Check credentials with Authentication module without logging in


is it possible to just check if the user has inserted the correct username/password without logging in the user using the Authentication module?

The reason I’m asking is that I’m working with an app where we want the user to insert his password again in order to complete an action to really verify that it is the correct user.

I tried using the Authentication->getResult(); but if the user is already logged in it doesn’t matter which password the user enters.

I’m using CakePHP 4.2 and the authentication module 2.6


And if you hash the getData(password) and look for it in the database with the id of the connected user ?

1 Like

A new hash of the password will give a different result than is in the database. But the identifier and the hasher are classes with well-defined interfaces that accept data and provide responses about whether those things match the database, so if you look at the implementation of those, it should be fairly easy to see how to use one or the other to accomplish what you want.

1 Like

Thank you for your help!

I took inspiration from the _checkPassword() function in the PasswordIdentifier class. authentication/PasswordIdentifier.php at de7b080d15529a44b61df0791aec06a678e16804 · cakephp/authentication · GitHub

It worked out well.

maybe this tutorial could be helpful