CODEWITHSUNDEEP
phpcakephpcakephp-2.4
Piyush Kumar
Piyush Kumar

Reputation: 85

Auth Component not checking password automatically in cakephp 2.4

I downloaded the recent version of cakephp that is cakephp 2.4.

When I am using Auth component it is not checking password.

When I see sql dump it shows

SELECT User.id, User.role_id, User.username, User.password,
User.email, User.first_name, User.last_name, User.activation_key,
User.status, User.created, User.modified
FROM cakephp.users AS User WHERE User.username = 'admin'
AND User.status = 1 LIMIT 1

It should be

SELECT User.id, User.role_id, User.username, User.password, User.email,
User.first_name, User.last_name, User.activation_key, User.status,
User.created, User.modified FROM cakephp.users AS User
WHERE User.username = 'admin'
AND User.password = '32ddqdsd34sfgtbvge434' AND User.status = 1 LIMIT 1

My Auth component code is

$this->Auth->userModel = 'User';

$this->Auth->authenticate = array(
                            'Form' => array(
                            'scope' => array('User.status' => 1)
                            )
                        );

$this->Auth->loginError     =   __("login_failed_invalid_username_or_password");

$this->Auth->loginAction    =   array('admin' => true, 'controller' => 'admins', 'action' => 'login');  

$this->Auth->loginRedirect  =    array('admin' => true, 'controller' => 'admins', 'action' => 'dashboard');

$this->Auth->authError      =   __('you_must_login_to_view_this_information');

$this->Auth->autoRedirect   =   true;

Upvotes: 0

Views: 3025

Answers (2)

Abe
Abe

Reputation: 1

It won't do password check in one sql with finding user. Cake from 2.4 will find user (you see this query) and then check password. You need to have correct passwod in table to get true from Auth->login

Solution: Login using AuthComponent in CakePHP 2.4

Upvotes: 0

summii
summii

Reputation: 144

The hashing algorithm has changed in 2.4. The password check is now done with PHP and a different has type is used.

In your model

    if (isset($this->data[$this->alias]['password'])) {

    $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);

}

return true;

}

and your controller

 public $components = array(
    'Session',
    /* add Auth component and set  the urls that will be loaded after the login and logout actions is performed */
    'Auth' => array(
        'loginRedirect' => array('controller' => 'admins', 'action' => 'dashboard'),
        'logoutRedirect' => array('controller' => 'admins', 'action' => 'home')
    )
);

make time to read this

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

Upvotes: 1

Related Questions