Cake 2.1 Password Reset

nybbleltd · December 3, 2021, 9:25am

Hi there.

We have inherited some old site using Cake PHP (2 I think). We are having issues getting in via admin and cannot reset the password. The password the client thinks it is (and worked before we were sent the files) doesnt work.

I have tried generating a SHA1 password online and directly inputting this into the password within the user in MySQL but it doesnt work.

Any ideas how to reset the password within the website itself?

Rob.

Zuluru · December 3, 2021, 3:54pm

A good site should have a password reset function built in, but where would be 100% dependent on the implementation.

Password in Cake are generally salted, so that may be the source of your issue. If the salt (saved in the config) is different between two copies of the site, then passwords for one wouldn’t work for the other.

nybbleltd · December 3, 2021, 4:07pm

THanks for the reply.

I agree, however we didnt make the webapp. Alas we are in charge of getting up and running.

I dont think the salt has been changed.

Zuluru · December 3, 2021, 8:52pm

If the code hasn’t changed, and the hashed password in the database hasn’t changed, and the salt hasn’t changed, then it should work. So I’d think that one of those three differs. Figuring out which one is pretty fundamental to recommending a solution.

ADmad · December 4, 2021, 6:39am

Why not just generate a new password hash and directly update the database? Cake 2.1 by default uses salted SHA1.

github.com

cakephp/cakephp/blob/2.1.5/lib/Cake/Controller/Component/Auth/BaseAuthenticate.php#L102

    
      
          	}
          
          
/**
           * Hash the plain text password so that it matches the hashed/encrypted password
           * in the datasource.
           *
           * @param string $password The plain text password.
           * @return string The hashed form of the password.
           */
          	protected function _password($password) {
          		return Security::hash($password, null, true);
          	}
          
          
/**
           * Authenticate a user based on the request information.
           *
           * @param CakeRequest $request Request to get authentication information from.
           * @param CakeResponse $response A response object that can have headers added.
           * @return mixed Either false on failure, or an array of user data on success.
           */
          	abstract public function authenticate(CakeRequest $request, CakeResponse $response);

github.com

cakephp/cakephp/blob/2.1.5/lib/Cake/Utility/Security.php#L86

    
      
          /**
           * Create a hash from string using given method.
           * Fallback on next available method.
           *
           * @param string $string String to hash
           * @param string $type Method to use (sha1/sha256/md5)
           * @param boolean $salt If true, automatically appends the application's salt
           *     value to $string (Security.salt)
           * @return string Hash
           */
          	public static function hash($string, $type = null, $salt = false) {
          		if ($salt) {
          			if (is_string($salt)) {
          				$string = $salt . $string;
          			} else {
          				$string = Configure::read('Security.salt') . $string;
          			}
          		}
          
          
		if (empty($type)) {
          			$type = self::$hashType;

Topic		Replies	Views
How to implement password reset in CakePHP	1	2988	May 20, 2019
[SOLVED] Auth->identify fails after changing password? Need Help	0	1147	October 18, 2018
Using CakePHP's password hashing in android .apk Need Help	1	754	November 21, 2017
Cannot Log In Using Admin account Need Help	7	2126	April 26, 2018
Can't access admin of site Need Help	2	411	September 22, 2018

Cake 2.1 Password Reset

Releases

Documentation

Community

Cake 2.1 Password Reset

Related Topics

Releases

Documentation

Community