??? ? ?????? ?? ? ? ?? ??? ?????. ?? ???? ????? ???? ????? ?? ?????. CakePHP? ?????? ??? ?? ? ?? ??? ?????.

??? ? ???

CakePHP? ?? ?????? ???? ????? ??? ? ?? ??? ?????. ??? ?? ???? ???? ? ?? ?????.

static Cake\Utility\Security::encrypt($text, $key, $hmacSalt = null)
static Cake\Utility\Security::decrypt($cipher, $key, $hmacSalt = null)

??? ??? ???? ?? ??? ???? ???? ????? ?? ?? HMAC ???? ???? ???? ?? ???.

???? ???? ???? hash() ???? ?????. hash() ???? ??? ??? ????.

static Cake\Utility\Security::hash($string, $type = NULL, $salt = false)

CSRF

CSRF? Cross Site Request Forgery? ?????. CSRF ?? ??? ????? ?????? ???? ? ????. CSRF? ? ??????? ???? ??????.

?? ?? ???? ?? ??? ???? ??? ? ??? ??? ?? ???? ??? ??? ???? ???? ??? ??? ??? ?? ????. ??? ?? CsrfComponent? ?? ?? ??? ???? CSRF? ???? ? ????. ?

public function initialize(): void {
   parent::initialize();
   $this->loadComponent('Csrf');
}

CsrfComponent? FormHelper? ???? ?????. FormHelper? ???? ??? ??? ??? CSRF ??? ??? ??? ??? ?????.

????? ??? ?? ????? CsrfComponent? ????? ? ????. beforeFilter() ???

public function beforeFilter(Event $event) {
   $this->eventManager()->off($this->Csrf);
}

?? ????

?? ????? ??????? ?? ??? ??? ?????. ?

• ??????? ???? HTTP ??? ?? ? ???? ???? ?? ?? ???? HTTP ???? ???? ???. HTTP ???? ????? CakeNetworkRequest::allowMethod()? ???? ??? HTTP ???? ????? ???? ???.

• ?? ?? ?? - ????? SecurityComponent? ???? ?? ???? ??? ???? ?? ?????. SecurityComponent? ??? ????? ?

  • ? ? ?? ??? ??? ??? ? ????.

  • ???? ??? ??? ? ????.

  • ??? ???? ??? ? ????.

• SSL ?? ?? ? SSL ??? ???? ?? ??

• ???? ? ?? ?? ? ? ????? ??? ?? ? ?? ????? ??? ? ????. ?? ? ????? ??? ??? ?? ? ?? ??? ??? ?? ????.

?

?? ????? ?? config/routes.php ??? ?????.

config/routes.php

<?php
use Cake\Http\Middleware\CsrfProtectionMiddleware;
use Cake\Routing\Route\DashedRoute;
use Cake\Routing\RouteBuilder;
$routes->setRouteClass(DashedRoute::class);
$routes->scope('/', function (RouteBuilder $builder) {
   $builder->registerMiddleware('csrf', new CsrfProtectionMiddleware([
      'httpOnly' => true,
   ]));
   $builder->applyMiddleware('csrf');
   //$builder->connect('/pages',
      ['controller'=>'Pages','action'=>'display', 'home']);
   $builder->connect('login',['controller'=>'Logins','action'=>'index']);
   $builder->fallbacks();
});

src/Controller/LoginsController.php?? LoginsController.php ??? ?????. ???? ??? ?? ??? ?????.

src/Controller/LoginsController.php

<?php
   namespace App\Controller;
   use App\Controller\AppController;
   class LoginsController extends AppController {
      public function initialize() : void {
         parent::initialize();
         $this->loadComponent('Security');
      }
         public function index(){
      }
   }
?>

src/Template? Logins ????? ??? ?? ???? ??? index.php?? View ??? ????. ?? ??? ?? ??? ?????.

src/Template/Logins/index.php

<?php
   echo $this->Form->create(NULL,array('url'=>'/login'));
   echo $this->Form->control('username');
   echo $this->Form->control('password');
   echo $this->Form->button('Submit');
   echo $this->Form->end();
?>

?? URL(http://localhost/cakephp4/login)? ???? ?? ?? ?????

??

???? ??? ?? ??? ?????.

? ??? CakePHP ??? ?? ?????. ??? ??? PHP ??? ????? ?? ?? ??? ?????!