Cake Php auth problem

1
votes

HI,

I have a problem with cake php built in auth - i cannot log in ...

1)user is added through app control pannel and hashed using $this->auth->password('xxx') - i've checked it's corrent in db

2)security salt is not emtpy

3) in action User/Login data['User']['password'] is empty (i don't know if this is correct but i've read that Auth remove content of data['password'] or data['User']['password'] - am I correct?

4) db has table users with fields username and password

After i'm trying to login $session->flash('auth') says:

Login failed. Invalid username or password.

but beforeFilter in AppController i've set

$this->Auth->loginError = 'No, you fool! Thats not the right password!';

So what can be wrong? :(

5
cakephploginauthentication

5 Answers

4
votes

Turn on debugging and check what queries are generated. If none, you probably have something wrong in your view. If there are any, then pick the hashed password it checks against and update password in db. If you succeed everything should work fine.

Setting first user is a bit tricky.

2
votes

Don't add:

function beforeSave (){

    if(isset($this->data[$this->alias]['password'])) {
        $this->data[$this->alias]['password'] = Security::hash($this->data[$this->alias]['password'], null, true);
        return true;
    }

}

If you have the following script in app_controller:

var $components = array('Auth', 'Email');

function beforeFilter() {
    $this->Auth->fields = array(
        'username' => 'email',
        'password' => 'password'
    );
}
1
votes

Make sure you have entered 

function beforeFilter(){
   parent::beforeFilter();
}

in your UsersController

1
votes

Make sure your database password column has the correct datatype, i.e. char(40).

0
votes

Your problem seems to be in the POST'd data array. If the data['User']['password'] field is empty, I think you might have found your problem. IIRC, the Auth component does an automatic hash of the password. But I believe that $this->data['User']['password'] should not be empty (in the controller) -- it just won't be in cleartext.

Check your form to make sure that your input names are correct. Also, like niteria suggested, try checking out the SQL code in the debug dump to see what credentials are getting checked against the database (you can make a call to $this->Auth->password('somestring') to find out what the hashed password should be, once you have your salt applied).

GL!