encrypted user login


I’m new at Yii, so maybe I’m doing something totally wrong if so please excuse a newbie.

My User model’s before save looks like this:

public function beforeSave() {

    $this->password = md5($this->password);

    return true;


And my UserIdentity looks like this:

else if(md5($this->password)!==$user->password)


But every time I try to login with a user created with the beforeSave code applied, my password seems incorrect.

I’ve checked, the password created is encrypted before it’s inserted to the db, and if i disable my beforeSace function and don’t md5 the user input in my User model, I can login just fine…

Help would very much be appriciated :)



  • aka larste

This way hashing occurs each time before model is saved to database – even if the password is hashed already!

You might want to check if the record is new ($this->isNewRecord) and provide a mechanism to check whether the password is changed so you can rehash it.

In similar cases I create a setPassword($value) method in the model, so I can hash the password on-the-fly:

public function setPassword($value)




Please note that you have to call parent implementation in beforeSave() if you want to use it:

public function beforeSave($on)



   return parent::beforeSave($on);


It’s still the same, I can’t login. I can see in the database that the passwords are hashed before inserted. The strange thing is if I use the blog example database from the Yii tutorial, i can login just fine with the demo/demo user from the example database.

(In the example database, there is a user with the password hashed)


As I mentioned I firmly believe that the password is hashed twice. Could you please share your test password and the corresponding hash so we can confirm? If it is sensitive, just make sure the hash is correct using the following tool for example:


Yup, i did hash the string twice, now i fixed it and it works like a charm :)

Thanks for your help