How do I replace the cakephp password hashing algorithm?

danb picture danb · Feb 21, 2009 · Viewed 7.2k times · Source

I have an existing database I'm trying to put a cake app on top of. The old app used crypt() in Perl to hash the passwords. I need to do the same in the PHP app.

Where is the correct place to make that change in a standard cakephp app? And what would such a change look like?

Answer

danb picture danb · Feb 22, 2009

I got it working...

here is my AppController:

class AppController extends Controller {
    var $components = array('Auth');

    function beforeFilter() {
        // this is part of cake that serves up static pages, it should be authorized by default
        $this->Auth->allow('display');
        // tell cake to look on the user model itself for the password hashing function
        $this->Auth->authenticate = ClassRegistry::init('User');
        // tell cake where our credentials are on the User entity
        $this->Auth->fields = array(
           'username' => 'user',
           'password' => 'pass',
        );
        // this is where we want to go after a login... we'll want to make this dynamic at some point
        $this->Auth->loginRedirect = array('controller'=>'users', 'action'=>'index');
    }
}

Then here is the user:

<?php
class User extends AppModel {
    var $name = 'User';

    // this is used by the auth component to turn the password into its hash before comparing with the DB
    function hashPasswords($data) {
         $data['User']['pass'] = crypt($data['User']['pass'], substr($data['User']['user'], 0, 2));
         return $data;
    }
}
?>

Everything else is normal, i think.

Here is a good resource: http://teknoid.wordpress.com/2008/10/08/demystifying-auth-features-in-cakephp-12/