Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

CakePHP using Auth, user password gets changed?

Started by Jessica, Jan 21 2013 02:29 PM

Please log in to reply

6 replies to this topic

#1 Jessica

The Web Mason

Gurus
8,760 posts

LocationDallas, TX
Age:26

Posted 21 January 2013 - 02:29 PM

I'm using CakePHP 2.2 with the built-in Auth component. I can add a user, login, etc that all works fine. When I try to save an update to the user, the password gets overwritten with a new hash, I assume the hash of the previous hash.

<?php
Class MyController extends AppController{
    function doStuff($newStuff){
            $this->User->read(NULL, $this->user_id);
                 $this->User->set('stuff', $newStuff);
                 $this->User->save();
    }
}

I can't figure out how I'm supposed to prevent the password from getting updated.

Here's AppController in case that helps.

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
        )
    );
    
    public function beforeFilter(){
        parent::beforeFilter();
        $this->user_id = $this->Auth->user('user_id');
        if($this->user_id){
            $username = $this->Auth->user('username');
        $this->set('username', $username);
        }
    }
}

This is very generic code right now, with no extra processing for sanitizing etc, just trying to get the password to stop being overwritten.

Edited by Jessica, 21 January 2013 - 02:30 PM.

My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

Back to top

#2 Jessica

The Web Mason

Gurus
8,760 posts

LocationDallas, TX
Age:26

Posted 21 January 2013 - 03:07 PM

My bad, I forgot I had put the password hashing code in myself.

class User extends AppModel {
     public function beforeSave($options = array()) {
		if (isset($this->data[$this->alias]['password'])) {
			$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
		}
		return true;
	}
}

I'll figure out what I need to do from here.

My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

Back to top

#3 jazzman1

Advanced Member

Members
1,159 posts

LocationMississauga, Canada

Posted 22 January 2013 - 07:12 AM

Just, change the name of the password filed in your view, let's say from "password" to "passwd".

After that change that line:

$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['passwd']);

Back to top

#4 Jessica

The Web Mason

Gurus
8,760 posts

LocationDallas, TX
Age:26

Posted 22 January 2013 - 07:43 AM

That is sort of what I did. I was going to post the finished solution once I fixed the view for editing the user, but haven't gotten around to it.

My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

Back to top

#5 shlumph

Advanced Member

Members
574 posts

LocationNew Hampshire

Posted 22 January 2013 - 10:51 AM

I would actually create a flag in your $options (beforeSave()), whether or not to hash the password. Depending on what action you're on, and whether the user is authorized or not, you should be able to know if you need to hash the password or not. Changing the view to work around this is kind of hackish, in my humble opinion.

whether you think you can, or can't, you're right -HF
Visit my website or github