CakePhp 2.6.3 Auth 组件不工作。接受任何用户 ID/密码组合


CakePhp 2.6.3 Auth component not working. Accepting any userID/password combination

我一直在尝试让我的网站使用 cakephp 2.6.3 auth 组件来工作一周。

面临的问题是,当我输入任何伪造的用户 ID/密码组合时,登录函数都会返回 true。我已经阅读了所有可以阅读和观看的教程,但我似乎无法让它工作。

我是使用 Cake 的新手,非常感谢您的帮助。提前致谢。

下面是我的 appController。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
    'loginAction' => array('controller' => 'users', 'action' => 'login'),
    'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
    'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),

    'Authenticate' => array(
        'Form' => array(
            'fields' => array('username' => 'student_id', 'password' => 'password')
         )
    )

    )
);


public function isAuthorized($user){
return true;
}

public function beforeFilter(){
    $this->Auth->allow('login');




    }

}

用户控制器:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
public function login(){

        if($this->request->is('post')){
            if($this->Auth->login()){

                $this->redirect($this->Auth->redirectUrl());  
            }

            else{

               $this->Session->setFlash('Invalid User ID or password');
            }
        }
}

用户型号:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
class User extends AppModel{
public $name = 'User';

public $validate = array(
'student_id' => array(
'Please enter your User ID' => array(
'rule' => 'notEmpty',
'message' => 'Please enter your User ID.'
)
),
    'first_name' => array(
    'Enter First Name' => array(
    'rule' => 'notEmpty',
    'Message' => 'Please enter first name.')),

    'last_name' => array(
    'Enter Last Name' => array(
    'rule' => 'notEmpty',
    'Message' => 'Please enter last name.')),

    'email' => array(
    'Valid email' => array(
    'rule' => array ('email'),
    'Message' => 'Please enter a valid email.')),

    'password' => array(
    'Not empty' => array(
    'rule' => 'notEmpty',
    'Message' => 'Please enter your password.'),

    'Match passwords' => array(
    'rule' => 'matchPasswords',
    'Message' => 'Your passwords donot match')),

    'password_confirmation' => array(
    'Not empty' => array(
    'rule' => 'notEmpty',
    'Message' => 'Please confirm your password.'))



);

public function matchPasswords($data){

if($data['password'] == $this->data['User']['password_confirmation']){
return true;
}
$this->invalidate('password_confirmation', 'Your passwords do not match');
    return false;
}


public function beforeSave($options = array()){
if(isset($this->data['User']['password'])){
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
}
return true;
}

}

从你的 beforeFilter() 方法中去掉 $this->Auth->allow('login');

这里的答案很好:
蛋糕 PHP 2.4.x。 AuthComponent login() 总是返回 true;

还请阅读:
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in

相关讨论