[英]Cant login user with hash password previously created with signup query
[英]cakephp would not hash password while login but only in signup
我正在使用CakePHP 3.5。 我正在尝试创建一个简单的登录名,但是有问题:
UserController.php
public function login(){
if($this->request->is('post')){
// $data = $this->request->getData();
//pr($data);
$user = $this->Auth->identify();
if($user){
$this->Flash->success('Successful login');
$this->Auth->setUser($user);
return $this->redirect(['action' => 'index']);
}else{
$this->Flash->error(__('Please, try again.'));
}
}
}
<?php
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
/**
* UsersTable Entity
*
* @property int $id
* @property string $username
* @property string $email
* @property string $password
*/
class UsersTable extends Entity
{
/**
* Fields that can be mass assigned using newEntity() or patchEntity().
*
* Note that when '*' is set to true, this allows all unspecified fields to
* be mass assigned. For security purposes, it is advised to set '*' to false
* (or remove it), and explicitly make individual fields accessible as needed.
*
* @var array
*/
protected $_accessible = [
'username' => true,
'email' => true,
'password' => true
];
/**
* Fields that are excluded from JSON versions of the entity.
*
* @var array
*/
protected $_hidden = [
'password'
];
protected function _setPassword($password){
return(new DefaultPasswordHasher)->hash($password);
}
}
login.ctp
<?= $this->Form->create();?>
<?= $this->Form->control('email'); ?>
<?= $this->Form->control('password'); ?>
<?= $this->Form->button('login');?>
<?= $this->Form->end(); ?>
AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'enableBeforeRedirect' => false,
]);
$this->loadComponent('Flash');
$this->loadComponent('Auth',[
'authenticate' =>[
'Form' => [
'fields' => [
'username' =>'email',
'password' =>'password'
]
]
],
'loginAction' => [
'controller' =>'UsersTable',
'action' =>'login'
]
]);
https://book.cakephp.org/3.0/en/controllers/components/authentication.html
_setPassword
函数仅在您添加或编辑表中的实体时起作用。
由于您是在用户实体中添加_setPassword之前添加了user1的,因此未对它进行哈希处理。
另外,登录时它不会对user1进行哈希处理,因为表中的用户实体没有任何变化。
如果要散列user1,只需在管理面板中对其进行编辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.