I am. All passwords in the db are hashed. The problem seems to be that
instead of getting info from the users table, it is only filling
debug($this->Session->read('Auth.User'));
and debug($this->Auth->User()) with data from the form. Otherwise the
password would be hashed. It has nowhere else to get an unhashed password
from. This seems like a pretty poor choice for default behavior. I would
prefer that my app didn't store passwords from the form anywhere.
On Tuesday, June 19, 2012 2:50:45 PM UTC-6, Jeremy Burns wrote:
>
> You should be hashing the password before saving it.
>
> Jeremy Burns
> Class Outfit
>
> http://www.classoutfit.com
>
> On 19 Jun 2012, at 19:41:30, Joey Hauschildt wrote:
>
> debug($this->Session->read('Auth.User')); and debug($this->Auth->User());
> both return:
>
> array(
> 'User' => array(
> 'password' => '*****',
> 'email' => 't...@example.com'
> )
> )
>
> These are the fields that the user uses to log in. The password isn't even
> hashed. When I print_r, it displays the actual password. I would like to
> have access to other user info like an ID or role. Do I need to use my own
> query to get this info or should the Auth Component be grabbing that stuff
> for me?.
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
>
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
