When the person logs in via API and gets the token, you don't have to have use the original password. Just do the $this->Auth->password() again, then take the md5 of the username and the hash of the password. There are other ways to achieve tokens so I guess this is one way to go at it , I would just HIGHLY ADVISE to not save plain passwords in your database thinking this is necessary to achieve your goal or something.
On Mar 4, 11:29 am, Kyle Decot <kdec...@gmail.com> wrote: > Hey guys. I have an interesting problem that I don't know how to > solve. I'm building an API for my site and some of my methods require > a api_token which is basically md5(username . md5(password)). The > problem is how to do I verify that this is valid when I don't know the > original password. All my passwords are hashed w/ $this->Auth- > > >password(). Any suggestions on how to go about this? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
