密碼散列不能正常工作

Question

我想讓登錄工作...但是當我註冊（使用添加）函數我曾經有一個MD5，然後我改變它爲$ this-> Auth-> password，然後我嘗試沒有這條線..以及它第一次登錄罰款..但然後由於某種原因它在登錄時再次更改哈希它永遠不會匹配數據庫..我不知道如何解決此..這裏是我的代碼

<?php 
class UsersController extends AppController { 

    var $uses = array("User"); 
    var $components = array('Auth', 'Session'); 


    function index() 
    { 
     $this->set('users', $this->User->find('all')); 
     $this->layout = 'master_layout'; 
    } 

    function beforeFilter() { 
     $this->Auth->allow('add'); 
     } 

     function add() { 

      if (!empty($this->data)) { 
      //pass is hashed already 
      //->data['User']['password'] = $this->Auth->password($this->data['User']['password']); 
      if ($this->User->save($this->data)) { 
       $this->Session->setFlash('Your were registered!.'); 
           $this->redirect(array('action' => 'index')); 
      } 
      } 

     $this->layout = 'master_layout'; 
     } 

    //IF THE DATABASE IS SET UP CORRECTLY CAKE AUTHENTICATES AUTOMATICALLY NO 
    //LOGIC IS NEEDED FOR LOGIN http://book.cakephp.org/view/1250/Authentication 
    function login() { 
     $this->layout = 'master_layout'; 
    } 

    function logout() { 

    $this->redirect($this->Auth->logout()); 

    } 

} 
?> 

VIEW

<?php 
echo $this->Session->flash('auth'); 
echo $this->Form->create('User'); 
echo $this->Form->input('username'); 
echo $this->Form->input('password'); 
echo $this->Form->end('Login'); 
?> 

Answer 1

你不應該使用密碼錶單上的字段名。 這樣，即使是空字符串也會被保存，並且會把已經保存的字符串搞亂。根據你的beforeSave方法，空字符串甚至可以保存爲散列（隱藏它實際上是一個空密碼）。

看到 http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/