Re: Custom Function Password Match Always Triggered

Tue, 21 Dec 2010 10:10:08 -0800 

Hi Ryan, Thanks I think I get what you're saying, going to change
tomorrow, gtg, Thanks !

On Dec 22, 2:02 am, Ryan Schmidt <google-2...@ryandesign.com> wrote:
> On Dec 21, 2010, at 11:42, John Maxim wrote:
>
>
>
> > the controller register function code is here:
>
> > function register()
> >            {
> >              if (!empty($this->data))
> >              {
> >                $this->data['User']['password'] = md5($this->data['User']
> > ['password']);
>
> >                    if ($this->User->save($this->data))
>
> >                            {
> >                              $this->Session->setFlash('Your registration 
> > information was
> > accepted.');
> >                              $this->Session->write('user', 
> > $this->data['User']['username']);
> >                              $this->redirect(array('action' => 'index'), 
> > null, true);
>
> >                            }else{
> >                            $this->data['User']['password'] = '';
> >                $this->Session->setFlash('There was a problem saving
> > this information');
> >                            }
> >                    }
>
> >            }
>
> > --------------
> > I know already some veterans here have suggested Auth but I'm in a bit
> > rush to complete a milestone and have a meeting, at least something
> > going on what I initially started, I'd be using Auth after I fix this
> > thing, is Md5 above wrongly used ?
>
> > Does it affect my validation model code ? Why is it always triggered
> > even though the same passwords for both fields are entered ?
>
> As I said in my previous message, use Security::hash(). Do not use md5(). If 
> you want Security::hash() to use the md5 algorithm internally, use 
> "Security::setHash('md5');" in your config file.
>
> Security::hash() doesn't just call the requested hash function on the given 
> data; it also makes use of the salt specified in your config file. That's why 
> it doesn't match what you get when you just call md5() manually without the 
> salt.

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Reply via email to