Re: Validate data md5

2010-06-07 Thread Chrriss 
Thank you guys, this was really helpful

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Validate data md5

2010-06-05 Thread vekija 
Right, but not everyone uses secure connection for user registration,
and honestly I can't
remember a single site which doesn't clear the password field on
registration error.

On Jun 5, 3:20 am, calvin cal...@rottenrecords.com wrote:
 I don't get that. I think that presents a false sense of security.

 It's best practice to use a secure connection whenever you're
 transmitting passwords. And if you're handling the request over secure
 http, then it doesn't matter if you send the password back to the
 user.

 On Jun 4, 10:08 am, vekija vedran.konto...@gmail.com wrote:



  When you have an error on the registration form, it is a best practice
  to clear the password value and force the user to renter that info.

  So, in the controller...

  if($this-User-save($this-data)) {
     // ... whatever you do after user had registered successfully} else {

   // ... there was an error
   $this-data['User']['password'] = null;

  }

  V

  On Jun 4, 4:21 pm, Chrriss polet...@wanadoo.fr wrote:

   Hi,

   I have a form to add a user and I use an md5 encryption when I save
   the password in the database.
   I use $validate to check if the email address is valid. If it's not,
   the form shows the data again with the error message but the password
   is not the right one in this case. It's the hashed password. So when I
   re-enter a valid email address, the password that is saved in the
   database is not the one I wanted!

   How can I do ?

   Thank you in advance!

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Validate data md5

2010-06-04 Thread vekija 
When you have an error on the registration form, it is a best practice
to clear the password value and force the user to renter that info.

So, in the controller...

if($this-User-save($this-data)) {
   // ... whatever you do after user had registered successfully
} else {
 // ... there was an error
 $this-data['User']['password'] = null;
}


V


On Jun 4, 4:21 pm, Chrriss polet...@wanadoo.fr wrote:
 Hi,

 I have a form to add a user and I use an md5 encryption when I save
 the password in the database.
 I use $validate to check if the email address is valid. If it's not,
 the form shows the data again with the error message but the password
 is not the right one in this case. It's the hashed password. So when I
 re-enter a valid email address, the password that is saved in the
 database is not the one I wanted!

 How can I do ?

 Thank you in advance!

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Validate data md5

2010-06-04 Thread alaxos 
If you don't want to reenter the password, you can use a different
name for the password input.

For instance:

View:

$this-Form-input('new_password', array('type' = 'password'));

Controller:

if(!empty($this-data['User']['new_password']))
{
$this-data['User']['password'] = $this-Auth-password($this-
data['User']['new_password']);
}

This way if your form is printed again, the field new_password is not
hashed.

Regards,
nIcO

On 4 juin, 19:08, vekija vedran.konto...@gmail.com wrote:
 When you have an error on the registration form, it is a best practice
 to clear the password value and force the user to renter that info.

 So, in the controller...

 if($this-User-save($this-data)) {
    // ... whatever you do after user had registered successfully} else {

  // ... there was an error
  $this-data['User']['password'] = null;

 }

 V

 On Jun 4, 4:21 pm, Chrriss polet...@wanadoo.fr wrote:

  Hi,

  I have a form to add a user and I use an md5 encryption when I save
  the password in the database.
  I use $validate to check if the email address is valid. If it's not,
  the form shows the data again with the error message but the password
  is not the right one in this case. It's the hashed password. So when I
  re-enter a valid email address, the password that is saved in the
  database is not the one I wanted!

  How can I do ?

  Thank you in advance!

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Validate data md5

2010-06-04 Thread calvin 
I don't get that. I think that presents a false sense of security.

It's best practice to use a secure connection whenever you're
transmitting passwords. And if you're handling the request over secure
http, then it doesn't matter if you send the password back to the
user.

On Jun 4, 10:08 am, vekija vedran.konto...@gmail.com wrote:
 When you have an error on the registration form, it is a best practice
 to clear the password value and force the user to renter that info.

 So, in the controller...

 if($this-User-save($this-data)) {
    // ... whatever you do after user had registered successfully} else {

  // ... there was an error
  $this-data['User']['password'] = null;

 }

 V

 On Jun 4, 4:21 pm, Chrriss polet...@wanadoo.fr wrote:

  Hi,

  I have a form to add a user and I use an md5 encryption when I save
  the password in the database.
  I use $validate to check if the email address is valid. If it's not,
  the form shows the data again with the error message but the password
  is not the right one in this case. It's the hashed password. So when I
  re-enter a valid email address, the password that is saved in the
  database is not the one I wanted!

  How can I do ?

  Thank you in advance!

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en