Jump to content

CakePHP using Auth, user password gets changed?


Jessica

Recommended Posts

I'm using CakePHP 2.2 with the built-in Auth component. I can add a user, login, etc that all works fine. When I try to save an update to the user, the password gets overwritten with a new hash, I assume the hash of the previous hash. 

 

<?php
Class MyController extends AppController{
   function doStuff($newStuff){
            $this->User->read(NULL, $this->user_id);
                $this->User->set('stuff', $newStuff);
                $this->User->save();
   }
}

 

 

 

I can't figure out how I'm supposed to prevent the password from getting updated. 

 

Here's AppController in case that helps.

class AppController extends Controller {

    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
        )
    );
    
    public function beforeFilter(){
        parent::beforeFilter();
        $this->user_id = $this->Auth->user('user_id');
        if($this->user_id){
            $username = $this->Auth->user('username');
       $this->set('username', $username);
        }
    }
}

 

 

 

This is very generic code right now, with no extra processing for sanitizing etc, just trying to get the password to stop being overwritten.

Edited by Jessica
Link to comment
Share on other sites

My bad, I forgot I had put the password hashing code in myself.

class User extends AppModel {
     public function beforeSave($options = array()) {
	if (isset($this->data[$this->alias]['password'])) {
		$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
	}
	return true;
}
}

 

I'll figure out what I need to do from here. 

Link to comment
Share on other sites

I would actually create a flag in your $options (beforeSave()), whether or not to hash the password. Depending on what action you're on, and whether the user is authorized or not, you should be able to know if you need to hash the password or not. Changing the view to work around this is kind of hackish, in my humble opinion.

Link to comment
Share on other sites

  • 2 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.