问题
Hi I am using cakePHP version 2.3.6, ive been trying to create a registration and login, however when i login with a registered username and password it keeps on saying wrong username or password and also I im using email for username. Please help me out thanks.
AppController
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages''action' =>'display', 'home')
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
}
View Login
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Please enter your username and password'); ?></legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
UserController
<?php
class usersController extends AppController
{
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add','login','logout');
}
var $name = 'Users';
public function view($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('user', $this->User->read(null, $id));
}
public function add()
{
if (!empty($this ->data))
{
$this->User->create();
if ($this->User->save($this->data))
{
$this->Session->setFlash('Thank you for registering');
$this->redirect(array('action'=>'index'));
}
}
}
function index()
{
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login())
{
$this->redirect($this->Auth->redirectUrl());
}
else
{
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
**UserModel**
App::uses('AuthComponent','Controller/Component');
class User extends AppModel
{
var $name = 'User';
public $validate = array(
'email' => array(
'valid' => array(
'rule' => 'email',
'message' => 'Please enter an email address for username',
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'This username has already been taken',
),
'eValid' => array(
'required' => true,
'rule' => array('notEmpty'),
'message' => 'Please enter a username'
)
),
'password' => array(
'pValid' => array(
'required' => true,
'rule' => array('notEmpty'),
'message' => 'Please enter a valid password'
),
'minPword' => array(
'rule' => array('minLength', 8),
'message' => 'Please enter a password that is minimum 8 characters'
)
),
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this- >data[$this->alias]['password']);
}
return true;
}
}
回答1:
The CakePHP's Auth Component works by default with the "username" and "password" fields. First, you have to tell the Auth Component to use the "email" field instead of the "username" one.
'Auth' => array
(
'authenticate' => array
(
'Form' => array
(
'fields' => array('username' => 'email', 'password' => 'password')
)
),
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' =>'display', 'home')
)
I suggest you to activate the isAuthorized check for having a complete control over your authorization policies (http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authorization-objects). Remember that you can even set a custom password hash method for increasing security.
Happy coding!
EDIT
There were multiple issues in your sources: first of all, the password field in your dump was too short for the password hash... in the CookBook's tutorial you will see that the password field is a VARCHAR(50) instead of your VARCHAR(30).
Second, CakePHP's a "convention over configuration" framework, so always remember to follow the cookbook instructions. Controller's name must be CamelCased, so usersController must be UsersController and so on: this will help you avoiding the use of the
$name = 'Users';
statement. Dry controllers & less instructions mean less headaches ;) And respect the conventions for the folder's name too!
Third, in your SQL dump there were a lot of multiple records for your email. This means that even solving the field's problem you could have found more issues in your login policies. Fortunately, you patched this after some test with the Model validation... for solving this issue, just empty your User table and give it a try.
Fourth, a security improvement: in the source code I've sent you on email, I've added this
Security::setHash('sha256');
on top of your login() and add() functions. This will provide a stronger hash for your password, combined with your application's salt. Always declare this in the required functions (that means, where your save or edit the User's table password field). Keep in mind that this requires an edit to your User Table's password field: alter it to VARCHAR(64) or higher (in fact, SHA256 returns a 64 chars string).
That's all, I really hope you'll enjoy CakePHP.
Again... Happy Coding!
来源:https://stackoverflow.com/questions/18816111/cakephp-email-login-auth