Can you provide more information on how you overwrote the hash method
(Auth::password()) in AuthComponent *without* actually touching the
cakephp core code?
I've been tearing my hair out attempting to do this. I would think you
could create a component (e.g., CustomAuth) and override the method,
but, alas, this doesn't appear to work like I think it should.
On Jul 12, 7:41 am, francky06l <[EMAIL PROTECTED]> wrote:
> Hi bakers,
>
> Just wanted to share my experience of integrating the Auth component
> into a non-finished application in cake12.
> Overall, the component is great and easy to implement, however I had
> to deal with some "tricky" features.
>
> First the application context:
>
> I have users spread out in different centers. Basically a user belongs
> to a center. I have then a "Center" model and a "User" model. User
> belongsTo a Center.
> I can have a user "John Smith" in center A, and another "John Smith"
> in center B. Thus on login screen a field "Center name" is also
> captured. I can also disabled a complete center, meaning that every
> user of this center would fail to login.
>
> Using the Auth component, I have set the following in my login
> function :
>
> if(!empty($this->data))
> {
> // Add the Center checks
>
> $this->Auth->userScope = array( 'Center.disabled' => 0,
>
> 'Center.name' => $this->data['Center']['name']);
>
> if(!$this->Auth->login($this->data))
> {
>
> That should do the trick I though ... well not exactly. That does not
> work because the Auth component include a -1 as the recursive flag for
> the call to User->find.
> Workaround : I have added a $recursive variable to the component and
> initialized it to -1. Now I just have to add $this->Auth->recursive =
> 1; prior to the Auth->login call.
>
> Second "small" problem, I need to keep in the Session some fields of
> the Center record. For now, the login function of the Auth stores only
> $data['User'].
> I did solve this, in a "dirty way" by changing the return of the
> identify function :
>
> return $this->recursive > 0 ? $data : $data[$this->userModel];
>
> I am sure the above might give me some problems later, feel free to
> give me hints.
>
> Another problem that I faced, was the default hash parameters to use.
> My DB already had some user password hashed using md5.
> I did add a variable called $hashMethod in the component, and
> initialized to 'sha1', I can then override the variable if I need
> something else. I also added a $hashPrefix initialized to the
> CAKE_SESSION_STRING, and I can override it.
> The password function is modified as :
>
> function password($password) {
> return Security::hash($hashPrefix . $password, $hashMethod);
> }
>
> The hashPasswords implemented into the startup function gave me some
> trouble as well. I have a "changeDetail" function used by any user to
> change their details as well as their password. I have set a control
> to enforce the password strength such as at least 6 different
> characters among them 2 digits.
> This rule can't be verified anymore since the startup function will
> "hash" my password prior to my verification.
> For now the WorkAround is to use another field than "password" into
> the view and just add the "password" ($this->data['User']['password']
> = $this->Auth->password($this->data['User']['passtrick']) prior to
> save.
> This is no really "elegant", maybe a "enable/disable" method (or an
> array of controller/view to avoid the call to hashPasswords) could be
> implemented into the Auth ?
>
> That's about it for now. Do not get me wrong, I know I have listed
> mainly problems but the Auth is great component. I could work without
> the Auth component since my application requires login for every
> action (except the login / logout actions of course), but my main
> interest is to link it with the cake12 ACL (next step).
>
> Again, some of the above might be due to my misunderstanding of the
> component, please feel free to suggest or comments.
>
> Thanks
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
