
I'm trying this Cake cookbook tutorial of simple authentication. Users are created successfully but when I am trying to login, it doesn't authenticate the users. Instead, shows the "Invalid username/password" error.

Only thing I have changed is that I am using the email address instead of a user name.

This is the User.php app model:

App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class User extends AppModel {
    public $validate = array(
        'email' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'An email is required'
        'password' => array(
            'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A password is required'
        'role' => array(
            'valid' => array(
                'rule' => array('inList', array('admin', 'author')),
                'message' => 'Please enter a valid role',
                'allowEmpty' => false

    public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
    return true;

This is the Users Controller (Userscontroller.php)

App::uses('AppController', 'Controller');

class UsersController extends AppController {

    // public function __construct($request = null, $response = null)
    // {
 //     parent::__construct($request, $response);
    // }

    public function beforeFilter() {

    public function index() {
        $this->User->recursive = 0;
        $this->set('users', $this->paginate());

    public function view($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid user'));
        $this->set('user', $this->User->read(null, $id));

    public function add() {
        if ($this->request->is('post')) {
            if ($this->User->save($this->request->data)) {
                $this->Session->setFlash(__('The user has been saved'));
                return $this->redirect(array('action' => 'index'));
                __('The user could not be saved. Please, try again.')

    public function edit($id = null) {
        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid user'));
        if ($this->request->is('post') || $this->request->is('put')) {
            if ($this->User->save($this->request->data)) {
                $this->Session->setFlash(__('The user has been saved'));
                return $this->redirect(array('action' => 'index'));
                __('The user could not be saved. Please, try again.')
        } else {
            $this->request->data = $this->User->read(null, $id);

    public function delete($id = null) {
        // Prior to 2.5 use
        // $this->request->onlyAllow('post');


        $this->User->id = $id;
        if (!$this->User->exists()) {
            throw new NotFoundException(__('Invalid user'));
        if ($this->User->delete()) {
            $this->Session->setFlash(__('User deleted'));
            return $this->redirect(array('action' => 'index'));
        $this->Session->setFlash(__('User was not deleted'));
        return $this->redirect(array('action' => 'index'));

    public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirectUrl());
        $this->Session->setFlash(__('Invalid username or password, try again'));

    public function logout() {
    return $this->redirect($this->Auth->logout());


This is login.ctp view:

<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
            <?php echo __('Please enter your username and password'); ?>
        <?php echo $this->Form->input('email');
        echo $this->Form->input('password');
<?php echo $this->Form->end(__('Login')); ?>

This is the Appcontroller.php

 * Application level Controller
 * This file is application-wide controller file. You can put all
 * application-wide controller-related methods here.
 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 * @link          http://cakephp.org CakePHP(tm) Project
 * @package       app.Controller
 * @since         CakePHP(tm) v 0.2.9
 * @license       http://www.opensource.org/licenses/mit-license.php MIT License

App::uses('Controller', 'Controller');

 * Application Controller
 * Add your application-wide methods in the class below, your controllers
 * will inherit them.
 * @package     app.Controller
 * @link        http://book.cakephp.org/2.0/en/controllers.html#the-app-controller

class AppController extends Controller {

    public $components = array(
        'Auth' => array(
            'loginRedirect' => array(
                'controller' => 'sites',
                'action' => 'index'
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'display',
            'authenticate' => array(
                'Form' => array(
                    'passwordHasher' => 'Blowfish'

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');

1 Answers


Edit Following line in you Appcontroller.php as mention below

 'Form' => array(
            'passwordHasher' => 'Blowfish',
            'fields' => array('username'=>'email', 'password'=>'password'),