I’m throwing a message in a bottle for those who are fairly proficient with Cakephp 3.8. I admit I’m a little rusty after a few years of hiatus from development
I’ll explain my problem:
I have a basic module that allows user registration and login. So far, so good. My problem comes at the login stage, as I’m using a custom hash of the $password+$key type. The $key is automatically generated during registration and then stored in the users table with the other information.
I’d like to know if there is a way to retrieve this value without using manual checks in order to keep my code perfectly clean and functional.
Currently, I can enter any password, and $user returns true as long as the email address exists in the table.
src/Controller/Users/Usercontroller.php
public function register() {
$userTable = TableRegistry::getTableLocator()->get('Users');
$user = $this->Users->newEntity($this->request->getData(), ['validate' => 'UserStep1']);
$user->type = $this->request->getSession()->read('account-type');
$user->salt = sha1(md5($this->request->getSession()->read('salt')));
$user->password = $hash->hash($this->request->getData('password'),$this->request->getSession()->read('salt'));
if ($userTable->save($user)) {
return true;
}
}
public function login() {
if($this->request->is('post')) {
$user = $this->Auth->identify();
if($user) {
$this->Auth->setUser($user);
$this->redirect($this->redirect($this->Auth->redirectUrl()));
$this->Flash->response('Connecté', [
'key' => 'response',
'params' => [
'status' => 'success'
]
]);
} else {
$this->Flash->response('Identifiant ou mot de passe incorrect', [
'key' => 'response',
'params' => [
'status' => 'error'
]
]);
}
}
}
src/Auth/CustomPasswordHasher.php
namespace Appauth;
use CakeAuthAbstractPasswordHasher;
class CustomPasswordHasher extends AbstractPasswordHasher {
public function hash($password, $securestring = null) {
$encode= sha1(md5('stringmasked'). md5(sha1($password)).sha1(sha1(md5($securestring))));
return $encode;
}
public function check($password, $salt)
{
$encode = sha1(md5('stringmasked').md5(sha1($password)).sha1(($salt)));
return $encode;
}
}
src/Controller/AppController.php
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email'],
'passwordHasher' => ['className' => 'Custom']
]
]
]);
$this->Auth->allow();
I admit that I’m a bit stuck on this problem, I don’t really know where the problem comes from
Thanks