0

In cakephp have changed from simplePasswordHasher to BlowfishPasswordHasher . I add the following code and comment out all refernces to the old simplehasher method but I cant login. I can create a new user with BlowfishPasswordHasher but logins now dont work?

The link below didnt fix the problem as I just cant login but I can see the new user with correct salted password

CakePHP - How do I implement blowfish hashing for passwords?

http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

//userscontroller
public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
           return $this->redirect($this->Auth->redirectUrl()); //for 2.3 and above versions, docs are old

        }
        $this->Session->setFlash(__('Invalid username or password, try again'));
    }
}  

//user
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
            $this->data[$this->alias]['password']
        );
    }
    return true;
}

//new user
  <?php echo $this->Form->create('User'); ?>
    <h2><?php echo __('Add User2'); ?></h2>
    <?php
    echo $this->Form->input('username');
    echo $this->Form->input('password');

//in appcontroller public $components = array( "Email", 'Session', 'Auth');

public function beforeFilter() {

        $this->Auth->authError = 'You cant access this page';
        $this->Auth->loginRedirect= array('controller' => 'users', 'action' => 'dashboard');
        $this->Auth->logoutRedirect= array('controller' => 'users','action' => 'login'  );
        $this->Auth->authorize= array('Controller');
        $this->Auth->unauthorizedRedirect=  '/users/dashboard'; 
        $this->set("logged_in", $this->Auth->loggedIn())

//user model
    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A username is required'
            )
        ),
        'password' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        )
Community
  • 1
  • 1
ajt
  • 642
  • 2
  • 6
  • 21
  • What's the length of your password field? Blowfish hashes are longer than sha1. – ADmad Aug 14 '14 at 14:03
  • varchar(255) is this correct? – ajt Aug 14 '14 at 14:07
  • Yup that's long enough, though if you changed it recently be sure to clear model cache. – ADmad Aug 14 '14 at 14:07
  • i didnt change the password field in mysql so what is the problem with it ? – ajt Aug 14 '14 at 14:09
  • You haven't included your Auth config in the post. Is it properly configured to use BlowfishPasswordHasher? – ADmad Aug 14 '14 at 14:14
  • What does you Auth component configuration look like? (@ADmad beat me to it) And are you sure you are trying to login with a newly created user, ie one that actually has a blowfish hash in the database? And before any further wild guessing starts, what have you tried so far to debug the problem? – ndm Aug 14 '14 at 14:15
  • I have edited the question and added the auth config. anything more let me know and I dont get any error apart from invalid user on a newly created user with blowfishpasswordhasher. How do i config properly to BlowfishPasswordHasher as this might be the issue which I didnt pick up in the docs – ajt Aug 14 '14 at 14:24
  • ok thanks , this in the beforefilter would be what? 'authenticate' => array( 'Form' => array( 'passwordHasher' => 'Blowfish' ) – ajt Aug 14 '14 at 14:27

1 Answers1

1

You haven't configured Auth to use BlowfishPasswordHasher so it's still uses the default hasher. Specify the passwordHasher key as shown in eg. here.

ADmad
  • 8,102
  • 16
  • 18