Kohana 3: Login without salt

views:

answers:

Kohana 3: Login without salt

We're developing a software that will manage users and I need to build an application with Kohana 3 and Auth Module. My application will allow just login. I don't need to append a salt to the passwords when user log in. How could i do that? Thank you.

EDIT:

I know, its wrong but I changed the core. Now I encrypt password without the salt: /kohana/modules/auth/classes/model/auth/user.php

public function login($username, $password, $remember = FALSE)
{
    if (empty($password))
        return FALSE;

    if (is_string($password))
    {
        // Get the salt from the stored password
        //$salt = $this->find_salt($this->password($username));
        // Create a hashed password using the salt from the stored password
        //$password = $this->hash_password($password, $salt);
        $password = sha1($password);
    }

    return $this->_login($username, $password, $remember);
}

+1 A:

of course you need to do this. otherwise you would store the password as a plain text. You didnt specify whether you use file or the orm system. anyway there is no reason for that, since its even harder to hack the salat function out of the login logic, then just to use it as it is.

antpaw 2010-06-14 19:55:18

But the software that will manage users cannot use functions like uniqid ... Looking at the source i saw that Kohana does that (http://kohanaframework.org/guide/api/Auth#hash_password)

Thomas 2010-06-14 19:59:24

what do you mean by "software"? what are uniqid functions?

antpaw 2010-06-14 20:00:30

Software = .Net desktop applicationuniqid = PHP function (http://php.net/manual/en/function.uniqid.php)

Thomas 2010-06-14 20:01:43

hmm you dont this uniqid function there is a setter inside the user class that converts your password to the salt hash. just do $user->password = 'testtest'; $user->save(); and your fine.

antpaw 2010-06-14 20:09:52

ansaurus

tags:

views:

answers:

Kohana 3: Login without salt

related questions