Note: Google Groups seemed to have eaten my first attempt, I hope this
isn't a repost!
I am also stuck on this hashing issue with my existing database.
However, I can't figure out how to create an appropriate object. Could
someone take a look at the component I created and help me find what's
missing?? Thanks!
/* The app controller: */
var $components = array('Auth', 'ScupAuth');
function beforeFilter() {
Security::setHash('md5');
$this->Auth->authorize = $this->ScupAuth;
}
/* My custom controller: */
<?php
App::import(array('Router', 'Security'));
class ScupAuthComponent extends Object {
//var $components = array("Auth");
function initialize(&$controller) {
$this->controller =& $controller;
}
function hashPasswords($data) {
if (isset($data[$this->controller->Auth->userModel])) {
if
(isset($data[$this->controller->Auth->userModel][$this-
>controller->Auth->fields['username']]) && isset($data[$this-
>controller->Auth->userModel][$this->controller->Auth-
>fields['password']])) {
$data[$this->controller->Auth->userModel][$this->controller->Auth-
>fields['password']] = $this->password($data[$this->controller->Auth-
>userModel][$this->controller->Auth->fields['password']]);
}
}
}
function password($password) {
return Security::hash($password, null, false);
}
}
On Sep 14, 10:08 pm, "Yodi Aditya" <[EMAIL PROTECTED]> wrote:
> I have read about auth component inhttp://manual.cakephp.org.
> then, i found this :
>
> " The Security class uses a salt value (set in /app/config/core.php) to
> encrypt the password. If you have an existing database that previously used
> an encryption scheme without a salt, set
> authorize<http://manual.cakephp.org/view/566/view/396/authorize>if not
> already set, and create the method
> password <http://manual.cakephp.org/view/386/password> in the class you
> nominate. "
>
> Whew... hope it's help someone that have same problem with me :D
>
> On 9/12/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
>
>
> > thanks martin. thats help me solve my problem.
>
> > On 9/11/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> > > There are at least two ways to stop AuthComponent from using the salt.
>
> > > I think the simple hacky way for you in this case is to alter that one
> > > line of code in Auth and keep it in your list of "small tweaks I have
> > > done" (I have one of those).
> > > Line 811
> > > return Security::hash($password, null, true);
> > > should read
> > > return Security::hash($password, null, false);
>
> > > You can avoid modifying Auth by assigning the authenticate property to
> > > an object you have created. Then you can hash any way you like in that
> > > object. Look at hashPasswords() in Auth. This method delegates the
> > > hashing to an authenticate object if you have set one.
>
> > > /Martin
>
> > > On Sep 11, 11:50 am, "Yodi Aditya" <[EMAIL PROTECTED]> wrote:
> > >> Thanks David,
>
> > >> I want password in table hashing with sha1 only and without
> > security.salt.
> > >> in another way, it will make me easy using same table with different
> > >> framework or CMS.
> > >> cause sha1 is include on most CMS / framework. Salt? i don't think so.
>
> > >> Cookies needed for " remember me " on login form.
> > >> I need security.salt to hash them and I don't put user password on
> > >> cookies.
>
> > >> I think someone has same problem with me.
> > >> Just in some case, you want to build some cakephp based site.
> > >> but, received some user and password data (hashed with sha1) before.
>
> > >> how to use this with Auth component...
>
> > >> On 9/11/08, David C. Zentgraf <[EMAIL PROTECTED]> wrote:
>
> > >> > Not quite sure I understand your particular issue, but why is the
> > >> > password in your DB "pure" SHA1?
> > >> > If you're using the Auth component all the way, it will hash the
> > >> > password including Salt when the user registers, so the only thing
> > >> > that should go into the db is SHA1(salt.password). And every time the
> > >> > user logs in, Auth uses the same SHA1(salt.password) for checking.
>
> > >> > If of course you got the passwords into the DB in another way, using
> > >> > only SHA1(password), you'll get conflicting results...
>
> > >> > And what do you want to do with cookies?
>
> > >> > Chrs,
> > >> > Dav
>
> > >> > On 11 Sep 2008, at 15:36, Yodi Aditya wrote:
>
> > >> > > Hey, dude.
> > >> > > Thanks, that's right sha1 is default hashing in auth component.
> > >> > > i just convience that using correct hashing sha1 in my controller
> > >> > > using
> > >> > > beforeFilter().
>
> > >> > > But,
> > >> > > I say before, security.salt needed not only for Auth but hashing
> > >> > > cookies
> > >> > > too.
> > >> > > Disable security.salt is a bad solution.
>
> > >> > > I'm login using Auth component, just like this :
>
> > >> > > function login() {
> > >> > > if ($this->Auth->user()) {
> > >> > > if (!empty($this->data)) {
> > >> > > $this->redirect($this->Auth->redirect());
> > >> > > }
> > >> > > }
> > >> > > }
>
> > >> > > user() check username and password automatically.
> > >> > > When checking password, Auth always hashing using sha1 combine with
> > >> > > security.salt.
> > >> > > It's makes different value compare with my password in database
> > >> > > that's using
> > >> > > sha1 only.
>
> > >> > > Anyone help?
>
> > >> > > On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote:
>
> > >> > >> Why do you need to set Security::setHash('sha1') in beforeFilter()
> > >> > >> function
> > >> > >> ?
>
> > >> > >> CakePHP use sha1 as default encryption.
>
> > >> > >> Meanwhile, you can use this In login form :
>
> > >> > >> $this->Auth->password($this->data['User']['password']) <--
> > >> > >> automatically
> > >> > >> using sha1 with salt.
>
> > >> > >> But if you want CakePHP use no .salt. at all, edit : app/config/
> > >> > >> core.php
>
> > >> > >> Just comment the following line :
>
> > >> > >> //Configure::write('Security.salt',
> > >> > >> '78bc27f1b49f17f5c3392e728f789bad78dbeb77');
>
> > >> > >> Okto.Silaban.Net
>
> > >> > >> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]>
> > >> > >> wrote:
>
> > >> > >>> I have some users table with 2 value , email and password (hash
> > with
> > >> > >>> sha1).
> > >> > >>> Then i using auth component to make login form.
> > >> > >>> To make sure, that auth will using sha1 when hashing password, i'm
> > >> > >>> using :
> > >> > >>> Security::setHash('sha1'); in beforeFilter().
>
> > >> > >>> Problem happen when Auth hashing password from password input
> > form.
> > >> > >>> Auth hashing password from input form with sha1 + security.salt.
> > >> > >>> (not pure
> > >> > >>> sha1).
> > >> > >>> It's make different value between password input form and value in
> > >> > >>> password table's with same words,
> > >> > >>> example, clean password is "test".
> > >> > >>> hashing output "test" from Auth is different with sha1 hashing in
> > >> > >>> password
> > >> > >>> table.
>
> > >> > >>> Make clean value on security.salt will be one bad solution.
> > >> > >>> Cause cakePHP using security.salt not only on Auth, but encrypt
> > >> > >>> cookies
> > >> > >>> too.
>
> > >> > >>> Then, i try edit cake/libs/controller/components/auth.php.
> > >> > >>> .........
> > >> > >>> /**
> > >> > >>> * Hash a password with the application's salt value (as defined
> > with
> > >> > >>> Configure::write('Security.salt');
> > >> > >>> *
> > >> > >>> * @param string $password Password to hash
> > >> > >>> * @return string Hashed password
> > >> > >>> * @access public
> > >> > >>> */
> > >> > >>> function password($password) {
> > >> > >>> return Security::hash($password, null, true); <--- i change
> > >> > >>> this
> > >> > >>> with false
> > >> > >>> }
> > >> > >>> /**
> > >> > >>> .............
>
> > >> > >>> Problem solved. But still doubt about it.
> > >> > >>> There are another way to make Auth hashing without security.salt ?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
