The name of the filed isn't an issue.
Although for a true implementation he'll have to user fields such as
new_password, he shouldn't have to for his implementation. He said that all
the vies have the same $form->password('User.password', array('size' =>
'30','label'=>false))
I'm assuming all of these are in the user model...so I'm not sure why it
isn't hashing.
As I said, paste some code in bin.cakephp.org, I'm intrigued.
On Fri, Apr 4, 2008 at 2:48 PM, aranworld <[EMAIL PROTECTED]> wrote:
>
> Have you tried this out using a different name for the column holding
> the password?
>
> I call my password field "passwd", because I believe 'password' is a
> reserved keyword in MySQL.
>
> At any rate, I found that in order to perform data validation on the
> submitted password, I had to manually hash the password like you do.
>
> In the form, I collect the password in a field named "new_passwd":
>
> $form->text('User.new_passwd', array('type' => 'password', 'size'
> => '80') );
>
> In my controller, I create a new data field called 'new_passwd_hash':
> if( !empty( $this->data['User']['new_passwd']) ){
> $this->data['User']['new_passwd_hash'] = $this->Auth-
> >password( $this->data['User']['new_passwd'] );
> }
>
> In my model, all the validation rules are applied to the 'new_passwd'
> field, but in my beforeSave() function of the User model, I do:
> if( !empty( $this->data['User']['new_passwd_hash'] ) ){
> $this->data['User']['passwd'] = $this->data['User']
> ['new_passwd_hash'];
> }
>
> If the validation rules pass, then the passwd field is set to the hash
> value, which is the only value sent to the database.
>
> You are right that it should automatically work like you are expecting
> it to, but since the automatic hashing of the password prevents you
> from doing any validation on the submitted password, it is probably
> preferrable to do it manually anyways. For example, a blank password
> value will get hashed so that it looks like a real password.
>
> Also, you might want to re-think using md5. Although it is pretty
> good, most hard core security experts consider it an outdated hashing
> algorithm that is too insecure to be used anymore.
>
> On Apr 4, 12:03 pm, Baz <[EMAIL PROTECTED]> wrote:
> > Yes, that's what I meant....hmmmph...well
> >
> > Do some code dumps in bin.cakephp.org I guess
> >
> > On Fri, Apr 4, 2008 at 1:53 PM, dw <[EMAIL PROTECTED]> wrote:
> >
> > > Do you mean in the controllers? I do call parent::beforeFilter() in
> > > each of their beforeFilter().
> >
> > > On Apr 4, 11:32 am, Baz <[EMAIL PROTECTED]> wrote:
> > > > In your other models, are you calling parent::beforeFilter() in
> > > > beforeFilter?
> >
> > > > On Fri, Apr 4, 2008 at 1:07 PM, dw <[EMAIL PROTECTED]> wrote:
> >
> > > > > I have a User model, which has an admin_add function. The user's
> > > > > password is being hashed just fine. I also have an admin_pw
> function,
> > > > > with which an admin can change a user's password, and a change_pw
> > > > > function, which lets the user change their own password. The Auth
> > > > > component is not hashing passwords for the latter two functions. I
> > > > > cannot see a difference in the views/functions and can't figure
> out
> > > > > what is wrong. Does anyone have any ideas?
> >
> > > > > in app_controller:
> >
> > > > > function beforeFilter(){
> > > > > Security::setHash("md5");
> > > > > $this->Auth->model = 'User';
> > > > > $this->Auth->fields = array('username' => 'username',
> > > > > 'password' => 'password');
> > > > > $this->Auth->sessionKey = 'User';
> > > > > $this->Auth->loginAction = array('controller' => 'users',
> > > > > 'action' => 'login');
> > > > > $this->Auth->loginRedirect = array('controller' =>
> 'profiles',
> > > > > 'action'=>'report_index');
> > > > > $this->Auth->logoutRedirect = null;
> > > > > $this->Auth->loginError = 'Invalid username / password
> > > > > combination. Please try again';
> > > > > $this->Auth->authorize = 'controller';
> > > > > }
> >
> > > > > all three views use:
> > > > > $form->password('User.password', array('size' =>
> '30','label'=>false))
> >
> > > > > I do a straight $this->User->save($this->data) in all three
> functions,
> > > > > but for the admin_pw and change_pw i need to do this first:
> > > > > $this->data['User']['password'] = $this->Auth->password($this-
> > > > > >data['User']['password']);
> > > > > If i don't, the plain text password is saved to the db.
> >
> > > > > any ideas? thanks.
> > > > > -d
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
