If you want to enforce limits on the password (see below) you have to do before hashing. So I cant see it as a bad thing to compare the passwords before hashing.
(from the bakery) Required: 6-15 characters, at least one number, one uppercase letter, one lowercase letter. No whitespace, accents or special characters other than punctuation permitted. On Jan 18, 4:48 pm, Delirium tremens <[email protected]> wrote: > Is it a good or a bad practice to validate passwords before hashing? > Is the following solution, the best? > > //register function > function register() { > if (!empty($this->data)) { > if ($this->data['User']['password'] == $this- > > >Auth->password($this- > >data['User']['password_confirm'])) { > > $this->User->create() && > $this->User->validates(); > > if ($this->User->save($this->data)) { > $this->Session->setFlash("You > have been registered! You can log > in now."); > $this->redirect(array('action' > => 'index')); > } > } > } > } --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
