Felix - After I submitted a trac, i had a play about and I think your right. It's now looking less like a bug in cake and more in my code, but I can't figure it out
$this->data['User']['passwd'] = > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); still > gives a different hash to: $controller->data[$this->userModel][$this->fields['password']] = Security::hash(CAKE_SESSION_STRING . $controller->data[$this->userModel][$this->fields['password']]); I removed CAKE_SESSION_STRING from both functions, and now when I try log in, the Auth component is giving the correct sha1, my function is not. Not sure why, must be a whitespace getting in there somehow. Here is my full function: function add() { if (!empty($this->data)) { if ( !$this->User->findByUsername($this->data['User']['username']) ) { // Taken out as affecting add with hashing if ( /*$this->data['User']['passwd_conf'] ==*/ $this->data['User']['passwd']) { if ( $this->data['User']['email_conf'] == $this->data['User']['email']) { $this->data['User']['passwd'] = Security::hash(CAKE_SESSION_STRING . $this->data['User']['passwd']); if ($this->User->save($this->data)) { $this->Session->setFlash('Your registation has been successful.'); $this->redirect('/users/login'); } } else { $this->Session->setFlash('Emails do not match.'); } } else { $this->Session->setFlash('Passwords do not match.'); } } else { $this->Session->setFlash('User already exists.'); } } } Tane On 3/15/07, Felix Geisend�rfer <[EMAIL PROTECTED]> wrote: > > I believe the problems are related to a change to the AuthComponent that > was made a while ago. You basically have to prepend the CAKE_SESSION_STRING > to your pw to allow for bigger randomization: > > Try this: > $this->data['User']['passwd'] = > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); > > -- Felix Geisend�rfer aka the_undefined > > -------------------------- > http://www.thinkingphp.org > http://www.fg-webdesign.de > > > Digital Spaghetti wrote: > I've submitted a trac for this here: > https://trac.cakephp.org/ticket/2252 > as a possible bug. > > Tane > > On Mar 15, 4:21 pm, "digital spaghetti" > <[EMAIL PROTECTED]> wrote: > > > Hey folks, > > My saga continues with trying to get Auth working in my Cake 1.2 > application. Either I am doing something silly now, or there is a > bug. > > First of all, I am using the default hash set in Security (which from > what I can see is sha1). Now, in my user add function I hash the > password like this: > > $this->data['User']['passwd'] = > Security::hash($this->data['User']['passwd']); > > This is done just before my $this->User->save, and using the password > 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86 > is > generated and saved in the database > > Now, when I try to log in I have $this->Auth->login() in my login > function, i use the password 'test' and in the debug below in the SQL, > the passwd hash is > 020f720ed252827bac15fdf5944d701ee8d436a1, also the > login form is returned with an empty username field, and passwd filled > with the hash (in password * form). > > I've taken both these keys, and run them through this hash > checked:http://www.securitystats.com/tools/hashcrack.php > but both say SHA1 > Hash Not Found. > > Just as an extra test, in phpmyadmin I put the password 'test' in and > used MySQL's sha1 function - it gave me this: > a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another > completely > different hash. > > This is driving me mad, please someone help!!!! > > Tane > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---