I have the following code:


		public function afterValidate($scenario){


		$pass = md5(md5($this->PASSWORD).Yii::app()->params["salt"]);


		$this->PASSWORD = $pass;


You can understood on your own, that thus I change $this->PASSWORD and everything is proper if it gets in the database. However, if you have errors, you will get back to the form, but the password field will consist of the md5 hash.

What do I miss?


You should do that in beforeSave().

Qiang, I don't think I should do it on beforeValidate, because actually I am using validate() to validate the data, so afterValidate is the one in my view. The problem is that everything is okay if we validation passes. Otherwise, it returns the value back.

Now, I tried and if it is on beforeValidate, it doesn't submit the form nevertheless everything is okay. If it is on after, it's okay, but then, if there are any input errors, the PASSWORD fields consists of the md5 hash when we are redirected back to the form.

It’s beforeSave. ;)

another way is to store the salt with the record, e.g.

$this->salt = getRandomSalt();

$this->password = md5($this->password.$this->salt);