Check users password on login with cakePHP

Question

I want to check the password of a user after login.

What would be the easiest way to do this?

I have a Users controller which has the login and logout actions, and then I have the App Controller with the Auth login actions.

What I want to do is check 1 of 2 things: IF the password was changed in the last 3 months OR if the password is empty OR the same as the username.

If any of these 3 conditions are met, a user is prompted for a new password. How would I go about achieving this?

Answer 1

First of all, you must store the date of the last time a password was changed. So the users table would look like: id, login, password, pwd_date

Secondly, inside your AppController->login() method, you would need to add a few lines of code that would be similar to

$user = $this->User->findById($this->Auth->getUser('id'));
if ($user['User']['pwd_date'] < strtotime('-3 months') || '' == trim($user['User']['password'])){
    promptViewToShowMustResetPassword();
}

Now, as for checking whether the username and|password are thesame, you would need to set it up inside the model for your user as a custom validation rule, and make it NOT ALLOW the use of username for the password.