CODEWITHSUNDEEP
phpcakephpcakephp-2.0
Salsa
Salsa

Reputation: 957

How to use my own password hasher

I tried to follow cake's documentation do create my own password hasher, but it seems that the authentication component is not using it.

This is my code:

class AppController extends Controller {
  public $helpers = array('Html', 'Form', 'Session');

  public $components = array(
    'Session',
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'passwordHasher' => array(
                    'className' => 'Fake64'),
                'fields' => array('username' => 'user_login',
                                  'password' => 'user_senha')
            )
        ),            
        'loginRedirect' => array('controller' => 'tickets', 'action' => 'index'),
        'logoutRedirect' => array('controller' => 'users', 'action' => 'login')
    )
  );

  public function beforeFilter() {
    $this->Auth->allow('index');
  }
}

And in my UsersController:

public function login() {
    if ($this->request->is('post')) {
        $hasher = new Fake64PasswordHasher();
        debug($this->request->data['User']['password']);
        debug($hasher->hash($this->request->data['User']['password']));
        debug($hasher->check($this->request->data['User']['password'], $hasher->hash($this->request->data['User']['password'])));
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        }
        $this->Session->setFlash(__('Invalid username or password, try again'));
    }
}

These debug messages show I have the correct password, the correct hash and that the check function is returning true. Still, I can't login.

Any ideas?

EDIT:

By the way, I tried to use: $this->Session->setFlash($this->authError);

and no message is printed.

Upvotes: 0

Views: 95

Answers (1)

ndm
ndm

Reputation: 60453

Your form data fields do not match the form authentication fields configuration. You've configured user_login for the username, and user_senha for the password, but according to the debug calls in your login() action you are submitting the password field as password (not sure about the username field, it might use the wrong name too).

So either change or remove (it uses username and password by default) the fields config, or change the input field names.

Upvotes: 1

Related Questions