CakePHP Auth login non sense

0
votes

I'm trying to make a simple login system for my users, but I can't figure out why it won't log me in, the Auth->login() method always returns FALSE (incorrect information) for some reason... might be something with password hashing. I have cakePHP 2.5.2.

Here is a screenshot of my issue: ISSUE

My beforeSave() method in UsersController:

public function beforeSave($options = array()) {
    $this->request->data['User']['password'] = Security::hash($this->request->data['User']['password']);
}

and the login() method:

function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            $this->Session->setFlash(__('You\'ve successfully logged in.' . ' <b>' . $this->Session->read('User.login') . '</b>'), 'alert', array(
                'plugin' => 'BoostCake',
                'class' => 'alert-success'
            ), 'success');
            return $this->redirect($this->Auth->redirectUrl());
            ////  $this->redirect($this->Auth->redirectUrl());
        } else {
            // var_dump($this->Auth->user());
            $this->Session->setFlash(__('Sorry, the information you\'ve entered is incorrect.'), 'alert', array(
                'plugin' => 'BoostCake',
                'class' => 'alert-danger'
            ), 'danger');
        }
    }
}

here's the Auth component:

public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'pages', 'action' => 'home'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'home'),
            'loginAction' => array('controller' => 'users', 'action' => 'login'),
            'authError' => 'You are not authorized to access this page.',

            'authenticate' => array(
                        'Form' => array(
                            'userModel'=>'User',
                            'fields' => array(
                                'username' => 'login',
                                'password'=>'password')
                        )
        ),
            'flash' => array(
                'element' => 'alert',
                'key' => 'auth',
                'params' => array(
                    'plugin' => 'BoostCake',
                    'class' => 'alert-danger'
                )
            ),'authorize'=>array('Controller'),
        )
    ,'DebugKit.Toolbar'
    );
3
cakephpauthenticationlogin
Could you show use your Auth component settings? CakePHP is waiting for a username field not login. - Holt
added Auth component code where I specified the fields to Authenticate users - user3813360
Move beforeSave inside your User model and try to use SimplePasswordHasher to hash the password instead of Security::hash. See this page book.cakephp.org/2.0/en/tutorials-and-examples/…, I don't know where you saw that there were a beforeSave method in controllers. - Holt
I just saw that I already had a beforeSave method in my User model :/ - user3813360
I'm now using the beforeSave() method from the cakephp documentation in my User model, and it hashes the password when a user registers but it still fails when I try to login. This is confusing as hell! - user3813360

3 Answers

0
votes

Yes it's incorrect I removed everything and it works I don't know how

0
votes

Move your beforeSave method to your Model, not the Controller.
When saving data Cake looks for any functions that should run before inserting the data in your Model.

You will also need to create a new user (if you look in your database you should find that the password has been stored as plaintext because the hashing in the beforeSave would never have been called.

-1
votes

I think you should provide the Security::hash() function blowfish or set the app's internal salt to true.

Like this:

public function beforeSave($options = array()) {
$this->request->data['User']['password'] = Security::hash($this->request->data['User']['password'], null, true); 
}

This is the way, the deprecated AuthComponent::password() function works.

Just tested it this way in my Cake App and it work's fine.

See http://api.cakephp.org/2.4/class-Security.html#_hash

Edit: beforeSave() should be in the User's Model, not in the User's Controller