Thanks, that will be a lot cleaner than doing it in the controller and messing about with the raw post data.
On 16 Feb, 16:50, "dr. Hannibal Lecter" <lecter...@gmail.com> wrote: > I hope this might be of some help: > > http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-... > > On Feb 16, 5:21 pm, Chris <c.gra...@hpani.org.uk> wrote: > > > Perhaps I am just having a blonde moment, but I seem to be having > > difficulties with ACL and passwords. > > > I followed the example > > athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > and then once I was confident of what I was doing implemented it into > > my current project. > > > It has all worked fine, AROS/ACOS all generated, logging in and out > > fine, permissions working.... however there is a problem. > > > The edit form for users pulls in the password by default and I wanted > > to leave it blank so that the user can update extra info on themselves > > without having to change their password, so I passed in empty string > > as the value in the input. > > > When the post occurs $this->data contains an sha1 encrypted string.... > > it seems that auth or acl is taking empty string, adding the salt and > > then encrypting....... before validation!!! > > > I decided to just check the value for $_POST['data']['User'] > > ['password'] and if that is blank then unset $this->data['User'] > > ['password']...... problem solved..... in a not so nice way. However > > another issue has now raised its ugly head. > > > My validation rules are now meaningless. I have a minimum length > > validation rule on the password field to ensure that passwords are 8 > > characters or more. This rule is now always met because the string is > > sha1 encrypted before validation and is therefore always 40 characters > > long..... > > > The only solution I can think of, for now, is controller based > > validation on the raw post data..... which isn't very clean. If > > anyone has a better idea please let me know. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
