Re: CakePHP 2.0 Auth
this is what i am experiencing, it rehashes the password. did you find a solution to not rehash? this image is kinda what id like to do, a simple check before hashing to see if the same value was posted back. help appreciated much thanks ahead! -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. attachment: STOPREHASH.PNG
Re: CakePHP 2.0 Auth
Yes, you should only hash if the field is actually submitted So you need to change your callback code here according to the documentation/cookbook. And you should only submit the field if you actually want to set/change the password This said, it is wise to not include the field directly in the form, but use an alias - see http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/ Mark Am Dienstag, 7. Januar 2014 01:33:00 UTC+1 schrieb David Eschmeyer: this is what i am experiencing, it rehashes the password. did you find a solution to not rehash? this image is kinda what id like to do, a simple check before hashing to see if the same value was posted back. help appreciated much thanks ahead! -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: cakephp 2.0 auth session problem
I am also having an issue with sessions, and I'm very frequently being asked to log back in. Configure::write('Session', array( 'defaults' = 'database', 'ini' = array( 'session.cookie_secure' = false ) )); Configure::write('Security.level', 'medium'); I have a domain that servers both HTTP and HTTPS, so I turned off secure cookies. I have Auth + ACL as well, and had no issue using CakePHP 1.3.x. I am using the database to store session information, and noticed that one user will generate many (10+) number of entries in the cake_sessions table. I'm still looking into AJAX requests being the cause, or I've seen a note about sessions being invalidated if a file (image, css, js, etc.) is not found. I'll be sure to post back if I find a solution, and I must, because this makes the site basically unusable. As an aside, I'm also using the Facebook SDK, but have comment out it's request to start a PHP session so that CakePHP can start it's own. Not sure if anyone else is using the Facebook SDK, but thought I would through that out there. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: cakephp 2.0 auth session problem
I am also noticing this problem a lot in 2.0, did either of you get to the bottom of it? It seems to be worse when multiple users are logging into the system at once, even when logging in with different users (does cake prevent concurrent logins with same account?) Regards, Paul. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: cakephp 2.0 auth session problem
I also experienced quite an amount of unexpected logouts in 2.0 now. To make sure it is not the garbage collector of the file system I switched to database. There no garbage collector should interfere as long as expires is not reached (which is several days). But the systems logs the user out after not even a few hours. On 16 Nov., 13:11, joh...@baldemia.com joh...@baldemia.com wrote: I've recently migrated an application from 1.3 to 2.0, and i'm encountering a problem with user authentification. The app uses a basic auth + acl setup, that worked fine in 1.3. First problem i encountered when deploying the app on my production server (CentOS6, php 5.3.6. mysql 5.1.12) was that the auth component wouldn't work at all, the session would be instantly regenerated after login, and the user would be redirected again to the login page. I managed to solve that by setting a random value to Session.cookie in core.php. All seemed to work now until users started getting randomly logged out. Problems occurs mostly during ajax calls and more rarely during normal page calls. I use ajax for a auto-save feature when editing certain records, a ajax call to a save function is made every 30 seconds. I wasn't able to pinpoint exactly why the session is regenerated as it all occurs randomly, app can work perfectly for hours then suddenly log out the user. I tried setting the security level to low or medium as this used to be a fix session related headaches in cake 1.3, but problem still persists. these are my current session settings: Configure::write('Session', array( 'defaults' = 'php', 'cookie' = 'appdevtest', 'checkAgent'= false, 'timeout' = 4320 )); Configure::write('Security.level', 'low'); -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP 2.0 Auth
or simply use a behavior: https://github.com/dereuromark/tools/blob/master/models/behaviors/change_password.php this is still cake1.3 though :) On 27 Jul., 04:18, Meroe Kush whme...@gmail.com wrote: Disregard my last post please. As soon as I hit send I found this: Hashing passwords AuthComponent no longer automatically hashes every password it can find. This was removed because it made a number of common tasks like validation difficult. You should never store plain text passwords, and before saving a user record you should always hash the password. You can use the static AuthComponent::password() to hash passwords before saving them. This will use the configured hashing strategy for your application. After validating the password, you can hash a password in the beforeSave callback of your model: ?php class User extends AppModel { function beforeSave($options = array()) { $this-data['User']['password'] = AuthComponent::password($this-data['User']['password']); return true; } } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP 2.0 Auth
Just a thought. If you have dragged the whole user record back that includes the hashed password and is then included in an array as part of a save function even if it hasn't been changed, will this beforeSave function not rehash the already hashed password? Jeremy Burns Class Outfit http://www.classoutfit.com On 27 Jul 2011, at 03:18, Meroe Kush wrote: Disregard my last post please. As soon as I hit send I found this: Hashing passwords AuthComponent no longer automatically hashes every password it can find. This was removed because it made a number of common tasks like validation difficult. You should never store plain text passwords, and before saving a user record you should always hash the password. You can use the static AuthComponent::password() to hash passwords before saving them. This will use the configured hashing strategy for your application. After validating the password, you can hash a password in the beforeSave callback of your model: ?php class User extends AppModel { function beforeSave($options = array()) { $this-data['User']['password'] = AuthComponent::password($this-data['User']['password']); return true; } } -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP 2.0 Auth not hashing password
This is mentioned in the migration guide, Auth doesnt auto hash your passwords anymore, you need to handle that manually in 2.0 . It was very confusing for new users to have the passwords auto hashed. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP 2.0 Auth not hashing password
Yup, I get that. I was merely raising the possibility of an already hashed password getting hashed again. What's the advice for telling whether or not a password has already been hashed? Jeremy Burns Class Outfit http://www.classoutfit.com On 27 Jul 2011, at 19:40, Ceeram wrote: This is mentioned in the migration guide, Auth doesnt auto hash your passwords anymore, you need to handle that manually in 2.0 . It was very confusing for new users to have the passwords auto hashed. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP 2.0 Auth not hashing password
On Jul 27, 2:55 pm, Jeremy Burns | Class Outfit jeremybu...@classoutfit.com wrote: Yup, I get that. I was merely raising the possibility of an already hashed password getting hashed again. What's the advice for telling whether or not a password has already been hashed? dont include the password in any updates except registration and change passeord processes. AD Jeremy Burns Class Outfit http://www.classoutfit.com On 27 Jul 2011, at 19:40, Ceeram wrote: This is mentioned in the migration guide, Auth doesnt auto hash your passwords anymore, you need to handle that manually in 2.0 . It was very confusing for new users to have the passwords auto hashed. -- Our newest site for the community: CakePHP Video Tutorialshttp://tv.cakephp.org Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
RE: CakePHP 2.0 Auth not hashing password
I can't really think of a good reason to do that. If you want to change you can verify the hash matches prior to changing for (old password verification). I can't think of a situation where you would bring the hashed value back in a field and display it to the browserunless I am missing your statement I think this is a good design how it is now in 2.0. From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Jeremy Burns | Class Outfit Sent: Wednesday, July 27, 2011 2:55 PM To: cake-php@googlegroups.com Subject: Re: CakePHP 2.0 Auth not hashing password Yup, I get that. I was merely raising the possibility of an already hashed password getting hashed again. What's the advice for telling whether or not a password has already been hashed? Jeremy Burns Class Outfit http://www.classoutfit.com On 27 Jul 2011, at 19:40, Ceeram wrote: This is mentioned in the migration guide, Auth doesnt auto hash your passwords anymore, you need to handle that manually in 2.0 . It was very confusing for new users to have the passwords auto hashed. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org http://tv.cakephp.org/ Check out the new CakePHP Questions site http://ask.cakephp.org http://ask.cakephp.org/ and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php