All geek questions in one place

Password hashing

I created a login form, but not a registration form, so I put the user data directly into the sql database.
I found out that cakephp automatically hashes the password when a user tries to log in, but at the moment I cannot log in because the password in the database is not hashed.
How cakephp hashes passwords?

My safety salt Dhhfei38fhDg37dg6Dg208Dh3h380Hrjd3

Could you lead me through what he does?

+6
source share
5 answers

Hashed passwords in cakephp are created:

 $hashedPasswords = Security::hash($yourPass, NULL, true);

See the cakephp manual for more details.

+8
source 
 debug(AuthComponent::password("your-password"));

This is if you haveh your password in your UserModel this way.

 public function beforeSave() { if (isset($this->data[$this->alias]['password'])) { $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']); } return true; }

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords

+4
source

Add a new user with a password. You can take the hash value of the new user password and paste it into other user records.

+2
source

As in Cakephp 2.0, Cake only hashes passwords during the login process, in other places (for example, register-method ...), the password will not be hashed automatically, because this was considered a strange behavior for people who are new to cakephp. If you want to hashed a password, you need to use the Sudhir method. One of the advantages that a cake does not have hash passwords automatically is that you can more easily check the complexity of the password (if it includes special characters, numbers, letters ecc).

+2
source

According to How to hash passwords in cakephp : "Security :: hash accepts type sha1."

+1
source

Source: https://habr.com/ru/post/903023/

More articles:


All Articles