Felix - After I submitted a trac, i had a play about and I think your
right. It's now looking less like a bug in cake and more in my code,
but I can't figure it out
$this->data['User']['passwd'] =
> Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); still
> gives a different hash to:
$controller->data[$this->userModel][$this->fields['password']] =
Security::hash(CAKE_SESSION_STRING .
$controller->data[$this->userModel][$this->fields['password']]);
I removed CAKE_SESSION_STRING from both functions, and now when I try
log in, the Auth component is giving the correct sha1, my function is
not. Not sure why, must be a whitespace getting in there somehow.
Here is my full function:
function add()
{
if (!empty($this->data))
{
if (
!$this->User->findByUsername($this->data['User']['username']) )
{
// Taken out as affecting add with hashing
if ( /*$this->data['User']['passwd_conf'] ==*/
$this->data['User']['passwd'])
{
if ( $this->data['User']['email_conf']
== $this->data['User']['email'])
{
$this->data['User']['passwd'] =
Security::hash(CAKE_SESSION_STRING . $this->data['User']['passwd']);
if
($this->User->save($this->data))
{
$this->Session->setFlash('Your registation has been successful.');
$this->redirect('/users/login');
}
} else {
$this->Session->setFlash('Emails do not match.');
}
} else {
$this->Session->setFlash('Passwords do
not match.');
}
} else {
$this->Session->setFlash('User already
exists.');
}
}
}
Tane
On 3/15/07, Felix Geisend�rfer <[EMAIL PROTECTED]> wrote:
>
> I believe the problems are related to a change to the AuthComponent that
> was made a while ago. You basically have to prepend the CAKE_SESSION_STRING
> to your pw to allow for bigger randomization:
>
> Try this:
> $this->data['User']['passwd'] =
> Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']);
>
> -- Felix Geisend�rfer aka the_undefined
>
> --------------------------
> http://www.thinkingphp.org
> http://www.fg-webdesign.de
>
>
> Digital Spaghetti wrote:
> I've submitted a trac for this here:
> https://trac.cakephp.org/ticket/2252
> as a possible bug.
>
> Tane
>
> On Mar 15, 4:21 pm, "digital spaghetti"
> <[EMAIL PROTECTED]> wrote:
>
>
> Hey folks,
>
> My saga continues with trying to get Auth working in my Cake 1.2
> application. Either I am doing something silly now, or there is a
> bug.
>
> First of all, I am using the default hash set in Security (which from
> what I can see is sha1). Now, in my user add function I hash the
> password like this:
>
> $this->data['User']['passwd'] =
> Security::hash($this->data['User']['passwd']);
>
> This is done just before my $this->User->save, and using the password
> 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86
> is
> generated and saved in the database
>
> Now, when I try to log in I have $this->Auth->login() in my login
> function, i use the password 'test' and in the debug below in the SQL,
> the passwd hash is
> 020f720ed252827bac15fdf5944d701ee8d436a1, also the
> login form is returned with an empty username field, and passwd filled
> with the hash (in password * form).
>
> I've taken both these keys, and run them through this hash
> checked:http://www.securitystats.com/tools/hashcrack.php
> but both say SHA1
> Hash Not Found.
>
> Just as an extra test, in phpmyadmin I put the password 'test' in and
> used MySQL's sha1 function - it gave me this:
> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another
> completely
> different hash.
>
> This is driving me mad, please someone help!!!!
>
> Tane
>
>
>
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
