Why do you need to set Security::setHash('sha1') in beforeFilter() function ?
CakePHP use sha1 as default encryption. Meanwhile, you can use this In login form : $this->Auth->password($this->data['User']['password']) <-- automatically using sha1 with salt. But if you want CakePHP use no .salt. at all, edit : app/config/core.php Just comment the following line : //Configure::write('Security.salt', '78bc27f1b49f17f5c3392e728f789bad78dbeb77'); Okto.Silaban.Net On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]> wrote: > I have some users table with 2 value , email and password (hash with sha1). > Then i using auth component to make login form. > To make sure, that auth will using sha1 when hashing password, i'm using : > Security::setHash('sha1'); in beforeFilter(). > > Problem happen when Auth hashing password from password input form. > Auth hashing password from input form with sha1 + security.salt. (not pure > sha1). > It's make different value between password input form and value in password > table's with same words, > example, clean password is "test". > hashing output "test" from Auth is different with sha1 hashing in password > table. > > Make clean value on security.salt will be one bad solution. > Cause cakePHP using security.salt not only on Auth, but encrypt cookies > too. > > Then, i try edit cake/libs/controller/components/auth.php. > ......... > /** > * Hash a password with the application's salt value (as defined with > Configure::write('Security.salt'); > * > * @param string $password Password to hash > * @return string Hashed password > * @access public > */ > function password($password) { > return Security::hash($password, null, true); <--- i change this > with false > } > /** > ............. > > Problem solved. But still doubt about it. > There are another way to make Auth hashing without security.salt ? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---