I am trying to set a form to change my password to the user by using CakePHP 2.3. The algorithm used is the blufffish I have the following three fields:
'password', 'auto' complete '=' off ')); ? & Gt; & Lt ;? Php echo $ this- & gt; Form- & gt; Input ('new_password', array ('type' = & gt; password ',' autocomplete '=> off)); ? & Gt; & Lt ;? Php echo $ this- & gt; Form- & gt; Input ('new_password_confirm', array ('type' = & gt; 'password', 'auto-complete' = & gt; 'off', 'label' = & gt; 'confirm password')); ? & Gt; Here is the code where I am trying to verify that they have correctly entered their old password: $ hash = security :: hash ($ this- & gt; request-> data ['user'] ['old_password'], 'bufffish'); $ Right = $ this- & gt; User- & gt; Search ('first', array ('conditions' =>; array (' User.id '=> AuthComponent :: user (' id '),' user password '= $ Gt; $ hash),' Field '= & gt; array (' id ')); The problem is that even if I type the old password correctly, the cake never gets the user because it does not calculate the correct hash every time I use the same old password With the form submitted, the cake produces a different hash each time.
What am I missing here? This is due to the possibility of me being that how do the bufffish / Bitcript algorithm work,
blufffish Working with hash is different with other hash types: from the API docs of the method:
Compare the hash: Just basically pass the head password as salt.
This means in your case first you have to get the headache for the specific user and then use it as a salt. Something like this
$ user = $ this- & gt; User- & gt; Search ('first', array ('condition' = & gt; array ('User.id' => AuthComponent:: user ('id')), 'field' = & gt; array ('password') )); $ Hash stored = $ user ['user'] ['password']; $ NewHash = Security :: hash ($ this- & gt; Request-> Data ['User'] ['Old password'], 'Bufffish', $ stored hash); $ True = $ storedhash == $ newHash;
No comments:
Post a Comment