I believe the problems are related to a change to the AuthComponent that was made a while ago. You basically have to prepend the CAKE_SESSION_STRING to your pw to allow for bigger randomization:
Try this: $this->data['User']['passwd'] = Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); -- Felix Geisendörfer aka the_undefined -------------------------- http://www.thinkingphp.org http://www.fg-webdesign.de Digital Spaghetti wrote: > I've submitted a trac for this here: https://trac.cakephp.org/ticket/2252 > as a possible bug. > > Tane > > On Mar 15, 4:21 pm, "digital spaghetti" > <[EMAIL PROTECTED]> wrote: > >> Hey folks, >> >> My saga continues with trying to get Auth working in my Cake 1.2 >> application. Either I am doing something silly now, or there is a >> bug. >> >> First of all, I am using the default hash set in Security (which from >> what I can see is sha1). Now, in my user add function I hash the >> password like this: >> >> $this->data['User']['passwd'] = >> Security::hash($this->data['User']['passwd']); >> >> This is done just before my $this->User->save, and using the password >> 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86 is >> generated and saved in the database >> >> Now, when I try to log in I have $this->Auth->login() in my login >> function, i use the password 'test' and in the debug below in the SQL, >> the passwd hash is 020f720ed252827bac15fdf5944d701ee8d436a1, also the >> login form is returned with an empty username field, and passwd filled >> with the hash (in password * form). >> >> I've taken both these keys, and run them through this hash >> checked:http://www.securitystats.com/tools/hashcrack.php but both say SHA1 >> Hash Not Found. >> >> Just as an extra test, in phpmyadmin I put the password 'test' in and >> used MySQL's sha1 function - it gave me this: >> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another completely >> different hash. >> >> This is driving me mad, please someone help!!!! >> >> Tane >> > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
