I'm going through the CakePHP tutorial and trying to test basic login functionality. I'm making slight tweaks along the way to match how my database needs to look (email and token instead of username and password as columns in the users table), I believe that I have messed something up when it comes to using Blowfish hashing. Can someone take a look and see if anything apparent pops out? Right now I can add new users, but their password in the database look to be plaintext. The token column is of type VARCHAR(75), is that enough space for Blowfish to work?
I'm getting the error:
**Warning (512): Invalid salt: pass for blowfish **
and then "Invalid username or password," when putting in a correct user/pass combo. When I put in incorrect credentials I only get the invalid user/pass error, so it looks like it is still getting through somewhere along the line.
app/Model/User.php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class User extends AppModel {
public $validate = array(
'email' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'An email is required'
)
),
'token' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
)
),
'group' => array(
'valid' => array(
'rule' => array('inList', array('user', 'admin', 'manager')),
'message' => 'Please enter a valid group role',
'allowEmpty' => false
)
)
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['token'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['token'] = $passwordHasher->hash(
$this->data[$this->alias]['token']
);
}
return true;
}
}
app/Controller/AppController.php
class AppController extends Controller {
//...
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'posts',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'display',
'home'
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish',
'fields' => array('username' => 'email', 'password' => 'token')
)
)
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
//...
}
add.ctp
<div class="users form">
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend><?php echo __('Add User'); ?></legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('token');
echo $this->Form->input('group', array(
'options' => array('admin' => 'Admin', 'manager' => 'Manager', 'user' => 'User')
));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>
login.ctp
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User'); ?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password'); ?>
</legend>
<?php echo $this->Form->input('email');
echo $this->Form->input('token');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>