开发者

Using cakephp's Auth component with salted password hashes

开发者 https://www.devze.com 2023-01-04 01:52 出处：网络

How can I make the Auth co开发者_Go百科mponent of cakephp create, use and store a random salt with the password?You can start here http://book.cakephp.org/view/566/Change-Hash-Function , and set the $

相关专题：cakephp php security

How can I make the Auth co开发者_Go百科mponent of cakephp create, use and store a random salt with the password?

You can start here http://book.cakephp.org/view/566/Change-Hash-Function , and set the $authenticate variable to your user model:

class User extends AppModel {
    function hashPasswords($data) {
        if (isset($data['User']['password'])) {
            //Get the user to get the salt
            $user = $this->findByUsername($data['User']['username']);
            //Let's say you have a "salt" field in your db 
            $data['User']['password'] = md5($data['User']['password'].$user['User']['salt']);
            return $data;
        }
        return $data;
    }
}

There is no such functionality in Auth component. Take a look at Random String generator CakePHP component.

Look into overriding the hash function used by the Auth component as described here.