Monday, February 23, 2009

Re: behaving the CakePHP 1.2 way

To validate passwords, use this code:


# in account controller

var $components = array (
'Auth'
);

function beforeFilter() {
$this->Auth->fields = array (
'username' => 'email',
'password' => 'password'
);
$this->Auth->userModel = 'Account';
$this->Auth->allow('create');
if ($this->action == 'create' || $this->action == 'update') {
$this->Auth->authenticate = $this->Account;
}
}

function create() {
$this->pageTitle = 'Account / Create';
if (!empty ($this->data)) {
if ($this->Account->save($this->data)) {
$this->flash('The account has been saved.', '/statistics');
}
}
}
function update() {
$this->pageTitle = 'Account / Update';
$this->Account->id = $id = $this->Auth->user('id');
if (empty ($this->data)) {
$this->data = $this->Account->read();
} else {
$account = $this->Account->findById($this->Auth->user('id'));
$this->Account->set($this->data);
if ($this->Account->validates()) {
if ($this->Auth->password($this->data['Account']
['currentpassword']) == $account['Account']['password'])
$this->data['Account']['password'] = $this->data['Account']
['newpassword'];
if ($this->Account->save($this->data)) {
$this->flash('The account with id ' . $id . ' has been updated.',
'/statistics');
}
}
}
}
}


# in account model

function hashPasswords($data, $enforce = false) {
if ($enforce && isset ($this->data[$this->alias]['password'])) {
if (!empty ($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = Security :: hash($this->data
[$this->alias]['password'], null, true);
}
}
return $data;
}
function beforeSave() {
$this->hashPasswords(null, true);
return true;
}


# in create view

<?php
echo $form->create('Account', array('action' => 'create'));
echo $form->input('email', array('size' => 40));
echo $form->input('password', array('type'=>'password', 'size' =>
20));
echo $form->end('Create Account');
?>


# in update view

<?php
echo $form->create('Account', array('action' => 'update'));
echo $form->input('email', array('size' => 40));
echo $form->input('currentpassword', array('type' => 'password',
'size'=> 20));
echo $form->input('newpassword', array('type' => 'password', 'size'=>
20));
echo $form->input('id', array('type'=>'hidden'));
echo $form->end('Update Account');
?>

On 30 jan, 06:05, ddaffy <dda...@gmail.com> wrote:
> i solved it this way:
>
> - named form field 'password1' (or whatever)
> - validated that field in User model
> - hashed it with AuthComponent::password() in User::beforeSave()
> - placed it in $this->data['User']['password'] (and unset $this->data
> ['User']['password1'])
>
> On Jan 30, 2:11 am,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > This part of the problem has been solved.
>
> > On 29 jan, 15:06,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > What else should I try?
>
> > > On 29 jan, 15:01,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > The code from the site:
>
> > > >     function hashPasswords($data, $enforce=false) {
> > > >             if($enforce && isset($this->data[$this->alias]['password'])) {
> > > >             if(!empty($this->data[$this->alias]['password'])) {
> > > >                 $this->data[$this->alias]['password'] = Security::hash
> > > > ($this->data[$this->alias]['password'], null, true);
> > > >             }
> > > >         }
> > > >         return $data;
> > > >     }
> > > >     function beforeSave() {
> > > >             $this->hashPasswords(null, true);
> > > >             return true;
> > > >     }
>
> > > > I tried:
> > > > - the code without changes
> > > > - the code with alias changed to userModel
> > > > - the code with null changed to $data
> > > > - the code with null changed to $this->data
>
> > > > The codes I tried are not encrypting the password after validating it.
>
> > > > On 29 jan, 12:18, "j0n4s.h4rtm...@googlemail.com"
>
> > > > <j0n4s.h4rtm...@googlemail.com> wrote:
> > > > > I did not try this yet, but this should help you, right?:
>
> > > > >http://teknoid.wordpress.com/2008/10/08/demystifying-auth-features-in...
>
> > > > > p.s. I believe the whole thing is because AuthComponent is
> > > > > AuthComponent and not AuthBehavior. If it came with such a thing it
> > > > > would be more clear (because hashing would take place in the model
> > > > > then)
>
> > > > > On Jan 28, 8:04 pm,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > > > there is no afterValidate
> > > > > > there is no beforeLogin
>
> > > > > > What now???
>
> > > > > > On 28 jan, 16:47,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > > > > I added:
>
> > > > > > > function beforeSave() {
> > > > > > >         $this->data['Account']['password'] = md5($this->data['Account']
> > > > > > > ['password']);
> > > > > > >         return true;
>
> > > > > > > }
>
> > > > > > > to Account model, but now login does not work. Why?
>
> > > > > > > On 28 jan, 16:04,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > > > > > Hold on... I need it encrypted after validated... What now???
>
> > > > > > > > On 28 jan, 15:53,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > > > > > > I understood! I added it to BeforeFilter. It works!
>
> > > > > > > > > On 28 jan, 15:37,Deliriumtremens<pedbe...@gmail.com> wrote:
>
> > > > > > > > > > I added:
>
> > > > > > > > > > $this->Auth->authenticate = $this->Account;
>
> > > > > > > > > > to login.
>
> > > > > > > > > > I added:
>
> > > > > > > > > >     function hashPasswords( $data ) {
> > > > > > > > > >         return $data;
> > > > > > > > > >     }
>
> > > > > > > > > > to Account model.
>
> > > > > > > > > > After updating my account, $cakeDebug (my debug config is 2, so flash
> > > > > > > > > > is eternal) flashed my password hashed. Am I doing anything wrong?
>
> > > > > > > > > > On 27 jan, 21:34, Gonzalo Servat <gser...@gmail.com> wrote:
>
> > > > > > > > > > > On Tue, Jan 27, 2009 at 8:26 PM,Deliriumtremens<pedbe...@gmail.com>wrote:
>
> > > > > > > > > > > > CakePHP 1.2 is encrypting passwords before validating them.
>
> > > > > > > > > > > > CakePHP 1.2 is trying to make us behave in a different way.
>
> > > > > > > > > > > > Are you behaving the CakePHP 1.2 way?
>
> > > > > > > > > > > > What are you doing now that you are not allowed to validate passwords?
>
> > > > > > > > > > > I take it you're talking about the AuthComponent? If so, yes it hashes
> > > > > > > > > > > passwords automagically so you basically just store the hashed password in
> > > > > > > > > > > your DB. If you don't want that, you can do something like this:
>
> > > > > > > > > > > $this->Auth->authenticate = $this->User;  // or whatever ...
>
> > > > > > > > > > > Inside the User model, you could have:
>
> > > > > > > > > > > function hashPasswords( $data ) {
> > > > > > > > > > >       return $data;
>
> > > > > > > > > > > }
>
> > > > > > > > > > > Instead of hashing the password, it just returns it unmodified (clear text).
>
> > > > > > > > > > > - Gonzalo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)