By default the Auth component uses the Security class for hashing the password and the Security class uses SHA1 for hashing. The Auth component automatically performs the hashing for password verification and user creation as long as there are both username and password fields.
As mentioned previously, these settings can go into the specific controllers, or in the app controller for use with all controllers.
You can use change the hashing method for the Security class as follows:
Security::setHash('md5'); // or sha256 or sha1 (default)
For the error message on invalid login use loginError.
$this->Auth->loginError = "Login failed. Invalid username or password.";For the error message when trying to access a protected page use
authError.
$this->Auth->authError = "You are not authorized to access that location.";While the Auth component remembers what page you were trying to access before logging in, if you enter the site from an external link for example you can set what URL the user goes to after login, you can also set the URL after logout.
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
No comments:
Post a Comment