CakePHP 2 Auth login() issue

0
votes

I have read many questions on S.O. and on Google as well, but I can not figure out this issue.
I think the problem I am having is:

After a user signs up, all data is entered in the database correctly. (pw is hashed using blowfish)

When you login with the correct data, it is denied.

My password column in my users table is titled "pw", since the login() method does the authentication "Automagically" I am assuming this might be an issue. The only other issue I think it could be is that when the password is POSTED from the login view, it is not being hashed. So the POSTED password is just text and is being compared to a hashed password in the DB.

I also tried using the blowfish method inside my usercontroller to hash the password before it is passed the login(), but I got an error when using blowfish in a controller.

Any help would be greatly appreciated, I am very new to cakephp.

Here is my code:

USERSCONTROLLER.PHP

class UsersController extends AppController {
    public $name = 'Users';
    public $components = array('Session');

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('add');
    }

    public function login() {
        if ($this->request->is('post') || $this->request->is('put')) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data[$this->alias]['pw'] = $passwordHasher->hash(
            $this->data[$this->alias]['pw']);
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirectUrl());
            } else {
                $this->Session->setFlash('Username or Password is Incorrect');
            }
        }
    }

    public function logout() {
        $this->redirect($this->Auth->logout());
    }
}

USER.PHP MODEL

App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {
public $name = 'User';

//Left out data validation

public function beforeSave($options = array()) {
    if (!empty($this->data[$this->alias]['pw'])){
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['pw'] = $passwordHasher->hash(
        $this->data[$this->alias]['pw']
        );
    }
    return true;
}
}

LOGIN.CTP VIEW

<h2>Login</h2>

<?php

echo $this->Form->create();
echo $this->Form->input('username', array(
'label' => 'Username'
));

echo $this->Form->input('pw', array(
'label' => 'Password', 'type' => 'password'
));

echo $this->Form->end('Sign In');
?>

UPDATE:

UPDATE:

Abhishek pointed out the error, which was that I was not declaring my passwordHasher in my Auth array.

UPDATED USERSCONTROLLER.PHP

class UsersController extends AppController {
    public $name = 'Users';
    public $components = array('Session',
        'Auth' => array(
            'authenticate' => array(
                'Form' => array(
                    'userModel' => 'User',
                    'passwordHasher' => 'Blowfish'
                )
            )
        )
    );
1
cakephpauthenticationhashlogincakephp-2.0

1 Answers

0
votes

You should not use,

$passwordHasher = new BlowfishPasswordHasher();

$this->data[$this->alias]['pw'] = $passwordHasher->hash(

$this->data[$this->alias]['pw']);

Auth Component will check on it's own to match the user and password, Just use auth component settings in app controller see this http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

'authenticate' => array(
            'Form' => array(
                'fields' => array('username' => 'username', 'password' => 'pw')
            )
        ),