更改密码功能不起作用 - 散列错误
Change password function not working - hash wrong
好吧,我整个晚上都在用头撞墙。
有人可以向我解释为什么这个 returns 错误(用户模型):
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
/*
if($newPassword != $repeatPassword)
return false;
*/
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
$hash = $passwordHasher->hash($currentPassword);
if($current != $hash)
return false;
//set password to data
//save
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
我通过调试 $current 和 $hash 可以看出生成的哈希值与从数据库中提取的哈希值不同。问题是为什么。
顺便说一句,登录工作正常。 CakePHP 版本为 2.6.5
编辑:
问题解决了。完整的解决方案在这里:
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
if($newPassword != $repeatPassword)
return false;
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
if(!$passwordHasher->check($currentPassword, $current))
return false;
//set password to data
$this->data['password'] = $newPassword;
//save
if(!$this->save($this->data))
return false;
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
$current and $hash that the generated hash is not the same
这就是河豚的工作原理。它每次都会生成一个新的哈希值。
不用散列当前密码并与数据库中的现有散列进行字符串比较,而是使用 BlowfishPasswordHasher::check() 检查当前密码是否与数据库中的散列相匹配。
好吧,我整个晚上都在用头撞墙。
有人可以向我解释为什么这个 returns 错误(用户模型):
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
/*
if($newPassword != $repeatPassword)
return false;
*/
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
$hash = $passwordHasher->hash($currentPassword);
if($current != $hash)
return false;
//set password to data
//save
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
我通过调试 $current 和 $hash 可以看出生成的哈希值与从数据库中提取的哈希值不同。问题是为什么。
顺便说一句,登录工作正常。 CakePHP 版本为 2.6.5
编辑: 问题解决了。完整的解决方案在这里:
public function changePassword($user_id, $currentPassword, $newPassword, $repeatPassword){
//Check repeat
if($newPassword != $repeatPassword)
return false;
//Check old password
$this->id = $user_id;
$current = $this->field('password');
$passwordHasher = new BlowfishPasswordHasher();
if(!$passwordHasher->check($currentPassword, $current))
return false;
//set password to data
$this->data['password'] = $newPassword;
//save
if(!$this->save($this->data))
return false;
return true;
}
public function beforeSave($options = array()) {
if(isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']);
}
return true;
}
$current and $hash that the generated hash is not the same
这就是河豚的工作原理。它每次都会生成一个新的哈希值。
不用散列当前密码并与数据库中的现有散列进行字符串比较,而是使用 BlowfishPasswordHasher::check() 检查当前密码是否与数据库中的散列相匹配。