I hope this might be of some help: http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-password-validation
On Feb 16, 5:21 pm, Chris <c.gra...@hpani.org.uk> wrote: > Perhaps I am just having a blonde moment, but I seem to be having > difficulties with ACL and passwords. > > I followed the example > athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > and then once I was confident of what I was doing implemented it into > my current project. > > It has all worked fine, AROS/ACOS all generated, logging in and out > fine, permissions working.... however there is a problem. > > The edit form for users pulls in the password by default and I wanted > to leave it blank so that the user can update extra info on themselves > without having to change their password, so I passed in empty string > as the value in the input. > > When the post occurs $this->data contains an sha1 encrypted string.... > it seems that auth or acl is taking empty string, adding the salt and > then encrypting....... before validation!!! > > I decided to just check the value for $_POST['data']['User'] > ['password'] and if that is blank then unset $this->data['User'] > ['password']...... problem solved..... in a not so nice way. However > another issue has now raised its ugly head. > > My validation rules are now meaningless. I have a minimum length > validation rule on the password field to ensure that passwords are 8 > characters or more. This rule is now always met because the string is > sha1 encrypted before validation and is therefore always 40 characters > long..... > > The only solution I can think of, for now, is controller based > validation on the raw post data..... which isn't very clean. If > anyone has a better idea please let me know. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
