the following code is not able to hash the user's password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash. The following code is in my model.
'compare' => array(
'rule' => array('password_match', 'password', true),
'message' => 'Password does not match',
'required' => true,
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Confirm password is empty',
'allowEmpty' => false,
'required' => true)
'notempty' => array(
'rule' => array('notempty'),
'message' => 'Password is empty',
'allowEmpty' => false,
'required' => true)
function password_match($data, $password_field, $hashed = true)
$password = $this->data[$this->alias][$password_field];
$keys = array_keys($data);
$password_confirm = $hashed ?
Security::hash($data[$keys[0]], null, true) :
return $password === $password_confirm;
The following code is in my user_controller
function change_password(){
$this->layout = "mainLayout";
$in_user_id = $id = $this->Auth->user('id');
$this->User->validate['password_confirm']['compare']['rule'] =
array('password_match', 'password', false);