问题描述
以下代码无法对用户的密码进行哈希,并将密码以明文形式存储在数据库中。更改密码后,我无法登录,因为密码需要在哈希。
以下代码在我的模型中。
'password_confirm'=& '=> array(
'rule'=> array('password_match','password',true),
'message'=>'密码不匹配',
'required'=> true,
),
'notempty'=> array(
'rule'=> array('notempty'),
'message' =&';'Confirm password is empty',
'allowEmpty'=> false,
'required'=> true)
),
' '=> array(
'notempty'=> array(
'rule'=> array('notempty'),
'message'=>'Password is empty' ,
'allowEmpty'=> false,
'required'=> true)
)
function password_match($ data,$ password_field,$ hashed = true)
{
$ password = $ this-> data [$ this-> alias] [$ password_field];
$ keys = array_keys($ data);
$ password_confirm = $ hashed?
Security :: hash($ data [$ keys [0]],null,true):
$ data [$ keys [0]];
return $ password === $ password_confirm;
}
以下代码在我的user_controller
function change_password(){
#CURRENTLY NOT WORKING
$ this-> layout =mainLayout;
$ in_user_id = $ id = $ this-> Auth-> user('id');
if($ this-> data){
$ this-> User-> validate ['password_confirm'] ['compare'] ['rule'] =
array('password_match','password',false);
$ this-> User-> set($ this-> data);
$ this-> User-> useValidationRules('ChangePassword');
if($ this-> User-> validates()){
$ this-> data ['User'] ['id'] = $ in_user_id;
$ this-> User-> save($ this-> data,array('validate'=> false));
}
}
}
您的模型和验证功能只检查密码和confirm_password输入是否匹配。
在验证输入之后,在保存模型之前,需要对密码输入进行哈希运算。像这样:
$ this-> data ['User'] ['Password'] = Security :: hash $ this-> data ['User'] ['Password'],null,true);
the following code is not able to hash the user's password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash.The following code is in my model.
'password_confirm'=>array(
'compare' => array(
'rule' => array('password_match', 'password', true),
'message' => 'Password does not match',
'required' => true,
),
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Confirm password is empty',
'allowEmpty' => false,
'required' => true)
),
'password'=>array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Password is empty',
'allowEmpty' => false,
'required' => true)
)
function password_match($data, $password_field, $hashed = true)
{
$password = $this->data[$this->alias][$password_field];
$keys = array_keys($data);
$password_confirm = $hashed ?
Security::hash($data[$keys[0]], null, true) :
$data[$keys[0]];
return $password === $password_confirm;
}
The following code is in my user_controller
function change_password(){
#CURRENTLY NOT WORKING
$this->layout = "mainLayout";
$in_user_id = $id = $this->Auth->user('id');
if($this->data){
$this->User->validate['password_confirm']['compare']['rule'] =
array('password_match', 'password', false);
$this->User->set($this->data);
$this->User->useValidationRules('ChangePassword');
if($this->User->validates()){
$this->data['User']['id']=$in_user_id;
$this->User->save($this->data,array('validate'=>false));
}
}
}
Your model and validation function are only checking that the password and confirm_password inputs match. At no point does it alter the data to hash the input value.
After you validate your input, and before you save your model, you need to hash the password input. Something like this:
$this->data[ 'User' ][ 'Password' ] = Security::hash( $this->data[ 'User' ][ 'Password' ], null, true );
这篇关于密码不哈希在cakephp的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!