CakePHP身份验证:无效的盐/无效的用户名或密码?
[英]CakePHP authentication: Invalid salt / invalid username or password?
问题描述
I'm going through the CakePHP tutorial and trying to test basic login functionality. 
我正在阅读CakePHP教程,并尝试测试基本的登录功能。 I'm making slight tweaks along the way to match how my database needs to look (email and token instead of username and password as columns in the users table), I believe that I have messed something up when it comes to using Blowfish hashing. 我一直在进行一些细微调整,以匹配数据库的外观(在用户表中以电子邮件和令牌代替用户名和密码作为用户表中的列),我认为在使用Blowfish哈希处理时我已经搞砸了。 Can someone take a look and see if anything apparent pops out? 有人可以看看是否有明显的东西冒出来吗? Right now I can add new users, but their password in the database look to be plaintext. 现在,我可以添加新用户,但是他们在数据库中的密码看起来是纯文本的。 The token column is of type VARCHAR(75), is that enough space for Blowfish to work? token列的类型为VARCHAR(75),是否有足够的空间供Blowfish使用?
I'm getting the error: 我收到错误消息:
**Warning (512): Invalid salt: pass for blowfish ** **警告(512):无效盐:河豚通过**
and then "Invalid username or password," when putting in a correct user/pass combo. 然后输入正确的用户/密码组合,然后输入“无效的用户名或密码”。 When I put in incorrect credentials I only get the invalid user/pass error, so it looks like it is still getting through somewhere along the line. 当我输入不正确的凭据时,我只会收到无效的用户/密码错误,因此看起来它仍在沿线通过。
app/Model/User.php app / Model / User.php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public $validate = array(
'email' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'An email is required'
)
),
'token' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
)
),
'group' => array(
'valid' => array(
'rule' => array('inList', array('user', 'admin', 'manager')),
'message' => 'Please enter a valid group role',
'allowEmpty' => false
)
)
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['token'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['token'] = $passwordHasher->hash(
$this->data[$this->alias]['token']
);
}
return true;
}
}
app/Controller/AppController.php app / Controller / AppController.php
class AppController extends Controller {
//...
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'posts',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'display',
'home'
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish',
'fields' => array('username' => 'email', 'password' => 'token')
)
)
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
//...
}
add.ctp add.ctp
<div class="users form">
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Add User'); ?></legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('token');
echo $this->Form->input('group', array(
'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>
login.ctp login.ctp
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password'); ?>
</legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('token');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
1 个解决方案
解决方案1
1 已采纳 2015-07-19 22:20:21
Check the blowfish salt to make sure it has the correct number of characters, and use the add / edit form to set the password initally. 检查河豚盐以确保其具有正确的字符数,然后使用添加/编辑表单来初始设置密码。
You should also set the token length in the db to 256 chars 您还应该将数据库中的令牌长度设置为256个字符
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.