That is a good idea about using invalidate. I didnt know i could do it
that way.
And i'm not sure which code you are referring to, but the latest post
with code that i posted i did not call beforeValidate on my own..
Maybe you read that part wrong.. Those were separate functions..
Second of all, i'm not md5'ing anything more than once.. I'm sure of
that (i just tested to make sure).
If you look closely at the code, in beforeValidate i check if the
password was left blank, and if it was i unset that variable from the
array altogether, because this means i don't want to change the
password. Turns out cakephp is fine with that, if a variable is not in
the $data array then it won't be changed when you do a save. So
basically its as if the password field wasn't even there if the user
didnt fill it in, which is exactly what i want..
Then all i have to do is md5 if the field was not empty.. Thanks for
your help though, these little issues have been taking me a lot of
time to get figured out.. Hopefully the next app i build with cakephp
will be 10x faster (it should be)
On Jun 27, 4:27 pm, Grant Cox <[EMAIL PROTECTED]> wrote:
> I would use $this->invalidate('password', "Passwords do not match") -
> this way it is just the same as any other validation routine. You
> also don't need to call beforeValidate() in your beforeSave, it is
> done automatically by Cake when you save.
>
> Your beforeSave is still MD5-ing every password that gets put in
> there. So, if you do:
>
> $existing_user = $this->User->read(null, $user_id);
> $existing_user['User']['name'] = 'I am changing your name';
> $this->User->save( $existing_user );
>
> then your password is now double MD5'd. What I was saying previously
> is that the field submitted from the form that has the plain text
> password should not be the actual password field used in your
> database. So if you use "password" in the database to indicate a
> hashed password, then on your form make the field "plain_password" or
> "new_password" or something - this way in your beforeSave you know if
> it needs to be MD5'd, otherwise don't change. The "plain_password"
> should not be saved into the db at all. And you're right, the hashed
> password field should not appear in a form either.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
