In page 159, password encryption functionality is added using CActiveRecord::afterValidate() method. I’m pondering about the alternative way of implementing encryption in UserController::actionCreate().
Besides the educational purpose of showing us the afterValidate() method, what are the pros and cons of both places?
Well, after validate is good place, because you crypt after it passed all validations. Also I like idea of keeping everything related to model in model so this is another reason.
Off course you could encrypt your password in controller, after it pass(if) validation, but I like more solution explained in book.
It makes sense that the encryption is performed within the model, as how the model encrypts it’s passwords is something for the model to encapsulate and not a controller, which is primarily about routing data, to handle. So, for example you may wish to create users in a few places and not have to add the logic to hash the password in each of those places. Might be worth just reading about MVC architecture to remind yourself about the responsibilities of the Models, Views and Controllers.