I user LDAP for authentication, so I don't store passwords in my users table.
// after authentication by LDAP
$this->Cookie->write('CookieAuth', [
'username' => $this->request->data('username'),
'password' => null
]);
I still want users to be identified by the username, so I had to comment a line out
if (empty($cookies[$username]) /*|| empty($cookies[$password])*/) {
return false;
}
// the user can be found by his username. The password field is not mandatory
// in BaseAuthenticate.php
$user = $this->_findUser($cookies[$username], $cookies[$password]);
if ($user) {
return $user;
}
I user LDAP for authentication, so I don't store passwords in my users table.
I still want users to be identified by the username, so I had to comment a line out
Is this reasonable?