CakePHP - Auth hashed password different to Security::hash()

1
votes

On my password reset page, I save the user's new password using Security::hash(). When I then try to log in though, my database saved hashed password does not match the version that Auth comes up with when hashing my input in the login field.

I assume this is something like Security::hash() using my application salt to hash the password, whereas Auth doesn't use that salt?

How do you go about this?

2
cakephppasswordsauthentication

2 Answers

5
votes

Have you tried the AuthComponent::password() method instead?

Also, if the field is named password, check that AuthComponent hasn't already hashed it.

Edit: In 3.x, see DefaultPasswordHasher::hash() instead, as explained in Hashing Passwords.

1
votes

should be Security::hash($password, 'sha1', true)

you can leave the second parameter NULL because Auth use the same hash as specified in Security.