BlowfishPasswordHasher doesnt allow login

0
votes

In cakephp have changed from simplePasswordHasher to BlowfishPasswordHasher . I add the following code and comment out all refernces to the old simplehasher method but I cant login. I can create a new user with BlowfishPasswordHasher but logins now dont work?

The link below didnt fix the problem as I just cant login but I can see the new user with correct salted password

CakePHP - How do I implement blowfish hashing for passwords?

http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

//userscontroller
public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
           return $this->redirect($this->Auth->redirectUrl()); //for 2.3 and above versions, docs are old

        }
        $this->Session->setFlash(__('Invalid username or password, try again'));
    }
}  

//user
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
            $this->data[$this->alias]['password']
        );
    }
    return true;
}

//new user
  <?php echo $this->Form->create('User'); ?>
    <h2><?php echo __('Add User2'); ?></h2>
    <?php
    echo $this->Form->input('username');
    echo $this->Form->input('password');

//in appcontroller public $components = array( "Email", 'Session', 'Auth');

public function beforeFilter() {

        $this->Auth->authError = 'You cant access this page';
        $this->Auth->loginRedirect= array('controller' => 'users', 'action' => 'dashboard');
        $this->Auth->logoutRedirect= array('controller' => 'users','action' => 'login'  );
        $this->Auth->authorize= array('Controller');
        $this->Auth->unauthorizedRedirect=  '/users/dashboard'; 
        $this->set("logged_in", $this->Auth->loggedIn())

//user model
    public $validate = array(
        'username' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A username is required'
            )
        ),
        'password' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
            )
        )
1
phpcakephp
What's the length of your password field? Blowfish hashes are longer than sha1.ADmad
varchar(255) is this correct?ajt
Yup that's long enough, though if you changed it recently be sure to clear model cache.ADmad
i didnt change the password field in mysql so what is the problem with it ?ajt
You haven't included your Auth config in the post. Is it properly configured to use BlowfishPasswordHasher?ADmad

1 Answers

1
votes

You haven't configured Auth to use BlowfishPasswordHasher so it's still uses the default hasher. Specify the passwordHasher key as shown in eg. here.