/ informatica

CakePHP authentication and password hashing

I had some problem with the authentication guide in the CakePHP book so i made some modifications to the wiki and i report here my problem.

If you create the user table as suggested in the guide you must know that the password used by CakePHP, before the standard hash SHA1 are encrypted with the seed saved in app/config/core.php in this way:
hashpwd = SHA1(seed+plain_text_password).

I didn't know that and i saved my first user with:
INSERT INTO users (username, password) VALUES ('pippo', SHA1('pippo'));

And the login failed and failed...
So i spent a couple of hours trying to find an inexistent error in my code :(
At the end, after a full debug, i found it: the select query used a password hash different from mine, and the secret was revealed :D