0

I copied code from examples to create a basic login screen based on the table individuals with email and password. My AppController has this:

$this->loadComponent('Auth', [
            'authenticate' => [
                'Form' => [
                    'fields' => ['username' => 'email', 'password' => 'password'],
                    'userModel' => 'Individuals']
                ],
                'loginAction' => [
                    'controller' => 'Individuals',
                    'action' => 'login'
                ],
                'loginRedirect' => [
                    'controller' => 'Associations',
                    'action' => 'login'
                ],
                'logoutRedirect' => [
                    'controller' => 'Association',
                    'action' => 'login',
                    'home'
                ]
            ]);

Password resets are done via a token emailed to the user. The controller saves the unencrypted value and /src/Model/Entity/Individual.php has _setPassword that ensures the database has an encrypted value. Every save for the same password is different but that, I gather, is normal. 

protected function _setPassword($password) {
        if (strlen($password) > 0) {
            return (new DefaultPasswordHasher)->hash($password);
        }
    }

My login function started with the standard stuff, but it always returns false

$user = $this->Auth->identify();

My login function now has this debug code that always gets a "no match"

debug($this->request->data);
$email = $this->request->data['email'];
$pwd = $this->request->data['password'];
$user = $this->Individuals->find()
        ->select(['Individuals.id', 'Individuals.email', 'Individuals.password'])
        ->where(['Individuals.email' => $email])
        ->first();

if ($user) {
      if ((new DefaultPasswordHasher)->check($pwd, $user->password)) {
           debug('match');
      }
      else{
          debug('no match');
      }

      if ($user->password == (new DefaultPasswordHasher)->hash($pwd)) {
          debug('match2');
      }
      else {
          debug('no match2');
      }
}

There's a lot more code in and around that and I'm pretty confident I've got it right. Let me know if you need more. I'm keen to crack this.

thanks in advance.

Sarah K
  • 363
  • 2
  • 15
  • What's the type and length of the `password` column? Have you checked that your `_setPassword()` method receives the correct value, and that the value it generates is being stored and read correctly? – ndm Jan 02 '18 at 11:57
  • varchar(100) - plenty big enough. and yes, it's receiving the right value when the password is saved. – Sarah K Jan 02 '18 at 12:26
  • That answers only two of my points. Please check the others too, and generally debug all the values that you are using throught the saving as well the authentication process. With the shown code, there must be a wrong value being used somewhere. – ndm Jan 02 '18 at 12:33
  • Aaaargh, just double checked my table and it was my reset tokens columns that were 100, the password is just fine and dandy now that it is too. Thanks for the heads up!!! – Sarah K Jan 02 '18 at 12:39

0 Answers0