Jessica Posted January 21, 2013 Share Posted January 21, 2013 I'm using CakePHP 2.2 with the built-in Auth component. I can add a user, login, etc that all works fine. When I try to save an update to the user, the password gets overwritten with a new hash, I assume the hash of the previous hash. <?php Class MyController extends AppController{ function doStuff($newStuff){ $this->User->read(NULL, $this->user_id); $this->User->set('stuff', $newStuff); $this->User->save(); } } I can't figure out how I'm supposed to prevent the password from getting updated. Here's AppController in case that helps. class AppController extends Controller { public $components = array( 'Session', 'Auth' => array( 'loginRedirect' => array('controller' => 'posts', 'action' => 'index'), 'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home') ) ); public function beforeFilter(){ parent::beforeFilter(); $this->user_id = $this->Auth->user('user_id'); if($this->user_id){ $username = $this->Auth->user('username'); $this->set('username', $username); } } } This is very generic code right now, with no extra processing for sanitizing etc, just trying to get the password to stop being overwritten. Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/ Share on other sites More sharing options...
Jessica Posted January 21, 2013 Author Share Posted January 21, 2013 My bad, I forgot I had put the password hashing code in myself. class User extends AppModel { public function beforeSave($options = array()) { if (isset($this->data[$this->alias]['password'])) { $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']); } return true; } } I'll figure out what I need to do from here. Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1407334 Share on other sites More sharing options...
jazzman1 Posted January 22, 2013 Share Posted January 22, 2013 Just, change the name of the password filed in your view, let's say from "password" to "passwd". After that change that line: $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['passwd']); Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1407459 Share on other sites More sharing options...
Jessica Posted January 22, 2013 Author Share Posted January 22, 2013 That is sort of what I did. I was going to post the finished solution once I fixed the view for editing the user, but haven't gotten around to it. Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1407464 Share on other sites More sharing options...
shlumph Posted January 22, 2013 Share Posted January 22, 2013 I would actually create a flag in your $options (beforeSave()), whether or not to hash the password. Depending on what action you're on, and whether the user is authorized or not, you should be able to know if you need to hash the password or not. Changing the view to work around this is kind of hackish, in my humble opinion. Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1407494 Share on other sites More sharing options...
jazzman1 Posted January 26, 2013 Share Posted January 26, 2013 Make sure, that your password field does not hash empty values before save data to db. Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1408420 Share on other sites More sharing options...
idleog Posted April 17, 2013 Share Posted April 17, 2013 use $this->User->savefield(..) instead of $this->User->set(..);$this->User->save(..) Link to comment https://forums.phpfreaks.com/topic/273443-cakephp-using-auth-user-password-gets-changed/#findComment-1425346 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.