Login Cakephp doesn't work with hashed password

StackOverflow https://stackoverflow.com/questions/20857629

Question

I have a weird mistake when log in. The field 'passwd' is hashed as usual, so for instance the password '12345' is '844b1054b7c94519b6565dd301b3dede4a07b2c1' in the database.

Apparently everything is correct...

...but when I try to log in, I can do it with '844b1054b7c94519b6565dd301b3dede4a07b2c1', but no with '12345', and I don't know why. It should be the opposite!

$default_settings = array(
    'Auth.enabled' => true,
    'Auth.authorize' => 'controller', //actions
    'Auth.actionPath' => $prefix.'/',
    'Auth.userModel' => 'Taller',
    'Auth.authenticate' => ClassRegistry::init('Taller'),
    'Auth.fields' => array('username' => 'usuario', 'password' => 'passwd'),
    'Auth.authError' => false,
    'Auth.loginAction' => array('plugin' => 'pro', 'controller' => 'users', 'action' => 'login'),                                       'Auth.loginRedirect' => '/webpro',                                  'Auth.logoutRedirect' => '/webpro',         
    'Acl.enabled' => true,
);

I'm using CakePHP 1.2.

Thanks in advance.

Was it helpful?

Solution

CakePHP probably doesn't understand that it needs to hash the password field before comparing because you have renamed your field... This is confirmed by the fact that you can enter the hashed password into the field and login successfully...

 'Auth.fields' => array('username' => 'usuario', 'password' => 'passwd'),

Try renaming your database column to password, and make sure you are using FormHelpers in your views to rule out that being your issue.. I apologise for the poor answer, but this is the best I can make from what you have posted. If you reply to my answer I'm happy to improve it.

Otherwise, Find a way to Hash the passwords before comparing, but this is something the new >2.0 definitely does. I am not sure how to do this in CakePHP 1.2, but I strongly suggest you upgrade to enjoy all the new features in 2.0, also try stick to CakePHP conventions, the more you customise the harder issues become to diagnose.

Update

Try adding the following to your User Model:

app/Model/User.php

    function hashPasswords($data) {
        return Security::hash($data,'md5',false);
    }

Ref: http://api.cakephp.org/1.2/class-Security.html

If the above doesn't work:

Alternative Controller Based Approach

app/Controller/UsersController.php

function login() {
    if(!empty($this->data)) {
        $this->data['User']['password'] = Security::hash($this->data['User']['password'],'md5',false);
        $this->Auth->login($this->data);
        $this->redirect("home");
    }
}

Ref: http://book.cakephp.org/1.2/en/The-Manual/Core-Components/Authentication.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top