Prevent To Display Password In Crud

Hi

How can I prevent to fetch a field like password from model ?

A way to do that is to override the afterFind() method of the Model like that


function afterFind(){

$this->password =null;

parent::afterFind();

}



Everything workd fine, all the views not display this field but I cannot get the password (because set null) to Identify the user on login action. (UserIdentity)

I don’t want just to remove the code in view files but I want to prevent from Model to give the value of password.

Also I want a robust way (without trick) to do that

Is it possible ?

Thanks

Dear Friend

I hope the following would be helpful.




public function actionUpdate($id)

        {

        $model=$this->loadModel($id);

        $oldPassword=$model->password;//Capture the old password.

        $model->password='';//Make this empty.else the hashed password appears as string of dots in form field.

                

                if(isset($_POST['User']))

                {

                        $model->attributes=$_POST['User'];


                        if($model->password=="")

                            $model->password=$oldPassword;

                        else $model->password=md5($model->password);//customize the encrypting logic in your own way.You can put some additional salt.


                        if($model->save())

                                $this->redirect(array('view','id'=>$model->id));

                }


                $this->render('update',array(

                        'model'=>$model,

                ));

        }




Regards.

Hi again Seenivasan

I assume I have to write code for other actions like index, view, admin etc and set the password to empty right?

for example


    public function actionView($id) {

        $model = $this->loadModel($id);

        $model->password=''; //my code here

        $this->render('view', array(

            'model' => $model,

        ));

    }



Thanks for your suggestion :)

Dear Friend

We can do the following to obtain it globally without any hassles.

Declare a virtual property .




public $oldRecord;






function afterFind()

{       

        $this->oldRecord=clone $this;

        $this->password =null;

        return parent::afterFind();

}



At any point we can access the old value like this.




$model->oldRecord->password;



It is available till this $model enters again into the database.

Here infact we are creating a copy of entire object.

This is useful if we are intensively doing something on many attributes.

If we are interestesd in doing something with only one attribute, we can do the following.




public $oldPassword;






function afterFind()

{       

        $this->oldPassword=$this->password;

        $this->password =null;

        return parent::afterFind();

}



we can access the old password value like this




$model->oldPassword;



Regards.

Thank seenivasan

I prefer the way to store the password to another variable in afterFind() (public $oldPassword;)

Now I check the password in authenticate() method of UserIdentity class like that


if($record->oldPassword!== $this->password) {..give access..}



:)