Jump to content

CakePHP using Auth, user password gets changed?

Jessica

By Jessica
in Frameworks

 Share

Recommended Posts

Jessica Advanced Member

Jessica

Posted
Posted (edited)

I'm using CakePHP 2.2 with the built-in Auth component. I can add a user, login, etc that all works fine. When I try to save an update to the user, the password gets overwritten with a new hash, I assume the hash of the previous hash. 

 

<?php
Class MyController extends AppController{
   function doStuff($newStuff){
            $this->User->read(NULL, $this->user_id);
                $this->User->set('stuff', $newStuff);
                $this->User->save();
   }
}

 

 

 

I can't figure out how I'm supposed to prevent the password from getting updated. 

 

Here's AppController in case that helps.

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
        )
    );
    
    public function beforeFilter(){
        parent::beforeFilter();
        $this->user_id = $this->Auth->user('user_id');
        if($this->user_id){
            $username = $this->Auth->user('username');
       $this->set('username', $username);
        }
    }
}

 

 

 

This is very generic code right now, with no extra processing for sanitizing etc, just trying to get the password to stop being overwritten.

Edited by Jessica
Jessica Advanced Member

Jessica

Posted
  • Author
Posted

My bad, I forgot I had put the password hashing code in myself.

class User extends AppModel {
     public function beforeSave($options = array()) {
	if (isset($this->data[$this->alias]['password'])) {
		$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
	}
	return true;
}
}

 

I'll figure out what I need to do from here. 

jazzman1 Member

jazzman1

Posted
Posted

Just, change the name of the password filed in your view, let's say from "password" to "passwd".

 

After that change that line:

 

$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['passwd']);

shlumph Member

shlumph

Posted
Posted

I would actually create a flag in your $options (beforeSave()), whether or not to hash the password. Depending on what action you're on, and whether the user is authorized or not, you should be able to know if you need to hash the password or not. Changing the view to work around this is kind of hackish, in my humble opinion.

  • 2 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.