Wednesday, July 27, 2011

Re: CakePHP 2.0 Auth

Just a thought. If you have dragged the whole user record back that includes the hashed password and is then included in an array as part of a save function even if it hasn't been changed, will this beforeSave function not rehash the already hashed password?

Jeremy Burns
Class Outfit

http://www.classoutfit.com

On 27 Jul 2011, at 03:18, Meroe Kush wrote:

Disregard my last post please.....
 
As soon as I hit send I found this:
 
Hashing passwords
AuthComponent no longer automatically hashes every password it can find. This was removed because it made a number of common tasks like validation difficult. You should never store plain text passwords, and before saving a user record you should always hash the password. You can use the static AuthComponent::password() to hash passwords before saving them. This will use the configured hashing strategy for your application.
After validating the password, you can hash a password in the beforeSave callback of your model:
<?php
class User extends AppModel {
    function beforeSave($options = array()) {
        $this->data['User']['password'] = AuthComponent::password($this->data['User']['password']);
        return true;
    }
}
 

-- 
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)