It's worse than you think. It's only a single md5 (the code you quoted is
for generating activation keys).
Passwords are created for this plugin in the UserAuthComponent class:
public function makePassword($pass) {
return md5($pass);
}
The developer has deliberately ignored the CakePHP security class - see the
hash method:
http://api20.cakephp.org/class/security
http://api20.cakephp.org/view_source/security#line-86
--
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
