FOUND IT!!!!! In typical Cake fashion - Cake does it all for you. It appears that in my add method, I don't need to do $this->data['User']['passwd'] = Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); as Cake automatically hashes the password for you!!!
I removed this line, checked the database and the hash 020f720ed252827bac15fdf5944d701ee8d436a1 is already in there the passwd field, and it matches the hash generated by $this->Auth->login. So a tip for you all - If you use the field name 'passwd', and possibly 'password' cake will auto hash the password for you! Tane On 3/15/07, digital spaghetti <[EMAIL PROTECTED]> wrote: > Felix - After I submitted a trac, i had a play about and I think your > right. It's now looking less like a bug in cake and more in my code, > but I can't figure it out > > $this->data['User']['passwd'] = > > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); still > > gives a different hash to: > > $controller->data[$this->userModel][$this->fields['password']] = > Security::hash(CAKE_SESSION_STRING . > $controller->data[$this->userModel][$this->fields['password']]); > > I removed CAKE_SESSION_STRING from both functions, and now when I try > log in, the Auth component is giving the correct sha1, my function is > not. Not sure why, must be a whitespace getting in there somehow. > > Here is my full function: > > function add() > { > if (!empty($this->data)) > { > if ( > !$this->User->findByUsername($this->data['User']['username']) ) > { > // Taken out as affecting add with hashing > if ( /*$this->data['User']['passwd_conf'] ==*/ > $this->data['User']['passwd']) > { > if ( > $this->data['User']['email_conf'] == $this->data['User']['email']) > { > $this->data['User']['passwd'] > = > Security::hash(CAKE_SESSION_STRING . $this->data['User']['passwd']); > > if > ($this->User->save($this->data)) > { > > $this->Session->setFlash('Your registation has been successful.'); > > $this->redirect('/users/login'); > } > } else { > > $this->Session->setFlash('Emails do not match.'); > } > } else { > $this->Session->setFlash('Passwords > do not match.'); > } > } else { > $this->Session->setFlash('User already > exists.'); > } > } > } > > Tane > > On 3/15/07, Felix Geisend�rfer <[EMAIL PROTECTED]> wrote: > > > > I believe the problems are related to a change to the AuthComponent that > > was made a while ago. You basically have to prepend the CAKE_SESSION_STRING > > to your pw to allow for bigger randomization: > > > > Try this: > > $this->data['User']['passwd'] = > > Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); > > > > -- Felix Geisend�rfer aka the_undefined > > > > -------------------------- > > http://www.thinkingphp.org > > http://www.fg-webdesign.de > > > > > > Digital Spaghetti wrote: > > I've submitted a trac for this here: > > https://trac.cakephp.org/ticket/2252 > > as a possible bug. > > > > Tane > > > > On Mar 15, 4:21 pm, "digital spaghetti" > > <[EMAIL PROTECTED]> wrote: > > > > > > Hey folks, > > > > My saga continues with trying to get Auth working in my Cake 1.2 > > application. Either I am doing something silly now, or there is a > > bug. > > > > First of all, I am using the default hash set in Security (which from > > what I can see is sha1). Now, in my user add function I hash the > > password like this: > > > > $this->data['User']['passwd'] = > > Security::hash($this->data['User']['passwd']); > > > > This is done just before my $this->User->save, and using the password > > 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86 > > is > > generated and saved in the database > > > > Now, when I try to log in I have $this->Auth->login() in my login > > function, i use the password 'test' and in the debug below in the SQL, > > the passwd hash is > > 020f720ed252827bac15fdf5944d701ee8d436a1, also the > > login form is returned with an empty username field, and passwd filled > > with the hash (in password * form). > > > > I've taken both these keys, and run them through this hash > > checked:http://www.securitystats.com/tools/hashcrack.php > > but both say SHA1 > > Hash Not Found. > > > > Just as an extra test, in phpmyadmin I put the password 'test' in and > > used MySQL's sha1 function - it gave me this: > > a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another > > completely > > different hash. > > > > This is driving me mad, please someone help!!!! > > > > Tane > > > > > > > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---