user710502
user710502

Reputation: 11469

Password hashing not working properly

I am trying to make the login work... but when i register (using the add) function i used to have a md5, then i changed it to $this->Auth->password, and then i tried without that line.. well it logins fine the first time.. but then for some reason it changes the hash again on login it never matches the database.. i dont know how to fix this.. here is my code

<?php
class UsersController extends AppController {

    var $uses = array("User");
    var $components = array('Auth', 'Session');


    function index()
    {
        $this->set('users', $this->User->find('all'));
         $this->layout = 'master_layout';
    }

    function beforeFilter() {
       $this->Auth->allow('add');
      } 

      function add() { 

          if (!empty($this->data)) {
             //pass is hashed already
             //->data['User']['password'] = $this->Auth->password($this->data['User']['password']);
             if ($this->User->save($this->data)) {
                $this->Session->setFlash('Your were registered!.');
                               $this->redirect(array('action' => 'index'));
             }
          }

         $this->layout = 'master_layout';
      }

    //IF THE DATABASE IS SET UP CORRECTLY CAKE AUTHENTICATES AUTOMATICALLY NO
    //LOGIC IS NEEDED FOR LOGIN http://book.cakephp.org/view/1250/Authentication
    function login() {
        $this->layout = 'master_layout';
    }

    function logout() {

    $this->redirect($this->Auth->logout());

    }

}
?>

VIEW

<?php
echo $this->Session->flash('auth');
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>

Upvotes: 0

Views: 500

Answers (1)

mark
mark

Reputation: 21743

you shouldnt use password as field name on forms. this way even empty strings will be saved and will mess up already saved ones. depending on your beforeSave method the empty string might even be saved as hash (cloaking that its actually an empty password).

see http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/

Upvotes: 1

Related Questions