Friday, August 8, 2014

Re: Authentication redirect problem when not logged in

Okay, leave it guys! When I've posted my previous question, I suddenly realised that my database structure reserved 50 characters for the password field instead of 60. When changing this, it's all working great. Thanks anyway!!!

Op vrijdag 8 augustus 2014 12:11:38 UTC+2 schreef Sam Clauw:
Aha, a combination of you posts solved this problem ;)

However, I've got another one when trying to log in now. The password comparing doesn't work. The password values in my database are build up with the Blowfish hasher. When I'm submitting my login form, it compares the text value of the password with the Blowfish value of the password and returns always "false".

CoasterCmsAppController.php

public $components = array(
    'Session',
    'Paginator',
    'Auth' => array(
        'loginAction' => array(
            'plugin' => 'coaster_cms',
            'controller' => 'users',
            'action' => 'login'
        ),
        'loginRedirect' => array(
            'plugin' => 'coaster_cms',
            'controller' => 'cms_pages',
            'action' => 'index'
        ),
        'logoutRedirect' => array(
            'plugin' => 'CoasterCms',
            'controller' => 'attractions',
            'action' => 'index',
        ),
        'authenticate' => array(
            'Form' => array(
                'passwordHasher' => 'Blowfish'
            )
        )
    )
);

UsersController.php (controller)

public function login()
{
    $this->layout = 'login';
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            return $this->redirect($this->Auth->redirect());
        }
        $this->Session->setFlash(__('Ongeldige login combinatie.'), 'default', array(
            'class' => 'alert alert-danger'
        ));
    }
}

login.ctp (login view)

echo $this->Form->create('User', array(
    'type' => 'file',
    'novalidate' => true, // browser validatie
    'inputDefaults' => array(
        'label' => true,
        'div' => 'form-group',
        'class' => 'form-control'
    ),
    'role' => 'form'
));


echo $this->Form->inputs(array(
    'legend' => false,
    'username' => array(
        'label' => 'Gebruikersnaam'
    ),
    'password' => array(
        'label' => 'Wachtwoord'
    )
));


echo $this->Form->end('Login');

FYI: User.php (model)

public function beforeSave($options = array())
{
    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new BlowfishPasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
            $this->data[$this->alias]['password']
        );
    }
    return true;
}

As I read in this StackOverflow post, the password input field should be converted automatically to the Blowfish hash and after that, the comparing should be done.
Am I forgetting something crucial?

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)