Monday, April 8, 2013

Re: Bcrypt / Blowfish login form troubles.

@Atomic

Already add ...

class UsersController extends Controller {
public $components = array( 'Auth' => array(
        'authenticate' => array(
         'Blowfish' => array(
         'scope' => array('User.is_active' => true)
            ),
            'Form' => array(
                'fields' => array('username' => 'email', 'password' => 'password')
            )
        )
    ) , 'Session', 'Email','Security','DebugKit.Toolbar');


But with no chance also!

On Monday, April 8, 2013 10:56:56 AM UTC+3, Atomic Guava wrote:
You need to configure auth component in a different way if you're using Blowfish. Please see http://stackoverflow.com/a/14538958

On Sunday, April 7, 2013 11:32:52 PM UTC+1, Branson Lilburn wrote:
I'm having the exact same problem. Here is BaseAuthenticate::_password() which is called in BaseAuthenticate::_findUser(). (If you do some tracing, starting at User->Auth->login(), you'll end up there).

protected function _password($password) {
        return Security::hash($password, null, true);
    }

As you can see, it doesn't provide the stored password for the third parameter. There is a class BlowfishAuthenticate that I suspect solves this problem, but I haven't figured out how to implement it properly.


On Sunday, April 7, 2013 1:13:53 PM UTC-5, Moawia wrote:
Any help please !

On Saturday, April 6, 2013 2:42:51 PM UTC+3, Moawia Almardoud wrote:
Hi,

I made the field varchar 250 ... but still no chance ... 

Warning (512): Invalid salt: 1 for blowfish Please visit http://www.php.net/crypt and read the appropriate section for building blowfish salts. [CORE/Cake/Utility/Security.php, line 278]

any got solution for this issue ?


On Saturday, December 22, 2012 12:25:24 AM UTC+3, Stafford wrote:
Hello all,

I've been struggling with getting bcrypt/blowfish to work with my login form and hope someone can point me in the right direction.
I have a registration and login form. I've got the registration form to hash and store passwords using bcrypt in version 2.3. My hang up now is that I can't find any info or documentation describing how to check a login password against the stored password.

Using User->Auth->login() generates an error. "Invalid salt: for blowfish".
Ive used Security::setHash('blowfish') in my appController and understand the use of Security::hash(pass_string, 'blowfish', salted_string), but have no idea how to make this work with auth->login().

Is there a setting/config file I need to update to tell Auth to use blowfish somehow?

I appreciate help.
Thank you.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)