Password hashing not working properly

Question

I am trying to make the login work... but when i register (using the add) function i used to have a md5, then i changed it to $this->Auth->password, and then i tried without that line.. well it logins fine the first time.. but then for some reason it changes the hash again on login it never matches the database.. i dont know how to fix this.. here is my code

set('users', $this->User->find('all'));
         $this->layout = 'master_layout';
    }

    function beforeFilter() {
       $this->Auth->allow('add');
      } 

      function add() { 

          if (!empty($this->data)) {
             //pass is hashed already
             //->data['User']['password'] = $this->Auth->password($this->data['User']['password']);
             if ($this->User->save($this->data)) {
                $this->Session->setFlash('Your were registered!.');
                               $this->redirect(array('action' => 'index'));
             }
          }

         $this->layout = 'master_layout';
      }

    //IF THE DATABASE IS SET UP CORRECTLY CAKE AUTHENTICATES AUTOMATICALLY NO
    //LOGIC IS NEEDED FOR LOGIN http://book.cakephp.org/view/1250/Authentication
    function login() {
        $this->layout = 'master_layout';
    }

    function logout() {

    $this->redirect($this->Auth->logout());

    }

}
?>

VIEW

Session->flash('auth');
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>

mark · Accepted Answer

you shouldnt use password as field name on forms. this way even empty strings will be saved and will mess up already saved ones. depending on your beforeSave method the empty string might even be saved as hash (cloaking that its actually an empty password).

see http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/

Password hashing not working properly

Answers (1)

Related Questions