w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Converting from MD5 Legacy Auth System to CakePHP

Figured it out thanks to this answer (albeit lightly modified). Basically, it updates the user behind the scenes to use the new system if the current system doesn't match up with it.

 *  Login method
public function login() {
    $this->layout = 'homepage';
    // If the user is already logged in, redirect to their user page
    if($this->Auth->user() != null) {
    } else {
        // If this is being POSTed, check for login information
        if($this->request->is('post')) {
                // Redirect to origin path, ideally

            } else {
                $this->Session->setFlash('Invalid username or
password, try again');

 *  Update password method
 *  @param array The user's data array
 *  @param Returns either a user object if the user is valid or null
private function loginHelper($data) {
    $username = $this->data['User']['username'];
    $plainText = $this->data['User']['password'];

    $user = current($this->User->findByUsername($username));

    $salted = Security::hash($plainText, null, true);

    if ($salted === $user['password']) {
        return $user; // user exists, password is correct

    $md5ed = Security::hash($plainText, 'md5', null);

    if ($md5ed === $user['password']) {
                $this->User->id = $user['id'];
        $this->User->saveField('password', $plainText);

        return $user; // user exists, password now updated to blowfish

    return null; // user's password does not exist.

© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.