cakephp Auth Component: login fails everytime

0
votes

I have developed authentication mechanism in cakePHP prior to this successfully however this time i don't know what is wrongand every time I will be prompted wrong user name/password. I have used Auth component and here are details:
Model names: User,License
sample user info: username: ahmad_agha password:e10adc3949ba59abbe56e057f20f883e which is md5 of 123456
I don't know if it is important in this case or not, but i have enabled admin routing for my controllers.
AppController.php:

class AppController extends Controller {

    public $components = array('DebugKit.Toolbar',
        'Auth' => array(
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => array(
                        'className' => 'Simple',
                        'hashType' => 'sha256'
                    )
                )
            )),
        'Cookie');

    public function beforeFilter() {
        Security::setHash('md5');
        $this->Auth->loginRedirect = array('controller'
            => 'licenses', 'action' => 'index');
        $this->Auth->logoutRedirect = array('controller'
            => 'owners', 'action' => 'login');
        $this->Auth->allow('signup', 'confirm', 'login', 'logout', 'notauthorized', 'display');
        $this->Auth->authorize = array('controller');
        $this->set('loggedIn', $this->Auth->user('id'));
        $this->Auth->userScope = array('User.activated' => '1');
        parent::beforeFilter();
    }

    public function isAuthorized($user) {
        // Here is where we should verify the role and give access based on role

        return true;
    }

}

Login.ctp for User's View 

<div class="users form">
    <?php echo $this->Session->flash('auth'); ?>
    <?php echo md5('136112'); ?>
    <?php echo $this->Form->create('User', array('action' => 'login')); ?>
    <fieldset>
        <legend>
            <?php echo __('لطفا نام کاربری و کلمه عبور را وارد کنید'); ?>
        </legend>
        <?php
        echo $this->Form->input('username',array('label'=>'نام کاربری'));
        echo $this->Form->input('password',array('label'=>'کلمه عبور'));
        echo $this->Form->input('remember_me',array('label'=>'مرا به خاطر بسپار','type'=>'checkbox'));
        ?>
    </fieldset>
    <?php echo $this->Form->end(__('ورود')); ?>
</div>

and here is the login() action of UsersController.php:

function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            /* if (!empty($this->data)) {
              if (empty($this->data['User']['remember_me'])) {
              $this->Cookie->delete('User');
              } else {
              $cookie = array();
              $cookie['username'] = $this->data['User']
              ['username'];
              $cookie['password'] = $this->data['User']
              ['password'];
              $this->Cookie->write('User', $cookie, true, '+2 weeks');
              }
              unset($this->data['User']['remember_me']);
              } */
            $this->redirect($this->Auth->redirect());
        } else {
            $this->Session->setFlash(__('Invalid username or password, try again'));
        }
    }
}
1
cakephpauthentication

1 Answers

0
votes

You say your password is md5 hashed while in config for Auth you have set 'hashType' => 'sha256'. So the mismatch of hash types is quite obvious. Setting Security::setHash('md5') isn't going to do anything since the hashtype set in Auth config will take priority.

You need to change the hashType to md5. Also simply saving md5 hash of password in db won't work since password hasher appends a salt (Security.salt specified in your core.php) to the password before hashing. So do (new SimplePasswordHasher)->hash('123456') to get the hashed value which need to be stored in db. All this is explained in the CakePHP manual btw.