In page 159, password encryption functionality is added using CActiveRecord::afterValidate() method. I’m pondering about the alternative way of implementing encryption in UserController::actionCreate().
Besides the educational purpose of showing us the afterValidate() method, what are the pros and cons of both places?
It makes sense that the encryption is performed within the model, as how the model encrypts it’s passwords is something for the model to encapsulate and not a controller, which is primarily about routing data, to handle. So, for example you may wish to create users in a few places and not have to add the logic to hash the password in each of those places. Might be worth just reading about MVC architecture to remind yourself about the responsibilities of the Models, Views and Controllers.