I have some users table with 2 value , email and password (hash with sha1).
Then i using auth component to make login form.
To make sure, that auth will using sha1 when hashing password, i'm using :
Security::setHash('sha1'); in beforeFilter().
Problem happen when Auth hashing password from password input form.
Auth hashing password from input form with sha1 + security.salt. (not pure
sha1).
It's make different value between password input form and value in password
table's with same words,
example, clean password is "test".
hashing output "test" from Auth is different with sha1 hashing in password
table.
Make clean value on security.salt will be one bad solution.
Cause cakePHP using security.salt not only on Auth, but encrypt cookies too.
Then, i try edit cake/libs/controller/components/auth.php.
.........
/**
* Hash a password with the application's salt value (as defined with
Configure::write('Security.salt');
*
* @param string $password Password to hash
* @return string Hashed password
* @access public
*/
function password($password) {
return Security::hash($password, null, true); <--- i change this
with false
}
/**
.............
Problem solved. But still doubt about it.
There are another way to make Auth hashing without security.salt ?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
