Note: Google Groups seemed to have eaten my first attempt, I hope this isn't a repost!
I am also stuck on this hashing issue with my existing database. However, I can't figure out how to create an appropriate object. Could someone take a look at the component I created and help me find what's missing?? Thanks! /* The app controller: */ var $components = array('Auth', 'ScupAuth'); function beforeFilter() { Security::setHash('md5'); $this->Auth->authorize = $this->ScupAuth; } /* My custom controller: */ <?php App::import(array('Router', 'Security')); class ScupAuthComponent extends Object { //var $components = array("Auth"); function initialize(&$controller) { $this->controller =& $controller; } function hashPasswords($data) { if (isset($data[$this->controller->Auth->userModel])) { if (isset($data[$this->controller->Auth->userModel][$this- >controller->Auth->fields['username']]) && isset($data[$this- >controller->Auth->userModel][$this->controller->Auth- >fields['password']])) { $data[$this->controller->Auth->userModel][$this->controller->Auth- >fields['password']] = $this->password($data[$this->controller->Auth- >userModel][$this->controller->Auth->fields['password']]); } } } function password($password) { return Security::hash($password, null, false); } } On Sep 14, 10:08 pm, "Yodi Aditya" <[EMAIL PROTECTED]> wrote: > I have read about auth component inhttp://manual.cakephp.org. > then, i found this : > > " The Security class uses a salt value (set in /app/config/core.php) to > encrypt the password. If you have an existing database that previously used > an encryption scheme without a salt, set > authorize<http://manual.cakephp.org/view/566/view/396/authorize>if not > already set, and create the method > password <http://manual.cakephp.org/view/386/password> in the class you > nominate. " > > Whew... hope it's help someone that have same problem with me :D > > On 9/12/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > thanks martin. thats help me solve my problem. > > > On 9/11/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > There are at least two ways to stop AuthComponent from using the salt. > > > > I think the simple hacky way for you in this case is to alter that one > > > line of code in Auth and keep it in your list of "small tweaks I have > > > done" (I have one of those). > > > Line 811 > > > return Security::hash($password, null, true); > > > should read > > > return Security::hash($password, null, false); > > > > You can avoid modifying Auth by assigning the authenticate property to > > > an object you have created. Then you can hash any way you like in that > > > object. Look at hashPasswords() in Auth. This method delegates the > > > hashing to an authenticate object if you have set one. > > > > /Martin > > > > On Sep 11, 11:50 am, "Yodi Aditya" <[EMAIL PROTECTED]> wrote: > > >> Thanks David, > > > >> I want password in table hashing with sha1 only and without > > security.salt. > > >> in another way, it will make me easy using same table with different > > >> framework or CMS. > > >> cause sha1 is include on most CMS / framework. Salt? i don't think so. > > > >> Cookies needed for " remember me " on login form. > > >> I need security.salt to hash them and I don't put user password on > > >> cookies. > > > >> I think someone has same problem with me. > > >> Just in some case, you want to build some cakephp based site. > > >> but, received some user and password data (hashed with sha1) before. > > > >> how to use this with Auth component... > > > >> On 9/11/08, David C. Zentgraf <[EMAIL PROTECTED]> wrote: > > > >> > Not quite sure I understand your particular issue, but why is the > > >> > password in your DB "pure" SHA1? > > >> > If you're using the Auth component all the way, it will hash the > > >> > password including Salt when the user registers, so the only thing > > >> > that should go into the db is SHA1(salt.password). And every time the > > >> > user logs in, Auth uses the same SHA1(salt.password) for checking. > > > >> > If of course you got the passwords into the DB in another way, using > > >> > only SHA1(password), you'll get conflicting results... > > > >> > And what do you want to do with cookies? > > > >> > Chrs, > > >> > Dav > > > >> > On 11 Sep 2008, at 15:36, Yodi Aditya wrote: > > > >> > > Hey, dude. > > >> > > Thanks, that's right sha1 is default hashing in auth component. > > >> > > i just convience that using correct hashing sha1 in my controller > > >> > > using > > >> > > beforeFilter(). > > > >> > > But, > > >> > > I say before, security.salt needed not only for Auth but hashing > > >> > > cookies > > >> > > too. > > >> > > Disable security.salt is a bad solution. > > > >> > > I'm login using Auth component, just like this : > > > >> > > function login() { > > >> > > if ($this->Auth->user()) { > > >> > > if (!empty($this->data)) { > > >> > > $this->redirect($this->Auth->redirect()); > > >> > > } > > >> > > } > > >> > > } > > > >> > > user() check username and password automatically. > > >> > > When checking password, Auth always hashing using sha1 combine with > > >> > > security.salt. > > >> > > It's makes different value compare with my password in database > > >> > > that's using > > >> > > sha1 only. > > > >> > > Anyone help? > > > >> > > On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote: > > > >> > >> Why do you need to set Security::setHash('sha1') in beforeFilter() > > >> > >> function > > >> > >> ? > > > >> > >> CakePHP use sha1 as default encryption. > > > >> > >> Meanwhile, you can use this In login form : > > > >> > >> $this->Auth->password($this->data['User']['password']) <-- > > >> > >> automatically > > >> > >> using sha1 with salt. > > > >> > >> But if you want CakePHP use no .salt. at all, edit : app/config/ > > >> > >> core.php > > > >> > >> Just comment the following line : > > > >> > >> //Configure::write('Security.salt', > > >> > >> '78bc27f1b49f17f5c3392e728f789bad78dbeb77'); > > > >> > >> Okto.Silaban.Net > > > >> > >> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]> > > >> > >> wrote: > > > >> > >>> I have some users table with 2 value , email and password (hash > > with > > >> > >>> sha1). > > >> > >>> Then i using auth component to make login form. > > >> > >>> To make sure, that auth will using sha1 when hashing password, i'm > > >> > >>> using : > > >> > >>> Security::setHash('sha1'); in beforeFilter(). > > > >> > >>> Problem happen when Auth hashing password from password input > > form. > > >> > >>> Auth hashing password from input form with sha1 + security.salt. > > >> > >>> (not pure > > >> > >>> sha1). > > >> > >>> It's make different value between password input form and value in > > >> > >>> password table's with same words, > > >> > >>> example, clean password is "test". > > >> > >>> hashing output "test" from Auth is different with sha1 hashing in > > >> > >>> password > > >> > >>> table. > > > >> > >>> Make clean value on security.salt will be one bad solution. > > >> > >>> Cause cakePHP using security.salt not only on Auth, but encrypt > > >> > >>> cookies > > >> > >>> too. > > > >> > >>> Then, i try edit cake/libs/controller/components/auth.php. > > >> > >>> ......... > > >> > >>> /** > > >> > >>> * Hash a password with the application's salt value (as defined > > with > > >> > >>> Configure::write('Security.salt'); > > >> > >>> * > > >> > >>> * @param string $password Password to hash > > >> > >>> * @return string Hashed password > > >> > >>> * @access public > > >> > >>> */ > > >> > >>> function password($password) { > > >> > >>> return Security::hash($password, null, true); <--- i change > > >> > >>> this > > >> > >>> with false > > >> > >>> } > > >> > >>> /** > > >> > >>> ............. > > > >> > >>> Problem solved. But still doubt about it. > > >> > >>> There are another way to make Auth hashing without security.salt ? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---