我是Yii PHP Framework的新手,我试图在登录表单上工作。我知道在安装testdrive应用程序时,Yii上已有登录功能。我只是编辑它以通过数据库登录并且它无法正常工作。我在代码中没有任何错误,但是当我登录时,它总是说错误的密码或用户名。这是我的代码。
对于UserIdentity.php
class UserIdentity extends CUserIdentity
{
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
private $_id;
public function authenticate()
{
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==crypt($this->password,$record->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('title', $record->title);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}
这里是SiteController.php
public function actionLogin()
{
$model=new LoginForm;
// if it is ajax validation request
if(isset($_POST['ajax']) && $_POST['ajax']==='login-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if(isset($_POST['LoginForm']))
{
$model->attributes=$_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if($model->validate() && $model->login())
$this->redirect(Yii::app()->user->returnUrl);
}
// display the login form
$this->render('login',array('model'=>$model));
}
答案 0 :(得分:0)
如果您的密码保存在db text plain中,请不要使用crypt
class UserIdentity extends CUserIdentity
{
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
private $_id;
public function authenticate()
{
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==$this->password) // changed
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('title', $record->title);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}
答案 1 :(得分:0)
在您的编码中,行
else if($record->password!==crypt($this->password,$record->password))
将密码与字符串哈希进行比较(crypt()生成字符串哈希/ encription)。
如果您在没有加密的情况下将密码保存在db中,您可以直接比较用户输入密码和您在db中保存的密码,无需应用crypt()
($this->password!==$record->password)
//$this->password - user input
//$record->password - save password from db
现在将代码更改为
public function authenticate()
{
$record = User::model()->findByAttributes(array('username' => $this->username));
if ($record === null)
$this->errorCode = self::ERROR_USERNAME_INVALID;
else if (trim($this->password)!== $record->password)
$this->errorCode = self::ERROR_PASSWORD_INVALID;
else
{
$this->_id = $record->id;
$this->setState('title', $record->title);
$this->errorCode = self::ERROR_NONE;
}
return !$this->errorCode;
}