Nowadays is very common to synchronize different applications, relate them somehow or even share the users accounts.
Working with a framework such as CakePHP make thing easier but at the same time it hides all those actions taking place behind the scenes.
CakePHP automatically hashes the user passwords to secure them and store the hash in the users table of the database. A hashed password with CakePHP 2.3 looks like this:
How does it works?
Well, after examining the process taking place when login ($this->Auth->login()) we can easily notice that CakePHP makes use of its function
hash (defined in lib\Cake\Utility\Security)to hash the user’s password and compare it with the value stored in the database.
We can also notice it uses the PHP function
sha1 if there’s no
type or it is defined as
sha1, which means this will be the
default behavior as
type is an optional parameter for the function defined as
null by default.
As by default the
salt parameter is defined to
false, it will use the value stored in CakePHP configuration for it:
This value is extracted from
Therefor, if we want to validate a user against CakePHP users table from outside CakePHP, we will only need to make use of the same
salt value as our CakePHP application and then concatenate it with our user password to obtain the CakePHP hashed password:
Join 2,000+ readers and learn something new every month!