function beforeFilter()
{
//Change hashing function to md5
Security::setHash('md5');
//Set password field as passwd
$this->Auth->fields = array('username'=>'username', 'password'=>'passwd');
//Explicit set session key so that we can AuthHelper (read below for more details)
$this->Auth->sessionKey = 'SomeRandomStringValueThatMakesSenseToYou';
//Set authSessionKey to be used by AuthHelper
$this->set('authSessionKey', $this->Auth->sessionKey);
}
- By default, OthAuth component uses md5 encryption whereas CakePHP uses SHAH1 encryption. Currently, passwords in my database are md5 encrypted, hence, I am forcing CakePHP to use md5 by calling Security::setHash method.
- Also, note that CakePHP uses “Session.salt” value along with md5 encryption. OthAuth component had no such feature. Because of this, the encrypted password values as returned by OthAuth and Auth component, even if both the components are set to use md5 encryption, will differ. To make sure that the two password values match, change Session.salt value in app/config/core.php to an empty string.
- The last two lines are not necessary but are important to mimize changes in Views. They are required to use AuthHelper (see below)
- By default, CakePHP uses Auth.{$userModel} as the session key and, if not explicitly specified, it leaves the sessionKey variable as null. I guess this is a bug in Auth Component as it causes inconsistency in the logic. To overcome this inconsistency, I am explicitly setting sessionKey in line 3 and passing it to the view in line 4. Now, using this variable, AuthHelper can fetch user information.
function beforeFilter(){
parent::beforeFilter();
$this->Auth->allow = array('list of function that should be allowed to non registered users');
}
function beforeFilter(){
parent::beforeFilter();
$this->Auth->allow = array('*') // * indicates allow all
$this->Auth->deny = array('add', 'edit') //deny add and edit methods
}
/*
*This helper provide access to user parameters such as username, id, etc., of currently logged in user
*Send comments and feature request to ragrawal at gmail dot com
*@author – Ritesh Agrawal
*@version 0.1.0
*@license MIT
*/
class AuthHelper extends Helper {
var $hashKey = null;
var $initialized = false;
var $helpers = array (‘Session’);
function init() {
if (!$this->initialized) {
if (!isset ($this->view))
$this->view = & ClassRegistry :: getObject(‘view’);
if (!empty ($this->view->viewVars[‘authSessionKey’]))
$this->hashKey = $this->view->viewVars[‘authSessionKey’];
$this->initialized = true;
}
}
function sessionValid(){
$this->init();
return ($this->Session->check($this->hashKey));
}
// Get User Variables
function user($key) {
$this->init();
// does session exists
if ($this->sessionValid()) {
$user = $this->Session->read($this->hashKey);
if (isset($user[$key]))
return $user[$key];
}
return false;
}
}
?>
$othAuth->sessionValid with $auth->sessionValid and $othAuth->user with $auth->user, etc.
References:
CakePHP cookbook has a well document section on Auth component.
<!–p
On prob. I don’t recommend setting the salt to an empty string. That salt does a LOT more than just Auth stuff. It handled Cookie and Session encryption, among other things.
One option is to derive your auth CustomAuth from the AuthComponent and override the function:
function password($password) {
return Security::hash($password, null, true);
}
to:
return Security::hash($password, null, false);
Or I *think*
You can redefine the function:
function hashPasswords($data)
by just defining it in your Model/Controller (depending on what type of authorization you use).
You would copy the code line for line, but instead of using the [password] function, you’d use the Security::hash as you need to.
Sorry, they don’t make it EZ to use existing MD5 hashes.
this is noticeable topic which helps to make right authentication code in cakePHP . .thanks