3

I am upgrading a cakephp app at my new job from l.1 to 1.2. I am replacing the homegrown 1.1 authorization code with the great Auth component. The problem is that the passwords are not hashed in the legacy DB. How can I turn off the password hashing temporarily so I can start using the Auth component.

Don't worry, I will hash the passwords and change this later.

Chuck Burgess
  • 11,600
  • 5
  • 41
  • 74
jbrass
  • 941
  • 7
  • 26

2 Answers2

4

Here is the solution adapted from another stack overflow answer. By overriding the User::hashPassword model to do nothing basically.

How do I replace the cakephp password hashing algorithm?

<?php
class User extends AppModel {
    var $name = 'User';

    // this is used by the auth component to turn the password into its hash before comparing with the DB
    function hashPasswords($data) {
         return $data;
    }
}
?>
Community
  • 1
  • 1
jbrass
  • 941
  • 7
  • 26
  • 1
    You also have to configure the AuthComponent to authenticate against the User Model to make use of this... $this->Auth->authenticate = $this->User; – neilcrookes Dec 12 '09 at 20:15
  • Actually this didn't work for me in CakePHP 2.x so I had to instead create a custom auth component like this - http://stackoverflow.com/questions/573307/how-do-i-replace-the-cakephp-password-hashing-algorithm/10422486#10422486 – jesal May 02 '12 at 22:18
0

Technically you could just hash all the passwords in the database in one swoop, using the query below. BACKUP YOUR TABLE FIRST!

UPDATE user_table SET password = SHA1(password)

From the CakePHP manual, the default hashing scheme is SHA-1, so unless you've changed it this should do it. SHA1 is a built-in MySQL function, though I assume it's available in most other databases as well.

Christian P.
  • 4,784
  • 7
  • 53
  • 70
  • I am aware that I can hash the passwords this way, but I just want to temporarily turn it off. – jbrass Dec 12 '09 at 19:56
  • 1
    Also, cakephp uses a salt, so it would be a bad idea. Perhaps later you'll have to create a script to select and then hash via Security::hash(). – metrobalderas Dec 12 '09 at 20:13
  • 1
    CakePHP Security::hash() prefixes the string to hash with the Security salt value from app/config/core.php – neilcrookes Dec 12 '09 at 20:18