Chapter 7

  • perform one-way encryption on the password before we store it in

    the database


    protected function afterValidate()


      $this->password = $this->encrypt($this->password);


    public function encrypt($value)


      return md5($value);


this solution dont seem to be good, instead:

I believe it is correct.

The one you posted is worried about the password being empty with if (!empty($this->password).

What the function afterValidate() does is encrypt the password after validation! After it check the rules(), and if you followed the chapter there are rules that check that the password is required.

After checking the password is not empty with rules() then the afterValidate() function is executed therefore it’s almost the same logic as if (!empty($this->password).


So in other word:

public function rules()


	// NOTE: you should only define rules for those attributes that

	// will receive user inputs.

	return array(

		array('password', 'compare'),

		array('password_repeat', 'safe'),

		array('email, username, password', 'required'),

		array('email, username, password', 'length', 'max'=>256),

		array('email, username', 'unique'),

		// The following rule is used by search().

		// Please remove those attributes that should not be searched.

		array('id, email, username, password, last_login_time, create_time, create_user_id, update_time, update_user_id', 'safe', 'on'=>'search'),



This function, rules(), is executed first and then aftervalidate().

array(‘email, username, password’, ‘required’) <— this makes sure that password is not empty.


BTW all these code snippets are in User Model AR.

I don’t think its necessary to use beforeSave since the data are being validated first.

Sorry to dig up this conversation, but I’m adding something to the 1st post comment :

The book method lacks an information : the afterValidate() method is executed after the validation… event when there is errors in the validation.

When you make an intranet software and admin can see users password, if the password confirmation fails they will get back the form with the encrypted password… :wink:

Here’s what I’ve done :

protected function afterValidate()





		$this->motdepasse = $this->encrypt($this->motdepasse);