i'm not sure if/how you can disable Auth's automatic hashing of the
password value to authenticate the login. In any case, i'd be very careful
about doing so. i have a very basic understanding of that component.
Someone else would have to speak to that, and any ideas for converting the
existing user record's password without setting up a new account. i don't
know if there are that many options. Security sacrifices a good amount of
flexibility in cases like this.
-joe
On Sunday, 11 January 2015 06:52:07 UTC-5, tech_me wrote:
>
> > If '123' is the actual data in your password field in the data record,
> it's very likely this is the problem you're having with logging in.
> Maybe this is the problem;)
>
> > That's why i recommended setting up the create-user form from the
> tutorial.
> > It will set up the creation of the user record, which will encrypt the
> password you supply and store *that* version in the table for comparison
> during login.
> I will try the CTP style login soon.
> But, could I use existed (user) data if I just wanted to test my login
> success or failure with session functionality?
> Not want to do the creating user process before other implementations.
>
> Thank you,
> tech_me
>
>
> On Tuesday, January 6, 2015 at 9:11:07 AM UTC+9, Joe T. wrote:
>>
>> >> Is that the actual data in `users`, or just simplified for example?
>> Just want to clarify. Manually adding records won't work in this case.
>> >It is the actual data which is storing in my `users` table.
>>
>> If '123' is the actual data in your password field in the data record,
>> it's very likely this is the problem you're having with logging in.
>>
>> The line
>> if ($this->Auth->login()) { ...
>> fails because Auth->login() method encrypts the POST password, turning '
>> *123*' into something like *$2y$10$VgMbmaJ5l96WJYJeU*... (in other
>> words, an encrypted version of '*123*'). The encrypted string is
>> compared to the database value more or less *as-is*. It expects the
>> database value to *already* be encrypted. If they match, login passes.
>> In your case:
>>
>> Encrypted POST password *$2y$10$VgMbmaJ5l96WJYJeU*... *!==* stored
>> password value *123*, so login fails.
>>
>> That's why i recommended setting up the create-user form from the
>> tutorial. It will set up the creation of the user record, which will
>> encrypt the password you supply and store *that* version in the table
>> for comparison during login.
>>
>> When i said you should adapt it to your needs, i meant the way the
>> tutorial demonstrates the Form builder for CTP may not match exactly what
>> you need for TAL. i'm unfamiliar with that, so if ignore that part if it
>> was more confusing. :)
>>
>> Hope that clears things up a *little*. :)
>> -joe
>>
>>
>> On Sunday, 4 January 2015 01:59:27 UTC-5, tech_me wrote:
>>>
>>> Hi Joe,
>>> Happy New Year!
>>>
>>> I'm sorry for delaying reply you.
>>> > Is that the actual data in `users`, or just simplified for example?
>>> Just want to clarify. Manually adding records won't work in this case.
>>> It is the actual data which is storing in my `users` table.
>>>
>>> > Auth automatically encrypts the submitted password & compares it to
>>> the database value. If you enter '123' as the password, it's not going to
>>> match '123' in the database after Auth encrypts it.
>>> I don't know this issue, but entered the password `123` just as it have
>>> been stored in my table.
>>> Maybe this is the problem...I'll check it.
>>>
>>> > Obviously, adapt the CTP form to your TAL needs.
>>> What this means? Are you talking about the usage in my controller but
>>> not html(TAL) files for login?
>>>
>>> Regards,
>>> tech_me
>>>
>>>
>>> On Tuesday, December 23, 2014 11:35:40 PM UTC+9, Joe T. wrote:
>>>>
>>>> Is that the actual data in `users`, or just simplified for example?
>>>> Just want to clarify. Manually adding records won't work in this case.
>>>> Auth
>>>> automatically encrypts the submitted password & compares it to the
>>>> database
>>>> value. If you enter '123' as the password, it's not going to match '123'
>>>> in
>>>> the database after Auth encrypts it.
>>>>
>>>> Look here for how to set up adding/editing users:
>>>> http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
>>>> Obviously, adapt the CTP form to your TAL needs.
>>>>
>>>> Hope that helps...
>>>> -joe t.
>>>>
>>>>
>>>> On Monday, 22 December 2014 20:42:33 UTC-5, tech_me wrote:
>>>>>
>>>>> By the way, I have a table `users` in my db, which have 2 records.
>>>>> id, email, password
>>>>> 1001, abc@com, 123
>>>>> 1002, abc@org, 456
>>>>>
>>>>> When I input email and password on the login form, it fails at `if
>>>>> ($this->Auth->login())`
>>>>>
>>>>>
>>>>> On Tuesday, December 23, 2014 10:39:39 AM UTC+9, tech_me wrote:
>>>>>>
>>>>>> In my view file(html)
>>>>>> <form method="POST" tal:attributes="action string:/users/login">
>>>>>> <input type="text" name="email" size="15" maxlength="30"
>>>>>> placeholder="your email" /><br />
>>>>>> <input type="password" name="password" size="15" maxlength="15"
>>>>>> placeholder="password" /><br />
>>>>>> <input type="submit" value="login" />
>>>>>> </form>
>>>>>>
>>>>>> In my AppController.php
>>>>>> public $components = array('RequestHandler',
>>>>>> 'Auth' => array(
>>>>>> 'authenticate' => array(
>>>>>> 'Form' => array('userModel' => 'User',
>>>>>> 'fields' => array('username' =>
>>>>>> 'email',
>>>>>> 'password' =>
>>>>>> 'password'))),
>>>>>> 'loginAction' => array('controller' => 'users',
>>>>>> 'action' => 'login'));
>>>>>>
>>>>>> public function beforeFilter() {
>>>>>> $this->Auth->allow('login', 'logout');
>>>>>> }
>>>>>>
>>>>>> In my UsersController.php
>>>>>> public function login() {
>>>>>> if ($this->request->is('post')) {
>>>>>> if ($this->Auth->login()) {
>>>>>> return $this->redirect($this->Auth->redirect());
>>>>>> } else {
>>>>>> echo ('failed'); // Always come here...
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> public function logout() {
>>>>>> $this->Auth->logout();
>>>>>> $this->Session->destroy();
>>>>>> $this->redirect(array('action' => 'login'));
>>>>>> }
>>>>>>
>>>>>> Could you give some hints, please?
>>>>>> Thank you.
>>>>>>
>>>>>>
>>>>>> On Sunday, December 21, 2014 4:48:14 PM UTC+9, tech_me wrote:
>>>>>>>
>>>>>>> 1. Yes
>>>>>>> 2. Yes
>>>>>>> 3. No any error but just failed(false) at that `if` statement.
>>>>>>> 4. Maybe there is no the same name field in my user table, which is
>>>>>>> 'email' in html while 'nickname' in table schema
>>>>>>>
>>>>>>> I will have a try soon.
>>>>>>> Thank you.
>>>>>>>
>>>>>>>
>>>>>>> On Friday, December 19, 2014 4:55:03 AM UTC+9, John Andersen wrote:
>>>>>>>>
>>>>>>>> Please provide more information on the steps leading up to the
>>>>>>>> error that you get.
>>>>>>>> 1. Is the login form showing?
>>>>>>>> 2. Can you submit the form?
>>>>>>>> 3. Do you get the error back from your login method - wrong e-mail
>>>>>>>> or password?
>>>>>>>> 4. Something else?
>>>>>>>>
>>>>>>>> Suggest that you at least create the users table and add one user,
>>>>>>>> so that CakePHP has something to work with.
>>>>>>>>
>>>>>>>> Enjoy, John
>>>>>>>>
>>>>>>>> On Wednesday, 17 December 2014 14:14:43 UTC+2, tech_me wrote:
>>>>>>>>>
>>>>>>>>> I posted to SO several days ago, but no expected replies.
>>>>>>>>> http://stackoverflow.com/q/27403391
>>>>>>>>>
>>>>>>>>> I am now using PHPTAL <http://phptal.org/> which use html instead
>>>>>>>>> of ctp files.
>>>>>>>>> Is there anyone who use the html files to cooperate with Cake's
>>>>>>>>> authentication?
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>
>>>>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
