CakePHP 用 Auth 记住我
Posted
技术标签:
【中文标题】CakePHP 用 Auth 记住我【英文标题】:CakePHP remember me with Auth 【发布时间】:2012-09-08 23:23:12 【问题描述】:我已经成功使用了 Auth,但不幸的是,它似乎只适用于 Session。我希望如果用户选中“记住我”复选框,我会使用 Cookie,他会登录 2 周。我在官方书籍中找不到任何东西,在谷歌中我发现的博客文章很少而且不是很好。有什么方法可以在不重写核心的情况下实现这一点?
【问题讨论】:
您对这个问题不再感兴趣还是什么?您没有对任何答案提供任何反馈。 您可能想看看github.com/delight-im/php-Auth,它既与框架无关,也与数据库无关。 【参考方案1】:在您的用户控制器中:
public function beforeFilter()
$this->Auth->allow(array('login', 'register'));
parent::beforeFilter();
public function login()
if ($this->request->is('post'))
if ($this->Auth->login())
// did they select the remember me checkbox?
if ($this->request->data['User']['remember_me'] == 1)
// remove "remember me checkbox"
unset($this->request->data['User']['remember_me']);
// hash the user's password
$this->request->data['User']['password'] = $this->Auth->password($this->request->data['User']['password']);
// write the cookie
$this->Cookie->write('remember_me_cookie', $this->request->data['User'], true, '2 weeks');
return $this->redirect($this->Auth->redirect());
else
$this->Session->setFlash(__('Username or password is incorrect.'));
$this->set(array(
'title_for_layout' => 'Login'
));
public function logout()
// clear the cookie (if it exists) when logging out
$this->Cookie->delete('remember_me_cookie');
return $this->redirect($this->Auth->logout());
在登录视图中:
<h1>Login</h1>
<?php echo $this->Form->create('User'); ?>
<?php echo $this->Form->input('username'); ?>
<?php echo $this->Form->input('password'); ?>
<?php echo $this->Form->checkbox('remember_me'); ?> Remember Me
<?php echo $this->Form->end('Login'); ?>
在您的 AppController 中:
public $components = array(
'Session',
'Auth',
'Cookie'
);
public $uses = array('User');
public function beforeFilter()
// set cookie options
$this->Cookie->key = 'qSI232qs*&sXOw!adre@34SAv!@*(XSL#$%)asGb$@11~_+!@#HKis~#^';
$this->Cookie->httpOnly = true;
if (!$this->Auth->loggedIn() && $this->Cookie->read('remember_me_cookie'))
$cookie = $this->Cookie->read('remember_me_cookie');
$user = $this->User->find('first', array(
'conditions' => array(
'User.username' => $cookie['username'],
'User.password' => $cookie['password']
)
));
if ($user && !$this->Auth->login($user['User']))
$this->redirect('/users/logout'); // destroy session & cookie
【讨论】:
知道我的密码(即使是加密的)浮动在 cookie 中的某个位置,我会感到非常不舒服。我认为在这种情况下,存储用户名就足够了。 你说得对,其实我后来意识到了。但无论如何,我不希望将任何与密码相关的内容存储在 cookie 中。我不确定这是否是一种过敏,但这个想法让我起鸡皮疙瘩;-) 使用上述密码的另一个好处是,如果您更改密码,它会自动使强制重新登录的所有设备上的 cookie 无效。 :) 他似乎对获得太多帮助不感兴趣,很遗憾这些人抽出时间来尝试提供帮助。以后我会记得避开@hey 的问题。 感谢您的详细解答!我在应用程序中使用了它,但我认为“$this->Auth->login($user)”应该是“$this->Auth->login($user['User'])”。现在它完美运行了!【参考方案2】:看到这个网址我认为它对你很有帮助。
http://lecterror.com/articles/view/cakephp-and-the-infamous-remember-me-cookie
或者试试这个
function login()
if ($this->Auth->user())
if (!empty($this->data) && $this->data['User']['remember_me'])
$cookie = array();
$cookie['username'] = $this->data['User']['username'];
$cookie['password'] = $this->data['User']['password'];
$this->Cookie->write('Auth.User', $cookie, true, COOKIE_EXPIRE);
unset($this->data['User']['remember_me']);
$this->LogDetail->Write('activity','has logged IN');
$this->redirect($this->Auth->redirect());
if (empty($this->data))
$cookie = $this->Cookie->read('Auth.User');
if (!is_null($cookie))
if ($this->Auth->login($cookie))
$this->Session->destroy('Message.Auth'); # clear auth message, just in case we use it.
$this->LogDetail->Write('activity','has been authenticated via cookie and is now logged IN');
$this->redirect($this->Auth->redirect());
else
$this->LogDetail->Write('activity','attempted to gain access with an invalid cookie');
$this->Cookie->destroy('Auth.User'); # delete invalid cookie
$this->Session->setFlash('Invalid cookie');
$this->redirect('login');
【讨论】:
知道我的密码(即使是加密的)浮动在 cookie 中的某个位置,我会感到非常不舒服。我认为在这种情况下,存储用户名就足够了。【参考方案3】:使用 CookeAuthenticate 适配器:
https://github.com/ceeram/Authenticate/blob/master/Controller/Component/Auth/CookieAuthenticate.php
这里有更多信息:
https://github.com/ceeram/Authenticate/wiki/Set-Cookie
【讨论】:
【参考方案4】:记住我只不过是用 cookie 标识的会话,但 cookie 的生命周期设置为无穷大。查看 Config/core.php 以了解会话 cookie 的生命周期。
【讨论】:
Cookies 生命周期不够。您还必须使会话在服务器上持续这么长时间。【参考方案5】:我认为您需要了解 CakePHP 的安全级别。尝试降低 cakePHP 的安全性。 CakePHP 的配置变量documentation。很久以前我也写过blog。
【讨论】:
【参考方案6】:你可以试试这个
if ($this->Auth->login())
if (!empty($this->data['User']['remember']))
$cookie = array();
$cookie['login'] = $this->data['User']['login'];
$cookie['password'] = $this->data['User']['password'];
$cookie['language'] =$this->data['User']['language'];
$this->Cookie->write('Auth.projectname', $cookie, true, '+1 years');
unset($this->data['User']['remember']);
【讨论】:
【参考方案7】: public function admin_login()
$this->layout = 'admin_login';
if (count($this->Session->read("Auth.User")))
$usr = $this->Session->read("Auth.User");
if ($usr['role'] == 'A' || $usr['role'] == 'RA' || $usr['role'] == 'MAfA' || $usr['role'] == 'Af' || $usr['role'] == 'FAA')
return $this->redirect(array('controller' => 'dashboard', 'action' => 'view'));
if ($this->request->is('post'))
if ($this->request->data['User']['remember_me']=="1")
// pr($this->request->data);
// die('sdd');
$this->Cookie->write('username', $this->request->data['User']['username'], true, '1 year');
$this->Cookie->write('password', $this->request->data['User']['password'], true, '1 year');
else
$this->Cookie->destroy();
/*
* Check if email or username is passed in form
*/
$uname = $this->request->data['User']['username'];
//login via email
if (filter_var($uname, FILTER_VALIDATE_EMAIL))
$u = $this->User->findByemail($uname);
else //login via username
$u = $this->User->findByusername($uname);
if ($u)
$this->request->data['User']['username'] = $u['User']['username'];
/* * *
* Error if user is not active
*/
if ($u['User']['user_status'] != 'active')
$this->Session->setFlash(__('Sorry! Your account is not active.'), 'default', array('class' => 'alert alert-danger'));
elseif ($this->Auth->login()) //if logged in
$user_caps = $this->fetchCapabilitiesByRole($u['User']['role']);
$this->Session->write("Auth.User.privileges", array('capabilities' => $user_caps['capabilities'], 'geo_areas' => array()));
if ($u['User']['role'] == 'A' || $u['User']['role'] == 'RA' || $u['User']['role'] == 'Af' || $u['User']['role'] == 'MAfA' || $u['User']['role'] == 'FAA')
return $this->redirect(array('controller' => 'dashboard', 'action' => 'view'));
return $this->redirect($this->Auth->redirect());
else //if invalid
$this->Session->setFlash(__('Invalid username or password.'), 'default', array('class' => 'alert alert-danger'));
else //if user does not exists
$this->Session->setFlash(__('User does not exists.'), 'default', array('class' => 'alert alert-danger'));
【讨论】:
【参考方案8】:这个问题已经有一段时间没有回答了,但希望这对我之后的人有所帮助。
我已经编写了关于如何使用来自Ceeram 的 Authenticate Plugin 设置“记住我”功能的简短演练
更多信息在这里:http://mirkoborivojevic.com/posts/2013/08/10/setup-remember-me-functionality-in-cakephp/
【讨论】:
以上是关于CakePHP 用 Auth 记住我的主要内容,如果未能解决你的问题,请参考以下文章
如何使用 Amplify Auth Class 添加“记住我”功能?