•  27-10-2019
  •  | 
  •  

Question

I have built a login form but not a sign up form so i am putting the users details directly into the sql database.
I have found out that cakephp automatically hashes the password when the user tries to login, but at the moment I cant login because the password in the database is not hashed.
how does cakephp hash the passwords?

My security salt is Dhhfei38fhDg37dg6Dg208Dh3h380Hrjd3

Could you please walk me through what it does?

Was it helpful?

Solution

Hashed passwords in cakephp are created by:

$hashedPasswords = Security::hash($yourPass, NULL, true);

Check the cakephp manual for more info

OTHER TIPS

debug(AuthComponent::password("your-password"));

That's if you are hashing your password this way inside your UserModel.

public function beforeSave() {
    if (isset($this->data[$this->alias]['password'])) {
        $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
    }
    return true;
}

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords

Add a new user with a password. You can take the hash value of the new user's password and paste it into other user's records.

As of Cakephp 2.0, Cake only hashes passwords in the login process, on other places (like register-method...), the password won't be hashed automatically, that's because it was considered a strange behaviour to people who where new to cakephp. If you want to hash the password, you need to use the method Sudhir mentioned. One of the advantages that cake does not hash passwords automatically anymore is, that you can more easily check the password complexity ( if there are included special characters, numbers, letters ecc).

According to How to – password hashing in cakephp: "Security::hash takes the type sha1."

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top