The name of the filed isn't an issue. Although for a true implementation he'll have to user fields such as new_password, he shouldn't have to for his implementation. He said that all the vies have the same $form->password('User.password', array('size' => '30','label'=>false))
I'm assuming all of these are in the user model...so I'm not sure why it isn't hashing. As I said, paste some code in bin.cakephp.org, I'm intrigued. On Fri, Apr 4, 2008 at 2:48 PM, aranworld <[EMAIL PROTECTED]> wrote: > > Have you tried this out using a different name for the column holding > the password? > > I call my password field "passwd", because I believe 'password' is a > reserved keyword in MySQL. > > At any rate, I found that in order to perform data validation on the > submitted password, I had to manually hash the password like you do. > > In the form, I collect the password in a field named "new_passwd": > > $form->text('User.new_passwd', array('type' => 'password', 'size' > => '80') ); > > In my controller, I create a new data field called 'new_passwd_hash': > if( !empty( $this->data['User']['new_passwd']) ){ > $this->data['User']['new_passwd_hash'] = $this->Auth- > >password( $this->data['User']['new_passwd'] ); > } > > In my model, all the validation rules are applied to the 'new_passwd' > field, but in my beforeSave() function of the User model, I do: > if( !empty( $this->data['User']['new_passwd_hash'] ) ){ > $this->data['User']['passwd'] = $this->data['User'] > ['new_passwd_hash']; > } > > If the validation rules pass, then the passwd field is set to the hash > value, which is the only value sent to the database. > > You are right that it should automatically work like you are expecting > it to, but since the automatic hashing of the password prevents you > from doing any validation on the submitted password, it is probably > preferrable to do it manually anyways. For example, a blank password > value will get hashed so that it looks like a real password. > > Also, you might want to re-think using md5. Although it is pretty > good, most hard core security experts consider it an outdated hashing > algorithm that is too insecure to be used anymore. > > On Apr 4, 12:03 pm, Baz <[EMAIL PROTECTED]> wrote: > > Yes, that's what I meant....hmmmph...well > > > > Do some code dumps in bin.cakephp.org I guess > > > > On Fri, Apr 4, 2008 at 1:53 PM, dw <[EMAIL PROTECTED]> wrote: > > > > > Do you mean in the controllers? I do call parent::beforeFilter() in > > > each of their beforeFilter(). > > > > > On Apr 4, 11:32 am, Baz <[EMAIL PROTECTED]> wrote: > > > > In your other models, are you calling parent::beforeFilter() in > > > > beforeFilter? > > > > > > On Fri, Apr 4, 2008 at 1:07 PM, dw <[EMAIL PROTECTED]> wrote: > > > > > > > I have a User model, which has an admin_add function. The user's > > > > > password is being hashed just fine. I also have an admin_pw > function, > > > > > with which an admin can change a user's password, and a change_pw > > > > > function, which lets the user change their own password. The Auth > > > > > component is not hashing passwords for the latter two functions. I > > > > > cannot see a difference in the views/functions and can't figure > out > > > > > what is wrong. Does anyone have any ideas? > > > > > > > in app_controller: > > > > > > > function beforeFilter(){ > > > > > Security::setHash("md5"); > > > > > $this->Auth->model = 'User'; > > > > > $this->Auth->fields = array('username' => 'username', > > > > > 'password' => 'password'); > > > > > $this->Auth->sessionKey = 'User'; > > > > > $this->Auth->loginAction = array('controller' => 'users', > > > > > 'action' => 'login'); > > > > > $this->Auth->loginRedirect = array('controller' => > 'profiles', > > > > > 'action'=>'report_index'); > > > > > $this->Auth->logoutRedirect = null; > > > > > $this->Auth->loginError = 'Invalid username / password > > > > > combination. Please try again'; > > > > > $this->Auth->authorize = 'controller'; > > > > > } > > > > > > > all three views use: > > > > > $form->password('User.password', array('size' => > '30','label'=>false)) > > > > > > > I do a straight $this->User->save($this->data) in all three > functions, > > > > > but for the admin_pw and change_pw i need to do this first: > > > > > $this->data['User']['password'] = $this->Auth->password($this- > > > > > >data['User']['password']); > > > > > If i don't, the plain text password is saved to the db. > > > > > > > any ideas? thanks. > > > > > -d > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---