tags:

views:

514

answers:

2
+2  Q: 

Turn of Cakephp Auth password hashing.

I am upgrading a cakephp app at my new job from l.1 to 1.2. I am replacing the homegrown 1.1 authorization code with the great Auth component. The problem is that the passwords are not hashed in the legacy DB. How can I turn off the password hashing temporarily so I can start using the Auth component.

Don't worry, I will hash the passwords and change this later.

A: 

Technically you could just hash all the passwords in the database in one swoop, using the query below. BACKUP YOUR TABLE FIRST!

UPDATE user_table SET password = SHA1(password)

From the CakePHP manual, the default hashing scheme is SHA-1, so unless you've changed it this should do it. SHA1 is a built-in MySQL function, though I assume it's available in most other databases as well.

Christian P.  2009-12-12 18:32:20
I am aware that I can hash the passwords this way, but I just want to temporarily turn it off.
bucho  2009-12-12 19:56:14
Also, cakephp uses a salt, so it would be a bad idea. Perhaps later you'll have to create a script to select and then hash via Security::hash().
metrobalderas  2009-12-12 20:13:56
CakePHP Security::hash() prefixes the string to hash with the Security salt value from app/config/core.php
neilcrookes  2009-12-12 20:18:38
+3  A: 

Here is the solution adapted from another stack overflow answer. By overriding the User::hashPassword model to do nothing basically.

http://stackoverflow.com/questions/573307/how-do-i-replace-the-cakephp-password-hashing-algorithm

<?php
class User extends AppModel {
    var $name = 'User';

    // this is used by the auth component to turn the password into its hash before comparing with the DB
    function hashPasswords($data) {
         return $data;
    }
}
?>
bucho  2009-12-12 19:59:48
You also have to configure the AuthComponent to authenticate against the User Model to make use of this...$this->Auth->authenticate = $this->User;
neilcrookes  2009-12-12 20:15:41

related questions

What is a javascript hash table implementation that avoids object namespace collisions?
Best way to prevent duplicate use of credit cards
Why is '397' used for ReSharper GetHashCode override?
How does c# figure out the hash code for an object?
What's the best hashing algorithm to use on a stl string when using hash_map?
Is there any way to use a "constant" as hash key in Perl?
Unique ID c++
Detect changes in random ordered input (hash function?)
How do I hash a string with Delphi?
Can I depend on the values of GetHashCode() to be consistent?
How to get hashes out of arrays in Perl?
Search by hash?
Given that I have a hash of id(key) and countries(values) sorted alphabetically, what is the best way to bubble up an entry to the top of the stack?
Saving Perl Windows Environment Keys UPCASES them
What is a good Hash Function?
How do I create a SHA1 hash in ruby?
How Do I Create a Hash Table in Java?
How would you implement a hashtable in language x?
why are downloads sometimes tagged md5, sha1 and other hash indicators?
How to find keys of a hash?
How do I generate a hashcode from a byte array in c#
How would a sdbm hash function be implemented in C#?
What is the best way to create a sparse array in C++
What's the safest way to iterate through the keys of a Perl hash?
Decode email address from Gravatar hash?