Will that re-hash the MD5'ed password field when editing and then
saving again?
I do this at the moment:
In model:
function beforeSave() {
$password = isset($this->data['User']['password'])?$this->data['User']
['password']:"";
if (!preg_match(VALID_MD5,$password) {
$this->data['User']['password'] = md5($this->data['User']
['password']);
}
return true;
}
In bootstrap:
define('VALID_MD5','/^[a-fA-F0-9]{32}$/i');
On Mar 19, 6:40 am, "Mariano Iglesias" <[EMAIL PROTECTED]>
wrote:
> Sure, use the beforeSave and beforeFind on the model side.
>
> class User extends AppModel {
> // ...
> function beforeSave() {
>
> if (isset($this->data[$this->name]['password'])) {
> $this->data[$this->name]['password'] =
> md5($this->data[$this->name]['password']);
> }
>
> return parent::beforeSave();
> }
>
> function beforeFind($queryData) {
> if (isset($queryData[$this->name]['password'])) {
> $queryData[$this->name]['password'] =
> md5($this->data[$this->name]['password']);
> }
>
> return $queryData;
> }
>
> }
>
> This way when from your controller you are saving the model having the
> password field set, it will automatically hash it:
>
> $data = array(
> 'User' => array('user' => 'mariano', 'password' => 'password')
> );
>
> $this->User->save($data);
>
> The same way when you are looking for a record if you set the password field
> as part of the data to be searched for, it will hash it:
>
> $conditions = array(
> 'User' => array('user' => 'mariano', 'password' => 'password')
> );
>
> $result = $this->User->find($conditions);
>
> -MI
>
> ---------------------------------------------------------------------------
>
> Remember, smart coders answer ten questions for every question they ask.
> So be smart, be cool, and share your knowledge.
>
> BAKE ON!
>
> blog:http://www.MarianoIglesias.com.ar
>
> -----Mensaje original-----
> De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre
> de billybob
> Enviado el: Domingo, 18 de Marzo de 2007 02:12 p.m.
> Para: Cake PHP
> Asunto: saving sensitive data with md5
>
> I'm using cake's MVC approach which works really great. I like the
> ability to use the MVC and save from the controller; it makes things
> nice and is very easy. I did run into a problem which I can't figure
> out, however. Let's say I want to save sensitive information like a
> password in the database. Currently, it appears cake will only let
> you save in clear text (won't let you hash) in the default MVC
> approach.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
