Hey, dude.
Thanks, that's right sha1 is default hashing in auth component.
i just convience that using correct hashing sha1 in my controller using
beforeFilter().
But,
I say before, security.salt needed not only for Auth but hashing cookies
too.
Disable security.salt is a bad solution.
I'm login using Auth component, just like this :
function login() {
if ($this->Auth->user()) {
if (!empty($this->data)) {
$this->redirect($this->Auth->redirect());
}
}
}
user() check username and password automatically.
When checking password, Auth always hashing using sha1 combine with
security.salt.
It's makes different value compare with my password in database that's using
sha1 only.
Anyone help?
On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote:
>
> Why do you need to set Security::setHash('sha1') in beforeFilter() function
> ?
>
> CakePHP use sha1 as default encryption.
>
> Meanwhile, you can use this In login form :
>
> $this->Auth->password($this->data['User']['password']) <-- automatically
> using sha1 with salt.
>
>
> But if you want CakePHP use no .salt. at all, edit : app/config/core.php
>
> Just comment the following line :
>
> //Configure::write('Security.salt',
> '78bc27f1b49f17f5c3392e728f789bad78dbeb77');
>
> Okto.Silaban.Net
>
> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]> wrote:
>
>> I have some users table with 2 value , email and password (hash with
>> sha1).
>> Then i using auth component to make login form.
>> To make sure, that auth will using sha1 when hashing password, i'm using :
>> Security::setHash('sha1'); in beforeFilter().
>>
>> Problem happen when Auth hashing password from password input form.
>> Auth hashing password from input form with sha1 + security.salt. (not pure
>> sha1).
>> It's make different value between password input form and value in
>> password table's with same words,
>> example, clean password is "test".
>> hashing output "test" from Auth is different with sha1 hashing in password
>> table.
>>
>> Make clean value on security.salt will be one bad solution.
>> Cause cakePHP using security.salt not only on Auth, but encrypt cookies
>> too.
>>
>> Then, i try edit cake/libs/controller/components/auth.php.
>> .........
>> /**
>> * Hash a password with the application's salt value (as defined with
>> Configure::write('Security.salt');
>> *
>> * @param string $password Password to hash
>> * @return string Hashed password
>> * @access public
>> */
>> function password($password) {
>> return Security::hash($password, null, true); <--- i change this
>> with false
>> }
>> /**
>> .............
>>
>> Problem solved. But still doubt about it.
>> There are another way to make Auth hashing without security.salt ?
>>
>>
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
