Have you tried this out using a different name for the column holding
the password?
I call my password field "passwd", because I believe 'password' is a
reserved keyword in MySQL.
At any rate, I found that in order to perform data validation on the
submitted password, I had to manually hash the password like you do.
In the form, I collect the password in a field named "new_passwd":
$form->text('User.new_passwd', array('type' => 'password', 'size'
=> '80') );
In my controller, I create a new data field called 'new_passwd_hash':
if( !empty( $this->data['User']['new_passwd']) ){
$this->data['User']['new_passwd_hash'] = $this->Auth-
>password( $this->data['User']['new_passwd'] );
}
In my model, all the validation rules are applied to the 'new_passwd'
field, but in my beforeSave() function of the User model, I do:
if( !empty( $this->data['User']['new_passwd_hash'] ) ){
$this->data['User']['passwd'] = $this->data['User']
['new_passwd_hash'];
}
If the validation rules pass, then the passwd field is set to the hash
value, which is the only value sent to the database.
You are right that it should automatically work like you are expecting
it to, but since the automatic hashing of the password prevents you
from doing any validation on the submitted password, it is probably
preferrable to do it manually anyways. For example, a blank password
value will get hashed so that it looks like a real password.
Also, you might want to re-think using md5. Although it is pretty
good, most hard core security experts consider it an outdated hashing
algorithm that is too insecure to be used anymore.
On Apr 4, 12:03 pm, Baz <[EMAIL PROTECTED]> wrote:
> Yes, that's what I meant....hmmmph...well
>
> Do some code dumps in bin.cakephp.org I guess
>
> On Fri, Apr 4, 2008 at 1:53 PM, dw <[EMAIL PROTECTED]> wrote:
>
> > Do you mean in the controllers? I do call parent::beforeFilter() in
> > each of their beforeFilter().
>
> > On Apr 4, 11:32 am, Baz <[EMAIL PROTECTED]> wrote:
> > > In your other models, are you calling parent::beforeFilter() in
> > > beforeFilter?
>
> > > On Fri, Apr 4, 2008 at 1:07 PM, dw <[EMAIL PROTECTED]> wrote:
>
> > > > I have a User model, which has an admin_add function. The user's
> > > > password is being hashed just fine. I also have an admin_pw function,
> > > > with which an admin can change a user's password, and a change_pw
> > > > function, which lets the user change their own password. The Auth
> > > > component is not hashing passwords for the latter two functions. I
> > > > cannot see a difference in the views/functions and can't figure out
> > > > what is wrong. Does anyone have any ideas?
>
> > > > in app_controller:
>
> > > > function beforeFilter(){
> > > > Security::setHash("md5");
> > > > $this->Auth->model = 'User';
> > > > $this->Auth->fields = array('username' => 'username',
> > > > 'password' => 'password');
> > > > $this->Auth->sessionKey = 'User';
> > > > $this->Auth->loginAction = array('controller' => 'users',
> > > > 'action' => 'login');
> > > > $this->Auth->loginRedirect = array('controller' => 'profiles',
> > > > 'action'=>'report_index');
> > > > $this->Auth->logoutRedirect = null;
> > > > $this->Auth->loginError = 'Invalid username / password
> > > > combination. Please try again';
> > > > $this->Auth->authorize = 'controller';
> > > > }
>
> > > > all three views use:
> > > > $form->password('User.password', array('size' => '30','label'=>false))
>
> > > > I do a straight $this->User->save($this->data) in all three functions,
> > > > but for the admin_pw and change_pw i need to do this first:
> > > > $this->data['User']['password'] = $this->Auth->password($this-
> > > > >data['User']['password']);
> > > > If i don't, the plain text password is saved to the db.
>
> > > > any ideas? thanks.
> > > > -d
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
