发表新帖
发表新帖

Is there a better way to change user password in cakephp using Auth?

后端 未结
关注
4 1156
傲寒
傲寒 2020-12-13 01:25

I am learning cakephp by myself. I tried to create a user controller with a changepassword function. It works, but I am not sure if this is the best way, and I could not goo

相关标签:
4条回答
  • 刺人心
    2020-12-13 01:32

    I see that you validate and manipulate data in the controller. Doing this in a model is generally a better practice. I implemented similar functionality just a few days ago. My change_password() method looks somewhat like this:

    # app/controllers/users_controller.php
function change_password() {
    if (!empty($this->data)) {
        if ($this->User->save($this->data)) {
            $this->Session->setFlash('Password has been changed.');
            // call $this->redirect() here
        } else {
            $this->Session->setFlash('Password could not be changed.');
        }
    } else {
        $this->data = $this->User->findById($this->Auth->user('id'));
    }
}

    And here's a stripped down version of the view used with that method: 

    # app/views/users/change_password.ctp
echo $this->Form->create('User');
echo $this->Form->input('id');
echo $this->Form->input('current_password');
echo $this->Form->input('password1');
echo $this->Form->input('password2');
echo $this->Form->end('Submit');

    The code that does something interesting is in the model. I added the fields from the form to the validate property and wrote custom validation methods. This allows me to use password1 and password2 fields in any other place in the application, for example, on the registration form. 

    # app/models/user.php
var $validate = array(
    'current_password' => array(
        'rule' => 'checkCurrentPassword',
        'message' => '...'
    ),
    'password1' => array(
        'rule' => 'checkPasswordStrength',
        'message' => '...',
    ),
    'password2' => array(
        'rule' => 'passwordsMatch',
        'message' => '...',
    )
);

    Finally, in the beforeSave() callback of the model I set password to the hash of password1 to prepare the data to be stored it in the database.

    0 讨论(0)
  • 北海茫月
    2020-12-13 01:33

    You can use the latest version of the cakeDC plugin. This plugin gives you all functionality of all functions related to login, logout, reset password, change password, etc. You can find the latest version here.

    0 讨论(0)
  • 长发绾君心
    2020-12-13 01:36

    You can simply use the:-

    Step1) 

    $password = $this->Auth->password($this->data['User']['password']); // It will generate the hashed password using the cakephp's Auth component.

    Step2) 

    if($this->User->update(array('User.password'=>$password), array('User.id'=>$this->Auth->User('id')))) {
     echo $this->Session->setFlash('Password changed successfully.', 'default',   
     array('class'=>'successMsg'));
}
    0 讨论(0)
  • 谎友^
    2020-12-13 01:54

    The solution provided by Mike is great, but he left out the "checkCurrentPassword" function. Here is an example of that function you can place in your Model:

    # app/models/user.php
public function checkCurrentPassword($data) {
    $this->id = AuthComponent::user('id');
    $password = $this->field('password');
    return(AuthComponent::password($data['current_password']) == $password);
}

    This solution gets the current user ID from the Auth component and changes the model to point to that particular user. Then it compares the hash of the current_password entered on the form with the hashed password stored for that user.

    Also, here is the beforeSave function you can use to hash the new password:

    # app/models/user.php
public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password1'])) {
        $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password1']);
    }       
    return true;
}
    0 讨论(0)
 看不清?
提交回复
热议问题