cakephp中身份验证的奇怪异常
我想在成功登录后重定向,如果登录失败。adminsController中的我的代码:cakephp中身份验证的奇怪异常,cakephp,redirect,login,Cakephp,Redirect,Login,我想在成功登录后重定向,如果登录失败。adminsController中的我的代码: class AdminsController extends AppController { var $layout = 'admin'; public function beforeFilter() { parent::beforeFilter(); // $this->Auth->allow('login'); } funct
class AdminsController extends AppController {
var $layout = 'admin';
public function beforeFilter() {
parent::beforeFilter();
// $this->Auth->allow('login');
}
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return FALSE;
}
function login() {
$this->loadModel('Admin');
$this->layout = "admin-login";
// if already logged in check this step
if ($this->Session->check('Auth.User')) {
return $this->redirect(
array('controller' => 'admins', 'action' => 'deshboard'));
}
// after submit login form check this step
if ($this->request->is('post')) {
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array('email' => $this->request->data['Admin']['email'], 'password' => $password)
));
if ($this->isAuthorized($admin)) {
$this->Auth->login($this->request->data['Admin']);
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
;
}
}
}
public function logout() {
// $user = $this->Auth->user();
// $this->Session->destroy();
$this->Session->setFlash('you have successfully logged out');
$this->Auth->logout();
return $this->redirect(array('controller' => 'admins', 'action' => 'login'));
}
function deshboard() {
}
}
AppController.php中的代码
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
),
'userModel' => 'Agent'
)
),
'loginAction' => array(
'controller' => 'admins',
'action' => 'login'
),
'loginRedirect' => array('controller' => 'admins', 'action' => 'deshboard'),
'logoutRedirect' => array('controller' => 'admins', 'action' => 'login'),
'authError' => "You can't acces that page",
'authorize' => 'Controller'
)
);
public function beforeFilter() {
//parent::beforeFilter();
$this->Auth->allow('index');
}
}
当我尝试登录时,它会重定向到if login failed。很好。但当我提供有效的电子邮件和密码并成功登录时,它会重定向到http://localhost/amrajegeachi14/amrajegeachi14/admins/deshboard
。这是错误的,应该是http://localhost/amrajegeachi14/admins/deshboard
当我将isAuthorized()函数更改为以下内容时,我感到惊讶:
function isAuthorized($user) {
if (isset($user['Admin'])) {
if ($user['Admin']['status'] == 'active') {
return TRUE;
}
}
return true;
}
它会在成功登录后重定向。但是在这种情况下,如果用户名和密码不正确,登录就可以了
这个问题扼杀了我的睡眠,让我发疯,我非常失望。我在谷歌搜索了两天,但没有找到合适的解决方案。请帮帮我 问题是您的用户从未登录,因为您没有按照CakePHP的方式对用户进行身份验证。以下是您的代码和注释:
// This should not be here... This should either be in a authentication
// component, or maybe not present at all if you use default authentication.
$password = Security::hash($this->request->data['Admin']['password'], NULL, true);
$admin = $this->Admin->find('first', array(
'conditions' => array(
'email' => $this->request->data['Admin']['email'],
'password' => $password
)
));
// This should not be called manually.
if ($this->isAuthorized($admin)) {
// Your problem is probably here, since you never check the return
// value of the login function.
$this->Auth->login($this->request->data['Admin']);
// You should use $this->Auth->redirectUrl()
return $this->redirect('/admins/deshboard');
} else {
$this->Session->setFlash('Invalid username/password combination OR you are blocked, try again');
return $this->redirect('/admins/login');
}
我确信$this->Auth->login()
调用总是返回false
。登录方法将尝试使用您指定的身份验证组件(或默认组件)对用户进行身份验证
您的密码可能已在数据库中散列,但您没有告诉组件如何对其进行散列,因此它无法验证您的用户…我不知道问题的原因,但您不应该在
登录方法中调用isAuthorized
。实际上,您不应该手动调用isAuthorized
。登录
操作用于验证用户身份,而不是检查其授权。我建议您从阅读开始,了解授权和身份验证之间的区别。另外,请始终提及您使用的确切CakePHP版本,并相应地标记您的问题。我使用的是CakePHP 2.6.9。如果remove isAuthorized(),则会显示:“$controller未实现isAuthorized()方法。”错误非常感谢Holt。还有一个问题。在db中插入数据时,我使用了以下哈希代码。函数hashPassword(){$this->data[$this->alias]['password']=Security::hash($this->data[$this->alias]['password'],NULL,true);}函数beforeSave($options=array()){$this->hashPassword();return true;}那么我如何设置这个哈希方法来验证组件呢。对不起,如果我问得像胡说八道。我是cakephp新手。@AbdusSattarBhuiyan因为你是新手,你应该从阅读文档开始掌握基本知识,这里介绍了所有内容,包括示例。按照你的建议进行了更正,但现在我遇到了以下错误:$controller未实现isAuthorized()方法