In moving some legecy sites over to CakePHP, I’ve come across some situations where I need to the Auth component to ‘hash’ the password differently. For example, just a straight md5() of the password.
To accomplish this, you need to empty your Security.salt variable in /app/config/core.php (Not positive what all this will affect):
Configure::write('Security.salt', '');
and change the hash method of the Security class (I did this in app_controller.php):
function beforeFilter(){
Security::setHash('md5');
}
5 responses so far ↓
1 Abhimanyu Grover // May 29, 2008 at 12:00 pm
Nice trick dude..!!
2 Baz L // May 31, 2008 at 9:35 am
I would recommend against this. CakePHP uses this salt for much more than just Auth. Cookie encryption is one thing that comes to mind.
You’d be better off extending the Auth component and simply overriding the:
AuthComponent::password ($password) function.
3 Nextri // Jul 12, 2008 at 1:44 pm
In the latest cake release, i get a warning: Warning (512): You cannot use an empty key for Security::cipher().
So the salt value cannot be empty.
4 Mao // Aug 7, 2008 at 5:46 am
It ’s great
I can find solution with this.
Thanks
5 admin // Aug 7, 2008 at 8:38 pm
I actually had problems with writing cookies immediately following using this setup. I ended up just waiting for the user on the new system to type in their correct password and then re-hash it with:
$newPassword = Security::hash($this->data['User']['password'], null, true);
Leave a Comment