Wednesday, September 30, 2009

Re: Change Password

I think the 'password' only gets automatically hashed if there is a
'username' field set as well (and I regularly forget this). So you
tend tend to run into problems when you have a view just to update a
password.

When I remember I use a bit of code like this and has the new password
manually:

if(($this->data['User']['password'] == $this->data['User']
['confirm_password'])) {

$this->User->validate = $this->User->validate_password;

$this->data['User']['password'] = Security::hash
(Configure::read('Security.salt') . $this->data['User']['password']);

if ($this->User->save($this->data)) {

$this->Session->setFlash('You have successfully updated
this password.');

$this->redirect(array('controller' => 'users',
'action'=>'index'), null, true);

} else {

$this->Session->setFlash('Sorry unable to update
password.');
}
}


John

On Sep 30, 12:27 am, brian <bally.z...@gmail.com> wrote:
> I kept running into issues with passwords so I removed the validation
> from the model and created a component to handle it. For a "new
> password" scenario, the fields are 'password_1' and 'password_2',, so
> Auth keeps its mitts off them.
>
> You can see it here, with a "new password" example:
>
> http://bin.cakephp.org/view/1339211759
>
> Comments/criticisms welcome.
>
> On Tue, Sep 29, 2009 at 2:44 PM, Dave Maharaj :: WidePixels.com
>
> <d...@widepixels.com> wrote:
>
> > Here is the controller function
>
> > Maybe someone can see where I am going wrong?
>
> > function changePassword() {
> >          $id = $this->Auth->user('id');
>
> >          $this->User->unbindValidation('keep', array('password',
> > 'confirm'), true);
> >          if (!empty($this->data)) {
>
> >                  $this->data['User']['confirm'] =
> > $this->Auth->password($this->data['User']['confirm']);
> >              //debug confirm and get gf456dg5rtert132erwr string
> >              $this->User->set($this->data);
> >              if ($this->User->validates()) {
> >                        $this->User->id = $id;
> >                        $white = array('password');
> >                        $this->User->save($this->data, true,
> > array_intersect(array_keys($this->User->schema()), $white));
> >                  $this->Session->setFlash(__('Passwords Matched and saved',
> > true));
>
> >              } else {
> >                  $this->Session->setFlash(__('Passwords Do not Match',
> > true));
> >                           $this->data = null;
> >              }
> >          }
> > }
>
> > User Model
> > Validation rules:
>
> > ...
> > 'password' => array(
> >                        'pass-notempty' => array(
> >                                'rule' => array('notempty'),
> >                                'required' => true,
> >                                'allowEmpty' => false,
> >                                'message' => 'Password cannot be empty.',
> >                                'last' => true),
>
> >                        'pass-length' => array(
> >                                'rule' => array('minLength', 8),
> >                                'message' => 'Password must be minimim 8
> > characters.',
> >                                'last' => true),
>
> >                        'pass-Similar' => array(
> >                                'rule' => 'checkPasswords',
> >                                'message' => 'Different password entered.',
> >                                'last' => true)
> >                        ),
>
> >                'confirm' => array(
> >                        'confirm-notempty' => array(
> >                                'rule' => array('notempty'),
> >                                'required' => true,
> >                                'allowEmpty' => false,
> >                                'message' => 'Pleae confirm your password.')
> >                        ),
>
> > ...
>
> > function checkPasswords()
> >        {
> >                  if($this->data['User']['password'] ==
> > $this->data['User']['confirm'])
> >                {
> >                          // Passwords match
> >                          return true;
> >                }
> >        }
>
> > -----Original Message-----
> > From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
> > Sent: September-29-09 3:46 PM
> > To: cake-php@googlegroups.com
> > Subject: RE: Change Password
>
> > Ok cool will give it a try.
>
> > Dave
> > -----Original Message-----
> > From: Miles J [mailto:mileswjohn...@gmail.com]
> > Sent: September-29-09 3:40 PM
> > To: CakePHP
> > Subject: Re: Change Password
>
> > I dont think hash() adds the security salt, you must use Auth->password ().
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: