Php Yii:用户身份验证不工作
所以我试着用Yii登录一个应用程序,它似乎在验证或我的站点控制器的登录功能时停止。它从不登录,也从不做任何有用的事情。没有显示任何内容,没有错误,nada zip 我的发言如下: 用户标识类:Php Yii:用户身份验证不工作,php,yii,Php,Yii,所以我试着用Yii登录一个应用程序,它似乎在验证或我的站点控制器的登录功能时停止。它从不登录,也从不做任何有用的事情。没有显示任何内容,没有错误,nada zip 我的发言如下: 用户标识类: class UserIdentity extends CUserIdentity public function authenticate() { $user = User::model()->findByAttributes(array('username'=>$this
class UserIdentity extends CUserIdentity
public function authenticate()
{
$user = User::model()->findByAttributes(array('username'=>$this->username));
$saltedPW = ""; // null string for salted PW
if ($user===null) { // No user found!
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
if ($user!==null){
// salt the user password string then hash
// incase $user pw is not a salted hash, rather a password string
$saltedPW = md5(Yii::app()->params["salt"] . $user->password);
//testing the password
if (($user->password !== $this->password) ||
($saltedPW !== $this->password))
{
$this->errorCode=self::ERROR_PASSWORD_INVALID;
}
else
{
$this->errorCode=self::ERROR_NONE;
}
}
return !$this->errorCode;
}
public function actionLogin()
{
$model=new LoginForm;
// if it is ajax validation request
if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if(isset($_POST['LoginForm']))
{
$model->attributes=$_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
{
$this->redirect(Yii::app()->user->returnUrl);
}
else
{
$this->render('login',array('model'=>$model));
}
}
// display the login form
$this->render('login',array('model'=>$model));
}
class LoginForm extends CFormModel
{
public $username;
public $password;
public $rememberMe;
private $_identity;
/**
* Declares the validation rules.
* The rules state that username and password are required,
* and password needs to be authenticated.
*/
public function rules()
{
return array(
// username and password are required
array('username, password', 'required'),
// rememberMe needs to be a boolean
array('rememberMe', 'boolean'),
// password needs to be authenticated
array('password', 'authenticate'),
);
}
/**
* Declares attribute labels.
*/
public function attributeLabels()
{
return array(
'rememberMe'=>'Remember me next time',
);
}
/**
* Authenticates the password.
* This is the 'authenticate' validator as declared in rules().
*/
public function authenticate($attribute,$params)
{
if(!$this->hasErrors())
{
$this->_identity=new UserIdentity($this->username,$this->password);
if(!$this->_identity->authenticate())
$this->addError('password','Incorrect username or password.');
}
}
/**
* Logs in the user using the given username and password in the model.
* @return boolean whether login is successful
*/
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
Yii::app()->user->login($this->_identity,$duration);
return true;
}
else
return false;
}
}
我刚刚用这个类替换了UserIdentity类及其工作原理 受保护的/components/UserIdentity.php
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity {
/**
* Id for current user.
* @var type
*/
private $_id;
/**
* Email address variable.
* @var type
*/
public $email;
/**
* Custom error indicators.
*/
const ERROR_EMAIL_INVALID = 3;
const ERROR_ACCOUNT_INACTIVE = 4;
/**
* Over-ride the parent constructor and uses email for auth.
* @param type $email
* @param type $password
*/
public function __construct($email, $password) {
$this->email = $email;
$this->username = $email;
$this->password = $password;
}
public function authenticate() {
// we need to filter on email only
$attrs = array('email' => $this->email);
// obtain all users matching this criterion
$record = User::model()->findByAttributes($attrs);
// if no users are obtained, we need to set custom message.
if ($record === null)
$this->errorCode = self::ERROR_EMAIL_INVALID;
// if password does not match, indicate this via message.
else if ($record->password !== crypt($this->password, $record->password))
$this->errorCode = self::ERROR_PASSWORD_INVALID;
// check if user account is enabled.
else if ($record->is_authorised == 0)
$this->errorCode = self::ERROR_ACCOUNT_INACTIVE;
else {
// all check passed, now initiate a whatevr.
$this->_id = $record->id;
$this->email = $this->username = $record->email;
// no error occurred.
$this->errorCode = self::ERROR_NONE;
}
// return the errorCode.
return $this->errorCode;
}
/**
* Returns ID.
* @return type
*/
public function getId() {
return $this->_id;
}
/**
* Returns username, part before '@' sign.
* @return type
*/
public function getName() {
$usernameParts = explode('@', $this->email);
return $usernameParts[0];
}
}
1)查看视图代码可能会有所帮助-它可能缺少打印错误的逻辑,或者输入字段可能命名错误。。。2) 你验证密码的方式一团糟。如我所见,您希望数据库中的用户记录包含纯文本密码,并且如果用户键入相同的纯文本或其附加版本,您会接受它吗?您应该换一种方式-db包含散列和salt对于每个用户,登录例程使用用户的salt对输入的密码进行散列,strcmp
这两个散列。3) 根据我的经验,如果浏览器窗口中没有显示任何内容(引用:“nothing displays,no error,nada zip”),那么原因通常是PHP错误。您是否查看了Web服务器错误日志?