Well the other thing that is probably causing you trouble is that the AuthComponent will always hash any password fields for your automatically, regardless if it's the login action or not. This means on your signup page you probably only have to hash the passwd_conf field yourself and the passwd one will already be hashed for you by the component.
Let me know if this get's you up to speed ; ). -- Felix Geisendörfer aka the_undefined -------------------------- http://www.thinkingphp.org http://www.fg-webdesign.de digital spaghetti wrote: > Felix - After I submitted a trac, i had a play about and I think your > right. It's now looking less like a bug in cake and more in my code, > but I can't figure it out > > $this->data['User']['passwd'] = > >> Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); still >> gives a different hash to: >> > > $controller->data[$this->userModel][$this->fields['password']] = > Security::hash(CAKE_SESSION_STRING . > $controller->data[$this->userModel][$this->fields['password']]); > > I removed CAKE_SESSION_STRING from both functions, and now when I try > log in, the Auth component is giving the correct sha1, my function is > not. Not sure why, must be a whitespace getting in there somehow. > > Here is my full function: > > function add() > { > if (!empty($this->data)) > { > if ( > !$this->User->findByUsername($this->data['User']['username']) ) > { > // Taken out as affecting add with hashing > if ( /*$this->data['User']['passwd_conf'] ==*/ > $this->data['User']['passwd']) > { > if ( $this->data['User']['email_conf'] > == $this->data['User']['email']) > { > $this->data['User']['passwd'] = > Security::hash(CAKE_SESSION_STRING . $this->data['User']['passwd']); > > if > ($this->User->save($this->data)) > { > > $this->Session->setFlash('Your registation has been successful.'); > > $this->redirect('/users/login'); > } > } else { > > $this->Session->setFlash('Emails do not match.'); > } > } else { > $this->Session->setFlash('Passwords do > not match.'); > } > } else { > $this->Session->setFlash('User already > exists.'); > } > } > } > > Tane > > On 3/15/07, Felix Geisend�rfer <[EMAIL PROTECTED]> wrote: > >> I believe the problems are related to a change to the AuthComponent that >> was made a while ago. You basically have to prepend the CAKE_SESSION_STRING >> to your pw to allow for bigger randomization: >> >> Try this: >> $this->data['User']['passwd'] = >> Security::hash(CAKE_SESSION_STRING.$this->data['User']['passwd']); >> >> -- Felix Geisend�rfer aka the_undefined >> >> -------------------------- >> http://www.thinkingphp.org >> http://www.fg-webdesign.de >> >> >> Digital Spaghetti wrote: >> I've submitted a trac for this here: >> https://trac.cakephp.org/ticket/2252 >> as a possible bug. >> >> Tane >> >> On Mar 15, 4:21 pm, "digital spaghetti" >> <[EMAIL PROTECTED]> wrote: >> >> >> Hey folks, >> >> My saga continues with trying to get Auth working in my Cake 1.2 >> application. Either I am doing something silly now, or there is a >> bug. >> >> First of all, I am using the default hash set in Security (which from >> what I can see is sha1). Now, in my user add function I hash the >> password like this: >> >> $this->data['User']['passwd'] = >> Security::hash($this->data['User']['passwd']); >> >> This is done just before my $this->User->save, and using the password >> 'test' the hash of ef10104117f96aaa0cae48595b299fa798506d86 >> is >> generated and saved in the database >> >> Now, when I try to log in I have $this->Auth->login() in my login >> function, i use the password 'test' and in the debug below in the SQL, >> the passwd hash is >> 020f720ed252827bac15fdf5944d701ee8d436a1, also the >> login form is returned with an empty username field, and passwd filled >> with the hash (in password * form). >> >> I've taken both these keys, and run them through this hash >> checked:http://www.securitystats.com/tools/hashcrack.php >> but both say SHA1 >> Hash Not Found. >> >> Just as an extra test, in phpmyadmin I put the password 'test' in and >> used MySQL's sha1 function - it gave me this: >> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3. Another >> completely >> different hash. >> >> This is driving me mad, please someone help!!!! >> >> Tane >> >> >> >> >> >> >> > >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
