Instead of 'password' use 'new_password' and hash it manually in controller's register action:
$this->data['User']['password'] = Security::hash( $this->data['User']['new_password'], null, true); Then you should save data with option 'validate' => first if ($this->User->saveAll($this->data, array('validate' => 'first'))) { /* it validates */} else { unset $this->data['User'] ['new_password']; } And you validate unexisting in db field 'new_password' insted of password, so in UserModel : var $validate = array( 'new_password' => array( 'between' => array( 'rule' => array('between', 6, 20), 'message' => 'Hasło musi mieć od 6 do 20 znaków' ), 'notEmpty' => array( 'rule' => 'notEmpty', 'message' => 'Podaj hasło' ) ), ); I think there should be also in $validate array, option to validate only on create, ('on' => 'create') but check it in book On Sep 5, 10:11 pm, Simon <m...@simonopsomer.be> wrote: > In my register-form I have a passwordfield and i use Auth-component. > If I fill in an incorrrect form and press 'submit', there are some > validation errors who are nicely shown. That's perfectly great but my > passwordfield gets the value of the hashed string who was filled in. > It looks like Auth hashes the field and then puts this data back into > the value-atribute. Is there some way to prevent that? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en