php - Login [ Auth->identify() ] always false on CakePHP 3 -
i started using cakephp 3 after time using cakephp 2 , having troubles create authentication login.
the new auth function $this->auth->identify()
return false.
on database, password encrypted perfect , query takes user it's ok too.
my code:
appcontroller:
[...] class appcontroller extends controller{ public function initialize(){ $this->loadcomponent('flash'); $this->loadcomponent('auth', [ 'loginredirect' => [ 'controller' => 'admin', 'action' => 'index' ], 'logoutredirect' => [ 'controller' => 'pages', 'action' => 'display' ] ]); } public function beforefilter(event $event) { $this->auth->allow(['display']); } }
usercontroller:
[...] class userscontroller extends appcontroller{ public function beforefilter(event $event) { parent::beforefilter($event); $this->auth->allow(['logout']); } [...] public function login() { if ($this->request->is('post')) { $user = $this->auth->identify(); if ($user) { $this->auth->setuser($user); return $this->redirect($this->auth->redirecturl()); } $this->flash->error(__('invalid username or password, try again')); } } [...]
user (model entity):
<?php namespace app\model\entity; use cake\auth\defaultpasswordhasher; use cake\orm\entity; class user extends entity{ protected $_accessible = [*]; protected function _setpassword($password){ return (new defaultpasswordhasher)->hash($password); } }
view:
<div class="users form"> <?= $this->flash->render('auth') ?> <?= $this->form->create() ?> <fieldset> <legend><?= __('please enter username , password') ?></legend> <?= $this->form->input('username') ?> <?= $this->form->input('password') ?> </fieldset> <?= $this->form->button(__('login')); ?> <?= $this->form->end() ?> </div>
cakephp3 uses different hashing algorithm default 2 (bcrypt vs. sha1), need make password length longer. change password field varchar(255) safe.
when cakephp 3 tries identify in-memory hashed password this->auth->identify() vs. hashed password in database, never match because characters missing. changing 255 more needed, can future proof if more secure hash used in future. 255 recommended because the character count can stored in 1 byte.