Jump to content


Photo

CakePHP using Auth, user password gets changed?


  • Please log in to reply
6 replies to this topic

#1 Jessica

Jessica

    This is not my name.

  • Gurus
  • 8,982 posts
  • LocationDallas, TX
  • Age:26

Posted 21 January 2013 - 02:29 PM

I'm using CakePHP 2.2 with the built-in Auth component. I can add a user, login, etc that all works fine. When I try to save an update to the user, the password gets overwritten with a new hash, I assume the hash of the previous hash. 

<?php
Class MyController extends AppController{
    function doStuff($newStuff){
            $this->User->read(NULL, $this->user_id);
                 $this->User->set('stuff', $newStuff);
                 $this->User->save();
    }
}



I can't figure out how I'm supposed to prevent the password from getting updated. 

Here's AppController in case that helps.
class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
        )
    );
    
    public function beforeFilter(){
        parent::beforeFilter();
        $this->user_id = $this->Auth->user('user_id');
        if($this->user_id){
            $username = $this->Auth->user('username');
        $this->set('username', $username);
        }
    }
}



This is very generic code right now, with no extra processing for sanitizing etc, just trying to get the password to stop being overwritten.

Edited by Jessica, 21 January 2013 - 02:30 PM.

My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

#2 Jessica

Jessica

    This is not my name.

  • Gurus
  • 8,982 posts
  • LocationDallas, TX
  • Age:26

Posted 21 January 2013 - 03:07 PM

My bad, I forgot I had put the password hashing code in myself.
class User extends AppModel {
     public function beforeSave($options = array()) {
		if (isset($this->data[$this->alias]['password'])) {
			$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
		}
		return true;
	}
}

I'll figure out what I need to do from here. 
My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

#3 jazzman1

jazzman1

    Advanced Member

  • Gurus
  • 2,598 posts
  • LocationMississauga, Canada

Posted 22 January 2013 - 07:12 AM

Just, change the name of the password filed in your view, let's say from "password" to "passwd".

After that change that line:

$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['passwd']);


#4 Jessica

Jessica

    This is not my name.

  • Gurus
  • 8,982 posts
  • LocationDallas, TX
  • Age:26

Posted 22 January 2013 - 07:43 AM

That is sort of what I did. I was going to post the finished solution once I fixed the view for editing the user, but haven't gotten around to it.
My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

#5 shlumph

shlumph

    Advanced Member

  • Members
  • PipPipPip
  • 576 posts
  • LocationNew Hampshire

Posted 22 January 2013 - 10:51 AM

I would actually create a flag in your $options (beforeSave()), whether or not to hash the password. Depending on what action you're on, and whether the user is authorized or not, you should be able to know if you need to hash the password or not. Changing the view to work around this is kind of hackish, in my humble opinion.
whether you think you can, or can't, you're right -HF
Visit my website or github

#6 jazzman1

jazzman1

    Advanced Member

  • Gurus
  • 2,598 posts
  • LocationMississauga, Canada

Posted 26 January 2013 - 03:02 PM

Make sure, that your password field does not hash empty values before save data to db.

#7 idleog

idleog

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 17 April 2013 - 09:30 AM

use $this->User->savefield(..) instead of $this->User->set(..);$this->User->save(..)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com