CakePhp 2.6.3 Auth component not working. Accepting any userID/password combination
我一直在尝试让我的网站使用 cakephp 2.6.3 auth 组件来工作一周。
面临的问题是,当我输入任何伪造的用户 ID/密码组合时,登录函数都会返回 true。我已经阅读了所有可以阅读和观看的教程,但我似乎无法让它工作。
我是使用 Cake 的新手,非常感谢您的帮助。提前致谢。
下面是我的 appController。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | class AppController extends Controller { public $components = array( 'DebugKit.Toolbar', 'Session', 'Auth' => array( 'loginAction' => array('controller' => 'users', 'action' => 'login'), 'loginRedirect' => array('controller' => 'users', 'action' => 'index'), 'logoutRedirect' => array('controller' => 'users', 'action' => 'login'), 'Authenticate' => array( 'Form' => array( 'fields' => array('username' => 'student_id', 'password' => 'password') ) ) ) ); public function isAuthorized($user){ return true; } public function beforeFilter(){ $this->Auth->allow('login'); } } |
用户控制器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | public function login(){ if($this->request->is('post')){ if($this->Auth->login()){ $this->redirect($this->Auth->redirectUrl()); } else{ $this->Session->setFlash('Invalid User ID or password'); } } } |
用户型号:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | class User extends AppModel{ public $name = 'User'; public $validate = array( 'student_id' => array( 'Please enter your User ID' => array( 'rule' => 'notEmpty', 'message' => 'Please enter your User ID.' ) ), 'first_name' => array( 'Enter First Name' => array( 'rule' => 'notEmpty', 'Message' => 'Please enter first name.')), 'last_name' => array( 'Enter Last Name' => array( 'rule' => 'notEmpty', 'Message' => 'Please enter last name.')), 'email' => array( 'Valid email' => array( 'rule' => array ('email'), 'Message' => 'Please enter a valid email.')), 'password' => array( 'Not empty' => array( 'rule' => 'notEmpty', 'Message' => 'Please enter your password.'), 'Match passwords' => array( 'rule' => 'matchPasswords', 'Message' => 'Your passwords donot match')), 'password_confirmation' => array( 'Not empty' => array( 'rule' => 'notEmpty', 'Message' => 'Please confirm your password.')) ); public function matchPasswords($data){ if($data['password'] == $this->data['User']['password_confirmation']){ return true; } $this->invalidate('password_confirmation', 'Your passwords do not match'); return false; } public function beforeSave($options = array()){ if(isset($this->data['User']['password'])){ $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']); } return true; } } |
从你的
这里的答案很好:
蛋糕 PHP 2.4.x。 AuthComponent login() 总是返回 true;
还请阅读:
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in