component always hashs posted data that has the field name as
"password".
For my user registration I created two fields called "secret" and
"confirmsecret", and I use this in the validate rules. It doesn't
matter that the secret fields don't exist in the table, but you should
define the validation rules for record creation only by adding
"on"=>"create" to the rule. You can then add minLength to the secret
field.
You then need to call $this->User->validate() before $this->User-
>save(), and if it validates then copy the secret field to password as
a hashed password. I do this in the controller like this.
if($this->data)
{
// Check for data validation
$this->User->set( $this->data );
if($this->User->validates())
{
// Hash the password, and save the new record
$this->data['User']['password'] = $this->Auth->password($this-
>data['User']['secret']);
$this->User->set( $this->data );
if($this->User->save())
{
$this->redirect( ... );
}
}
}
You don't need to validate the password field for user log in
attempts. Either the hash will match or it doesn't.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment