FOUND IT!!!!!
In typical Cake fashion - Cake does it all for you. It appears that
in my add method, I don't need to do $this->data['User']['passwd'] =
Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); as
Cake automatically hashes the password for you!!!
I removed this line, checked the database and the hash
020f720ed252827bac15fdf5944d701ee8d436a1 is already in there the
passwd field, and it matches the hash generated by $this->Auth->login.
So a tip for you all - If you use the field name 'passwd', and
possibly 'password' cake will auto hash the password for you!
Tane
On 3/15/07, digital spaghetti <[EMAIL PROTECTED]> wrote:
> Felix - After I submitted a trac, i had a play about and I think your
> right. It's now looking less like a bug in cake and more in my code,
> but I can't figure it out
>
> $this->data['User']['passwd'] =
> > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); still
> > gives a different hash to:
>
> $controller->data[$this->userModel][$this->fields['password']] =
> Security::hash(CAKE_SESSION_STRING .
> $controller->data[$this->userModel][$this->fields['password']]);
>
> I removed CAKE_SESSION_STRING from both functions, and now when I try
> log in, the Auth component is giving the correct sha1, my function is
> not. Not sure why, must be a whitespace getting in there somehow.
>
> Here is my full function:
>
> function add()
> {
> if (!empty($this->data))
> {
> if (
> !$this->User->findByUsername($this->data['User']['username']) )
> {
> // Taken out as affecting add with hashing
> if ( /*$this->data['User']['passwd_conf'] ==*/
> $this->data['User']['passwd'])
> {
> if (
> $this->data['User']['email_conf'] == $this->data['User']['email'])
> {
> $this->data['User']['passwd']
> =
> Security::hash(CAKE_SESSION_STRING . $this->data['User']['passwd']);
>
> if
> ($this->User->save($this->data))
> {
>
> $this->Session->setFlash('Your registation has been successful.');
>
> $this->redirect('/users/login');
> }
> } else {
>
> $this->Session->setFlash('Emails do not match.');
> }
> } else {
> $this->Session->setFlash('Passwords
> do not match.');
> }
> } else {
> $this->Session->setFlash('User already
> exists.');
> }
> }
> }
>
> Tane
>
> On 3/15/07, Felix Geisend�rfer <[EMAIL PROTECTED]> wrote:
> >
> > I believe the problems are related to a change to the AuthComponent that
> > was made a while ago. You basically have to prepend the CAKE_SESSION_STRING
> > to your pw to allow for bigger randomization:
> >
> > Try this:
> > $this->data['User']['passwd'] =
> > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']);
> >
> > -- Felix Geisend�rfer aka the_undefined
> >
> > --------------------------
> > http://www.thinkingphp.org
> > http://www.fg-webdesign.de
> >
> >
> > Digital Spaghetti wrote:
> > I've submitted a trac for this here:
> > https://trac.cakephp.org/ticket/2252
> > as a possible bug.
> >
> > Tane
> >
> > On Mar 15, 4:21 pm, "digital spaghetti"
> > <[EMAIL PROTECTED]> wrote:
> >
> >
> > Hey folks,
> >
> > My saga continues with trying to get Auth working in my Cake 1.2
> > application. Either I am doing something silly now, or there is a
> > bug.
> >
> > First of all, I am using the default hash set in Security (which from
> > what I can see is sha1). Now, in my user add function I hash the
> > password like this:
> >
> > $this->data['User']['passwd'] =
> > Security::hash($this->data['User']['passwd']);
> >
> > This is done just before my $this->User->save, and using the password
> > 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86
> > is
> > generated and saved in the database
> >
> > Now, when I try to log in I have $this->Auth->login() in my login
> > function, i use the password 'test' and in the debug below in the SQL,
> > the passwd hash is
> > 020f720ed252827bac15fdf5944d701ee8d436a1, also the
> > login form is returned with an empty username field, and passwd filled
> > with the hash (in password * form).
> >
> > I've taken both these keys, and run them through this hash
> > checked:http://www.securitystats.com/tools/hashcrack.php
> > but both say SHA1
> > Hash Not Found.
> >
> > Just as an extra test, in phpmyadmin I put the password 'test' in and
> > used MySQL's sha1 function - it gave me this:
> > a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another
> > completely
> > different hash.
> >
> > This is driving me mad, please someone help!!!!
> >
> > Tane
> >
> >
> >
> >
> >
> >
> > > >
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
