I am. All passwords in the db are hashed. The problem seems to be that instead of getting info from the users table, it is only filling debug($this->Session->read('Auth.User')); and debug($this->Auth->User()) with data from the form. Otherwise the password would be hashed. It has nowhere else to get an unhashed password from. This seems like a pretty poor choice for default behavior. I would prefer that my app didn't store passwords from the form anywhere.
On Tuesday, June 19, 2012 2:50:45 PM UTC-6, Jeremy Burns wrote: > > You should be hashing the password before saving it. > > Jeremy Burns > Class Outfit > > http://www.classoutfit.com > > On 19 Jun 2012, at 19:41:30, Joey Hauschildt wrote: > > debug($this->Session->read('Auth.User')); and debug($this->Auth->User()); > both return: > > array( > 'User' => array( > 'password' => '*****', > 'email' => 't...@example.com' > ) > ) > > These are the fields that the user uses to log in. The password isn't even > hashed. When I print_r, it displays the actual password. I would like to > have access to other user info like an ID or role. Do I need to use my own > query to get this info or should the Auth Component be grabbing that stuff > for me?. > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > > > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php