CakePHP password hasher and login

Question

I have got the password hasher to hash the password when adding a new employee. But when it comes to login, it does not retrieve the original password. My code is as follows:

Home page:

<form name="myForm" action="Employees/login" onsubmit="return validateForm()" method="post" >
<?php

    if (isset($error)) {


    echo "<p style='color:red;font-size: 20px''>Username or Password is invalid. Please try again.</p>";


        }?>
        <p>Enter Username:
        <input type="text" name="username" placeholder="username" style="height: 25px;width: 160px;"/></p>
        <br><br>
        <p>Enter Password:
        <input type="password" name="password"  placeholder="password" style="height: 25px;width: 160px;"/></p>
        <br>
<input type="submit" style="height:35px;width:100px;font-size: 18px; align:center;" value="Sign in">

   </form>
</div>

employeesController:

public function login()
    {
        $username=$this->request->data['username'];
        $password=$this->request->data['password'];
        $msg = $this->Employee->authenticateUser($username,$password);
        if($msg)
        {
            foreach ($msg as $userdetails)
            {
                $usertype=$userdetails['Employee']['access_level'];//either admin or staff


            }
            //set session variables to limit authority
            $this->Session->write(array('User' => array(
                'usertype' => $usertype


            )));

            $this->render("../Pages/index1");
            $this->layout = '../Pages/index1';

        }
        else{
            $this->set('error',$username);
            $this->render("../Pages/home");
            $this->layout = '../Pages/home';

        }

employee.php

 function authenticateUser($username,$password)
    {
        $this->setSource('employees');
        return $this->find('all',array('conditions' =>array('employee_username'=>$username,
            'employee_pw'=>$password)
        ));

    }

    public function beforeSave($options = array()) {
        if (isset($this->data[$this->alias]['employee_pw'])) {
            $passwordHasher = new SimplePasswordHasher();
            $this->data[$this->alias]['employee_pw'] = $passwordHasher->hash(
                $this->data[$this->alias]['employee_pw']
            );
        }
        return true;
    }
}

Can someone help? When I try to log in with an employee it does not retrieve the original password before hash.

Answer 1

Your password is saved after hashing on database. So, you need to rehash you password before doing any find operation.

public function login()
    {
        $username=$this->request->data['username'];
                App::uses('SimplePasswordHasher', 'Controller/Component/Auth');
                $passwordHasher = new SimplePasswordHasher();
        $password = $passwordHasher->hash($this->request->data['password']);
        $msg = $this->Employee->authenticateUser($username,$password);
        ......
        //rest of your code
        ....

And last I have to mention that you should use AuthComponent for login system.