小贝子编程

如何解决cakephp密码重置模型验证错误



我已经将cakephp 2.0 ACL插件与Voidet SignMeUp插件相结合,以获得完整的用户管理(ACL,注册,忘记密码)。我已经从SignMeUp部分工作的ACL管理和注册。我遇到的问题是与SignMeUp的忘记密码方法。

下面是忘记密码的视图:

<h2>Reset Your Password</h2>
<p>Please enter your email address below:</p>
<?php
echo $this->Form->create();
echo $this->Form->input('email');
echo $this->Form->end('Reset Password');

下面是SignMeUp遗忘密码组件:

    public function forgottenPassword() {
    extract($this->settings);
    $model = $this->controller->modelClass;
    if (!empty($this->controller->request->data[$model])) {
        $data = $this->controller->request->data[$model];
    }
    //User has code to reset their password
    if (!empty($this->controller->request->params[$password_reset_field])) {
        $this->__generateNewPassword($model);
    } elseif (!empty($password_reset_field) && !empty($data['email'])) {
        $this->__requestNewPassword($data, $model);
    }
}
private function __generateNewPassword($model = '') {
    extract($this->settings);
    $user = $this->controller->{$model}->find('first', array(
        'conditions' => array($password_reset_field => $this->controller->request->params[$password_reset_field]),
        'recursive' => -1
    ));
    if (!empty($user)) {
        $password = substr(Security::hash(String::uuid(), null, true), 0, 8);
        $user[$model][$password_field] = Security::hash($password, null, true);
        $user[$model][$password_reset_field] = null;
        $this->controller->set(compact('password'));
        if ($this->controller->{$model}->save($user) && $this->__sendNewPassword($user[$model])) {
            if (!$this->controller->request->is('ajax')) {
                $this->Session->setFlash('Thank you '.$user[$model][$username_field].', your new password has been emailed to you.');
                $this->controller->redirect($this->Auth->loginAction);
            } else {
                return true;
            }
        }
    }
}
    private function __requestNewPassword($data = array(), $model = '') {
    extract($this->settings);
    $this->controller->loadModel($model);
    $user = $this->controller->{$model}->find('first', array('conditions' => array('email' => $data['email']), 'recursive' => -1));
    if (!empty($user)) {
        $user[$model][$password_reset_field] = md5(String::uuid());
        if ($this->controller->{$model}->save($user) && $this->__sendForgottenPassword($user[$model])) {
            if (!$this->controller->request->is('ajax')) {
                $this->Session->setFlash('Thank you. A password recovery email has now been sent to '.$data['email']);
                $this->controller->redirect($this->Auth->loginAction);
            } else {
                return true;
            }
        }
    } else {
        $this->controller->{$model}->invalidate('email', 'No user found with email: '.$data['email']);
    }
}

下面是用户模型代码:

    App::uses('AclManagementAppModel', 'AclManagement.Model');
    class User extends AclManagementAppModel {
    public $name = 'User';
    public $useTable = "users";
    public $actsAs = array('Acl' => array('type' => 'requester'), 'SignMeUp.SignMeUp');
    public $validate = array(
            'name' => array(
            'required' => false,
            'allowEmpty' => false,
            'rule' => 'notEmpty',
            'message' => 'You must enter your real name.'
        ),
        'email' => array(
            'email' => array(
                'required' => false,
                'allowEmpty' => false,
                'rule' => 'email',
                'message' => 'Invalid email.',
                'last' => true
            ),
            'unique' => array(
                'required' => false,
                'allowEmpty' => false,
                'rule' => 'isUnique',
                'message' => 'Email already in use.'
            )
        ),
        'password' => array(
            'required' => false,
            'allowEmpty' => false,
            'rule' => 'comparePwd',
            'message' => 'Password mismatch or less than 6 characters.'
        )
    );` 

public function comparePwd($check) {
    $check['password'] = trim($check['password']);
    if (!isset($this->data['User']['id']) && strlen($check['password']) < 6) {
        return false;
    }
    if (isset($this->data['User']['id']) && empty($check['password'])) {
        return true;
    }
    $r = ($check['password'] == $this->data['User']['password2'] && strlen($check['password']) >= 6);
    if (!$r) {
        $this->invalidate('password2', __d('user', 'Password missmatch.'));
    }
    return $r;
}`

,这是我提交表单时得到的错误消息:

通知(8):未定义索引:password2 [APPPluginAclManagementModelUser.php,第119行]

与此消息相关的代码是:

$r = ($check['password'] == $this->data['User']['password2'] && strlen($check['password']) >= 6);

上下文声明:

$check = array(
'password' => '*****'

)

所以,我想理解的是如何处理这个来自用户模型的错误。有意义吗?

从这个错误

通知(8):未定义索引:password2 [APPPluginAclManagementModelUser.php,第119行]

和这个error-context:

$check = array(
     'password' => '*****'
);

传递给保存的数据缺少password2字段。

调用save更新密码

看起来相关函数是:__generateNewPassword。只要确保passwordpassword2都以相同的值存在,它就应该工作:

private function __generateNewPassword($model = '') {
    ...
    if (!empty($user)) {
        $password = substr(Security::hash(String::uuid(), null, true), 0, 8);
        $hashedPw = Security::hash($password, null, true);
        $user[$model]['password'] = $hashedPw;
        $user[$model]['password2'] = $hashedPw;
        ...

如果这不是导致错误的save调用-检查错误堆栈跟踪,看看在你的情况下save是从哪里被调用的。

请注意,验证函数的实现相当糟糕。密码必须经过散列才能正确存储——";"的验证逻辑必须超过6个字符。将该规则应用于散列密码,该密码始终为40个字符长。通过电子邮件发送密码也不是处理密码重置逻辑的最佳方式——最好是让用户自己设置新密码,而不是通过电子邮件以明文形式发送密码。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium