cakephp compare password for webservice

Question

I'm new to cakephp, I'm implementing a web service for update password where user will provide oldpassword, newpassword, username parametrs, I have to check in db if that username has the old password, then update db with newpassword.

what I have done so far is, I got the parametrs, I can fetch the data with username like this

 $username = $this->request->query['username'];
 $oldpassword = $this->request->query['oldpassword'];
 $dataexist = $this->User->find('first', array('fields' => array('User.id','User.username','User.password'), 'conditions' => array('User.username' => $username)));

Now its returning data, but if I use password field like this

$dataexist = $this->User->find('first', array('fields' => array('User.id','User.username','User.password'), 'conditions' => array('User.username' => $username,'User.password' => $oldpassword)));

Its returning empty result, even I pass correct old password..! where I'm doing mistake, any help is much appreciated...

Answer 1

Well, I am assuming here that you are using the default password Hasher,

Share your auth configuration to change that assumption :)

If it's the case, you can get the hash password like this

<?php

App::uses('SimplePasswordHasher', 'Controller/Component/Auth');
$passwordHasher = new SimplePasswordHasher();
$hashPassword = $passwordHasher->hash($rawPassword);


?>

Answer 2

You can use my code :

$newPass = '123abc';
$user = $this->User->find('first', array(
'conditions' => array(
'User.id' => AuthComponent::user('id')
),
'fields' => array('password')
));
$storedHash = $user['User']['password'];
$newHash = Security::hash($newPass, 'blowfish', $storedHash);
if($storedHash == $newHash){
return true;
}else{
return false;
}