CakePHP MD5和Cake会话字符串
有人看到这行有问题吗:$emailtoken=md5$user['user']['password'].CAKE\u SESSION\u STRING 因为它给出了以下错误:使用未定义的常量CAKE\u SESSION\u STRING-假定为“CAKE\u SESSION\u STRING” 它仍然会创建一个令牌,但会给出该错误,然后在使用该令牌时,它会说该令牌无效:/ 以下是完整的功能:CakePHP MD5和Cake会话字符串,php,cakephp,Php,Cakephp,有人看到这行有问题吗:$emailtoken=md5$user['user']['password'].CAKE\u SESSION\u STRING 因为它给出了以下错误:使用未定义的常量CAKE\u SESSION\u STRING-假定为“CAKE\u SESSION\u STRING” 它仍然会创建一个令牌,但会给出该错误,然后在使用该令牌时,它会说该令牌无效:/ 以下是完整的功能: function admin_resetpassword ( $token = null
function admin_resetpassword ( $token = null )
{
// User submits their email address
if (!empty($this->data['User']['email']))
{
// user submitted initial form
$user = $this->User->findByEmail($this->data['User']['email']);
if (empty($user))
{
$this->Session->setFlash('Unknown email.');
return;
}
else
{
$emailtoken = md5($user['User']['password'].CAKE_SESSION_STRING);
// send email (temp flash to test code)
$this->Session->setFlash($emailtoken);
return;
}
}
// If the token is not empty on the url
if (!empty($token))
{
$user = $this->User->find(array("MD5(User.password + '".CAKE_SESSION_STRING."')"=>$token));
if (empty($user))
{
$this->Session->setFlash('Invalid token.');
return;
}
if (!empty($this->data['User']['password']))
{
$user['User']['password'] = $this->data['User']['password'];
$this->user->save($user);
$this->Session->setFlash('New password set.');
$this->redirect('/');
}
$this->set('token', $token);
$this->render('newpassword2');
}
}
问题是CAKE_SESSION_字符串未按错误中的说明定义。 如果要获取salt或密码种子,请使用Configure::read'Security.salt';或$thisession->id;但是你知道这个会话id在某个非活动期后丢失了,对吗?除非您将会话id保存在某个地方,否则您以后将无法获取该会话id