Reputation: 8283
cakephp not hashing passwords the same
I'm trying to write a password reset function for my site in CakePHP. I've tried using $auth->hashPasswords, $auth->password, and even Security::hash, but nothing is hashing it correctly. I tried logging in with foobar, noting the hash used to try and log in: cfb9fabf02497f9090cbba6b03da4764212cea407,
but the reset makes foobar hashed into 5f4bb4b693725cea09cc7fc20603273f665534d8.
What am I doing wrong?
my code:
$this->data['Player']['password'] = $this->Auth->password($this->data['Player']['password']);
$this->Player->save($this->data);
Upvotes: 2
Views: 1006
Answers (1)
Reputation: 29121
The problem is, if you have a 'username' and 'password' field (in CakePHP 1.3 or prior), the field called "password" gets automatically hashed. So when you do it manually, you're actually hashing it twice.
You can either rename it to something else like "password1", "mypass", "toiletpaper"...etc, which would keep it from being auto-hashed, or you can remove your additional hash.
Upvotes: 5
Related Questions
- cakephp3- hashed password doesnt match when compared
- DefaultPasswordHasher generating different hash for the same value
- Hashing a password
- cakephp auth component: password hashing problem
- Why is CakePHP hashing my password twice?
- Password is not hashed before storing in database
- CakePHP password doesn't get hash
- cakephp not hashing password in model
- Password hashing not working properly
- Why is the CakePHP authentication component not hashing my password?