CakePHP用Auth记住我

我已经成功地使用了Auth，但不幸的是，它似乎只能用于Session。我希望如果用户选中“记住我”复选框，我会使用Cookie，他将登录2周。我无法在官方书籍中找到任何内容，并且在Google中我找到了很少的博客文章。有没有什么办法可以在不重写核心的情况下实现呢？CakePHP用Auth记住我

来源

2012-09-16 good_evening

你对这个问题不再有兴趣吗？您对任何答案都没有提供任何反馈。 – Hoff

你可能想看看https://github.com/delight-im/PHP-Auth，它既是框架不可知的，也是与数据库无关的。 – caw

记住我不是别的，只是用cookie标识的会话，但Cookie生存期设置为无穷大。查看Config/core.php了解会话cookie的生命周期。

来源

2012-09-16 15:10:01 sibidiba

饼干寿命是不够的。您还必须在服务器上使会话持续很长时间。 – nIcO

看到这个网址我认为这对你非常有帮助。

http://lecterror.com/articles/view/cakephp-and-the-infamous-remember-me-cookie

或者试试这个

function login() { 
    if ($this->Auth->user()) { 
     if (!empty($this->data) && $this->data['User']['remember_me']) { 
      $cookie = array(); 
      $cookie['username'] = $this->data['User']['username']; 
      $cookie['password'] = $this->data['User']['password']; 
      $this->Cookie->write('Auth.User', $cookie, true, COOKIE_EXPIRE); 
      unset($this->data['User']['remember_me']); 
     } 

     $this->LogDetail->Write('activity','has logged IN'); 
     $this->redirect($this->Auth->redirect()); 
    } 

    if (empty($this->data)) { 
     $cookie = $this->Cookie->read('Auth.User'); 
     if (!is_null($cookie)) { 
      if ($this->Auth->login($cookie)) { 
       $this->Session->destroy('Message.Auth'); # clear auth message, just in case we use it. 
       $this->LogDetail->Write('activity','has been authenticated via cookie and is now logged IN'); 

       $this->redirect($this->Auth->redirect()); 
      } else { 
       $this->LogDetail->Write('activity','attempted to gain access with an invalid cookie'); 
       $this->Cookie->destroy('Auth.User'); # delete invalid cookie 

       $this->Session->setFlash('Invalid cookie'); 
       $this->redirect('login'); 
      } 
     } 
    } 
}

来源

2012-09-16 18:31:09

因为知道我的密码，即使是加密的，在一个cookie中的某个地方浮动，我也会觉得很不舒服。我认为在这种情况下，存储用户名就足够了。 – nIcO

在用户控制器：

public function beforeFilter() { 
    $this->Auth->allow(array('login', 'register')); 
    parent::beforeFilter(); 
} 

public function login() { 
    if ($this->request->is('post')) { 

     if ($this->Auth->login()) { 

      // did they select the remember me checkbox? 
      if ($this->request->data['User']['remember_me'] == 1) { 
       // remove "remember me checkbox" 
       unset($this->request->data['User']['remember_me']); 

       // hash the user's password 
       $this->request->data['User']['password'] = $this->Auth->password($this->request->data['User']['password']); 

       // write the cookie 
       $this->Cookie->write('remember_me_cookie', $this->request->data['User'], true, '2 weeks'); 
      } 

      return $this->redirect($this->Auth->redirect()); 

     } else { 
      $this->Session->setFlash(__('Username or password is incorrect.')); 
     } 
    } 

    $this->set(array(
     'title_for_layout' => 'Login' 
    )); 
} 

public function logout() { 
    // clear the cookie (if it exists) when logging out 
    $this->Cookie->delete('remember_me_cookie'); 

    return $this->redirect($this->Auth->logout()); 
}

在登录视图：

<h1>Login</h1> 

<?php echo $this->Form->create('User'); ?> 
    <?php echo $this->Form->input('username'); ?> 
    <?php echo $this->Form->input('password'); ?> 
    <?php echo $this->Form->checkbox('remember_me'); ?> Remember Me 
<?php echo $this->Form->end('Login'); ?>

在你的AppController：

public $components = array(
    'Session', 
    'Auth', 
    'Cookie' 
); 

public $uses = array('User'); 

public function beforeFilter() { 
    // set cookie options 
    $this->Cookie->key = 'qSI232qs*&[email protected][email protected]*(XSL#$%)[email protected][email protected]#HKis~#^'; 
    $this->Cookie->httpOnly = true; 

    if (!$this->Auth->loggedIn() && $this->Cookie->read('remember_me_cookie')) { 
     $cookie = $this->Cookie->read('remember_me_cookie'); 

     $user = $this->User->find('first', array(
      'conditions' => array(
       'User.username' => $cookie['username'], 
       'User.password' => $cookie['password'] 
      ) 
     )); 

     if ($user && !$this->Auth->login($user['User'])) { 
      $this->redirect('/users/logout'); // destroy session & cookie 
     } 
    } 
}

来源

2012-09-18 15:20:40 Hoff

因为知道我的密码（即使是加密的）漂浮在cookie中的某处，我会觉得很不舒服。我认为在这种情况下，存储用户名就足够了。 – nIcO

请记住，它是密码的加密，腌制和散列。如果这仍然让你处于优势地位，那么最好的办法就是随机生成一个令牌来和用户名一起使用。我个人不会仅仅依靠用户名。 – Hoff

你说得对，其实我后来意识到了。但无论如何，我不希望将与密码相关的任何内容存储在cookie中。我不确定它是否是一种过敏，但这个想法给我起鸡皮疙瘩;-) – nIcO

使用CookeAuthenticate适配器：

https://github.com/ceeram/Authenticate/blob/master/Controller/Component/Auth/CookieAuthenticate.php

来源

2012-09-21 08:58:21 Ceeram

我认为你需要了解CakePHP的安全级别。尝试降低你的cakePHP的安全性。 CakePHP的配置变量documentation。我很早以前就写了一篇关于它的文章blog。

来源

2012-09-25 11:01:21 Nehal

-1

这个问题已经回答了一段时间，但希望这可以帮助那些追随我的人。

我写了关于如何建立从Ceeram

更多的信息在这里 '记住我' 使用Auhenticate插件功能简单步骤：http://mirkoborivojevic.com/posts/2013/08/10/setup-remember-me-functionality-in-cakephp/

来源

2013-08-11 07:48:51

你可以试试这个

if ($this->Auth->login()) 
     { 
      if (!empty($this->data['User']['remember'])) 
      { 
       $cookie = array(); 
       $cookie['login'] = $this->data['User']['login']; 
       $cookie['password'] = $this->data['User']['password']; 
            $cookie['language'] =$this->data['User']['language']; 
       $this->Cookie->write('Auth.projectname', $cookie, true, '+1 years');               
       unset($this->data['User']['remember']);

来源

2013-09-24 10:29:41 deadman

public function admin_login() { 
     $this->layout = 'admin_login'; 
     if (count($this->Session->read("Auth.User"))) { 
      $usr = $this->Session->read("Auth.User"); 
      if ($usr['role'] == 'A' || $usr['role'] == 'RA' || $usr['role'] == 'MAfA' || $usr['role'] == 'Af' || $usr['role'] == 'FAA') 
       return $this->redirect(array('controller' => 'dashboard', 'action' => 'view')); 
     } 
     if ($this->request->is('post')) { 

      if ($this->request->data['User']['remember_me']=="1") { 
//    pr($this->request->data); 
//    die('sdd'); 


       $this->Cookie->write('username', $this->request->data['User']['username'], true, '1 year'); 
       $this->Cookie->write('password', $this->request->data['User']['password'], true, '1 year'); 
      } else { 
       $this->Cookie->destroy(); 
      } 
      /* 
      * Check if email or username is passed in form 
      */ 
      $uname = $this->request->data['User']['username']; 
      //login via email 
      if (filter_var($uname, FILTER_VALIDATE_EMAIL)) { 
       $u = $this->User->findByemail($uname); 
      } else { //login via username 
       $u = $this->User->findByusername($uname); 
      } 
      if ($u) { 
       $this->request->data['User']['username'] = $u['User']['username']; 
       /*     * * 
       * Error if user is not active 
       */ 
       if ($u['User']['user_status'] != 'active') { 
        $this->Session->setFlash(__('Sorry! Your account is not active.'), 'default', array('class' => 'alert alert-danger')); 
       } elseif ($this->Auth->login()) { //if logged in 
        $user_caps = $this->fetchCapabilitiesByRole($u['User']['role']); 
        $this->Session->write("Auth.User.privileges", array('capabilities' => $user_caps['capabilities'], 'geo_areas' => array())); 
        if ($u['User']['role'] == 'A' || $u['User']['role'] == 'RA' || $u['User']['role'] == 'Af' || $u['User']['role'] == 'MAfA' || $u['User']['role'] == 'FAA') 
         return $this->redirect(array('controller' => 'dashboard', 'action' => 'view')); 
        return $this->redirect($this->Auth->redirect()); 
       }else { //if invalid 
        $this->Session->setFlash(__('Invalid username or password.'), 'default', array('class' => 'alert alert-danger')); 
       } 
      } else {//if user does not exists 
       $this->Session->setFlash(__('User does not exists.'), 'default', array('class' => 'alert alert-danger')); 
      } 
     } 
    }

来源

2015-03-05 09:37:40

CakePHP用Auth记住我

回答

相关问题