),
'first_name' => array(
'Enter First Name' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter first name.')),
'last_name' => array(
'Enter Last Name' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter last name.')),
'email' => array(
'Valid email' => array(
'rule' => array ('email'),
'Message' => 'Please enter a valid email.')),
'password' => array(
'Not empty' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter your password.'),
'Match passwords' => array(
'rule' => 'matchPasswords',
'Message' => 'Your passwords donot match')),
'password_confirmation' => array(
'Not empty' => array(
'rule' => 'notEmpty',
'Message' => 'Please confirm your password.'))
);
public function matchPasswords($data){
if($data['password'] == $this->data['User']['password_confirmation']){
return true;
}
$this->invalidate('password_confirmation', 'Your passwords do not match');
return false;
}
public function beforeSave($options = array()){
if(isset($this->data['User']['password'])){
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
}
return true;
}
}
这里的答案很好:
Cake PHP 2.4.x. AuthComponent login() always return true;
从您的 beforeFilter()
方法中删除 $this->Auth->allow('login');
。
我一直在尝试让我的网站的 cakephp 2.6.3 授权组件工作一个星期。
我面临的问题是,每当我输入任何虚假用户 ID/password 组合时,登录功能 returns 为真。我已经阅读了所有可以阅读和观看的教程,但我似乎无法让它工作。
我刚开始使用 Cake,非常感谢您的帮助。提前致谢。
下面是我的appController。
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'Authenticate' => array(
'Form' => array(
'fields' => array('username' => 'student_id', 'password' => 'password')
)
)
)
);
public function isAuthorized($user){
return true;
}
public function beforeFilter(){
$this->Auth->allow('login');
}
}
用户控制器:
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->redirect($this->Auth->redirectUrl());
}
else{
$this->Session->setFlash('Invalid User ID or password');
}
}
}
用户型号:
class User extends AppModel{
public $name = 'User';
public $validate = array(
'student_id' => array(
'Please enter your User ID' => array(
'rule' => 'notEmpty',
'message' => 'Please enter your User ID.'
)
),
'first_name' => array(
'Enter First Name' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter first name.')),
'last_name' => array(
'Enter Last Name' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter last name.')),
'email' => array(
'Valid email' => array(
'rule' => array ('email'),
'Message' => 'Please enter a valid email.')),
'password' => array(
'Not empty' => array(
'rule' => 'notEmpty',
'Message' => 'Please enter your password.'),
'Match passwords' => array(
'rule' => 'matchPasswords',
'Message' => 'Your passwords donot match')),
'password_confirmation' => array(
'Not empty' => array(
'rule' => 'notEmpty',
'Message' => 'Please confirm your password.'))
);
public function matchPasswords($data){
if($data['password'] == $this->data['User']['password_confirmation']){
return true;
}
$this->invalidate('password_confirmation', 'Your passwords do not match');
return false;
}
public function beforeSave($options = array()){
if(isset($this->data['User']['password'])){
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
}
return true;
}
}
这里的答案很好: Cake PHP 2.4.x. AuthComponent login() always return true;
从您的 beforeFilter()
方法中删除 $this->Auth->allow('login');
。