Password does not hash in cakephp

2019-09-08 05:55发布


the following code is not able to hash the user's password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash. The following code is in my model.

        'compare'    => array(
            'rule'      => array('password_match', 'password', true),
            'message'   => 'Password does not match',
            'required'  => true,
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Confirm password is empty',
            'allowEmpty' => false,
            'required' => true)

        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Password is empty',
            'allowEmpty' => false,
            'required' => true)

function password_match($data, $password_field, $hashed = true)
        $password         = $this->data[$this->alias][$password_field];
        $keys             = array_keys($data);
        $password_confirm = $hashed ?
              Security::hash($data[$keys[0]], null, true) :
        return $password === $password_confirm;

The following code is in my user_controller

function change_password(){
    $this->layout = "mainLayout";
    $in_user_id = $id = $this->Auth->user('id');

        $this->User->validate['password_confirm']['compare']['rule'] =
        array('password_match', 'password', false);



Your model and validation function are only checking that the password and confirm_password inputs match. At no point does it alter the data to hash the input value.

After you validate your input, and before you save your model, you need to hash the password input. Something like this:

$this->data[ 'User' ][ 'Password' ] = Security::hash( $this->data[ 'User' ][ 'Password' ], null, true );


you shouldn't use the field name "password" in cake1.3 due to its automatic. use a different field and rename it prior to saving.

if you want to use a cleaner approach, consider using a behavior: