Disable password hashing for particular users

Question

We are using a single table for both admin and normal users. We need to save the admin password in hash format, but save the user password in plain text. How do do that with CakePHP 3.0

EDITED: User's username and password are used as a login credentials on another site as API. So i need to save password without hashing method of cakephp 3.0

Answer 1

As has been pointed out serveral times to you in the comments you should never store passwords as plain text in your database. This is regardless to whether or not they are being directly used by your app or not. As Anthony mentioned in his comment to your question you should consider storing encrypted passwords encrypted that can be reversed by your app.

You should also check that the API you are using does not provide a more secure method for logging in using access tokens.

If you want to persist with storing plain text passwords despite all this then you should consider storing them in a separate column to your hashed ones. For example:-

id | username | password | api_login_password

It would not be a good idea to mix the usage of the password column by having some records with encrypted passwords and others not.

Using a schema like this you will not need to hash the api_login_password but continue to hash the app's passwords. Presumably you have CakePHP setup to hash the passwords on your User entity, this will not affect the api_login_password column.

Answer 2

You need to use beforeSave method.

// in model

function beforeSave()
{
    // put the conditions here

return true;
}