Re: Auth/ACL - edit forms and password problems
Thanks, that will be a lot cleaner than doing it in the controller and messing about with the raw post data. On 16 Feb, 16:50, "dr. Hannibal Lecter" wrote: > I hope this might be of some help: > > http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-... > > On Feb 16, 5:21 pm, Chris wrote: > > > Perhaps I am just having a blonde moment, but I seem to be having > > difficulties with ACL and passwords. > > > I followed the example > > athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > > and then once I was confident of what I was doing implemented it into > > my current project. > > > It has all worked fine, AROS/ACOS all generated, logging in and out > > fine, permissions working however there is a problem. > > > The edit form for users pulls in the password by default and I wanted > > to leave it blank so that the user can update extra info on themselves > > without having to change their password, so I passed in empty string > > as the value in the input. > > > When the post occurs $this->data contains an sha1 encrypted string > > it seems that auth or acl is taking empty string, adding the salt and > > then encrypting... before validation!!! > > > I decided to just check the value for $_POST['data']['User'] > > ['password'] and if that is blank then unset $this->data['User'] > > ['password'].. problem solved. in a not so nice way. However > > another issue has now raised its ugly head. > > > My validation rules are now meaningless. I have a minimum length > > validation rule on the password field to ensure that passwords are 8 > > characters or more. This rule is now always met because the string is > > sha1 encrypted before validation and is therefore always 40 characters > > long. > > > The only solution I can think of, for now, is controller based > > validation on the raw post data. which isn't very clean. If > > anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth/ACL - edit forms and password problems
I hope this might be of some help: http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-password-validation On Feb 16, 5:21 pm, Chris wrote: > Perhaps I am just having a blonde moment, but I seem to be having > difficulties with ACL and passwords. > > I followed the example > athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application > and then once I was confident of what I was doing implemented it into > my current project. > > It has all worked fine, AROS/ACOS all generated, logging in and out > fine, permissions working however there is a problem. > > The edit form for users pulls in the password by default and I wanted > to leave it blank so that the user can update extra info on themselves > without having to change their password, so I passed in empty string > as the value in the input. > > When the post occurs $this->data contains an sha1 encrypted string > it seems that auth or acl is taking empty string, adding the salt and > then encrypting... before validation!!! > > I decided to just check the value for $_POST['data']['User'] > ['password'] and if that is blank then unset $this->data['User'] > ['password'].. problem solved. in a not so nice way. However > another issue has now raised its ugly head. > > My validation rules are now meaningless. I have a minimum length > validation rule on the password field to ensure that passwords are 8 > characters or more. This rule is now always met because the string is > sha1 encrypted before validation and is therefore always 40 characters > long. > > The only solution I can think of, for now, is controller based > validation on the raw post data. which isn't very clean. If > anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth/ACL - edit forms and password problems
Perhaps I am just having a blonde moment, but I seem to be having difficulties with ACL and passwords. I followed the example at http://book.cakephp.org/view/641/Simple-Acl-controlled-Application and then once I was confident of what I was doing implemented it into my current project. It has all worked fine, AROS/ACOS all generated, logging in and out fine, permissions working however there is a problem. The edit form for users pulls in the password by default and I wanted to leave it blank so that the user can update extra info on themselves without having to change their password, so I passed in empty string as the value in the input. When the post occurs $this->data contains an sha1 encrypted string it seems that auth or acl is taking empty string, adding the salt and then encrypting... before validation!!! I decided to just check the value for $_POST['data']['User'] ['password'] and if that is blank then unset $this->data['User'] ['password'].. problem solved. in a not so nice way. However another issue has now raised its ugly head. My validation rules are now meaningless. I have a minimum length validation rule on the password field to ensure that passwords are 8 characters or more. This rule is now always met because the string is sha1 encrypted before validation and is therefore always 40 characters long. The only solution I can think of, for now, is controller based validation on the raw post data. which isn't very clean. If anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---