saving passwords


(Mjkulet) #1

Hi. I created a model ‘User’, which contains id,username,password. I want it to save the password hashed, so I created a public function ‘hashPassword’ for this. I created a ‘beforeSave’ public function ,in accordance to my understanding in the documentation, which will call the hashPassword before proceeding to saving. However, passwords are still saved as is.

Here are the details:


//User.php

public function hashPassword($password,$salt)

    {

        return md5($salt.$password);

    }


//UserController.php

public function beforeSave()

	{

	

	   if (parent::beforeSave())

	   {

	

	      if ($this->isNewRecord)

	      {

	         $this->password = User::hashPassword($this->password,'s0m3s@Lt');

	      }

	      

	      return true;

	

	   }

	

	}

Maybe my codes are incorrect,or I placed the functions in an incorrect file, or both…which is more likely.

I am a newbie, please make it simple for me :)


(Maurizio Domba Cerin) #2

beforeSave() is a method of CActiveRecord - http://www.yiiframework.com/doc/api/1.1/CActiveRecord#beforeSave-detail

You put you function in the controller and that’s why it does not get called…

put it in user.php and it should work…


(Avchukhov) #3

Also

call User::hashPassword() is incorrect


(Maurizio Domba Cerin) #4

If beforeSave() and hashPassword are both in User.php than you call it with

$this->hashPassword(…)


(Tomasz) #5

Why? You have to turn strict error reporting in php.ini to have errors like this (calling statically a non static function) to be reported. But with default php.ini configuration, strict error reporting is turned off and above code should be executed without problems (although it is a bad idea to call like that non static function).


(Cniska) #6

I agree that it’s incorrect to call a method statically if it isn’t declared static. Even though you don’t get any errors it doesn’t mean that the code is correct. Maybe it’s just me being a perfectionist. :)


(Mjkulet) #7

Thank you guys for your help, the password saved is now hashed!

I am amazed how fast and accurate you guys respond :)

Where can I tag this post as solved? ;)


(Tomasz) #8

It’s not only you, Chris! :) Turning on E_STRICT error reporting in php.ini is among first things I do for each larger project! :)


(Tomasz) #9

We are trying to do our best! :) The truth is that being active member of Yii community is like using all the advantages of collective knowledge (hhhh… we’re the Borg, you will be assimilated! :P). As someone (probably jacmoe! :P) pointed out somewhere here, it is always a pleasure (feeling that you can help is a quite nice thing, at least for me) and this is something both sides profit from. Not only the one that asks, but also the person, who answers - as he or she may start to see things he/she would never do without help form second side.

Wow! That is completely off-topic! :P

Common, but not written rule is to add [Solved] at the beginning of topic title. In this forum you can change topic title with every edit or addition of a new post to it. Try it! :) And good luck with wonderful Yii! :)


(Maurizio Domba Cerin) #10

Some users has a habit to put [SOLVED] in the forum title… but as I see this… it’s not needed… as it happens that a solved thread gets “reopened”… for example someone with a similar problem post a question in that thread and the posting continues to solve this similar problem… in that case the [SOLVED] in the title is misleading…

and anyway… as this community is getting bigger and better every day… it’s very rare to have un-solved posts… so in the end there would be a list of posts all beginning with [SOLVED]…


(Tomasz) #11

Yes, you are right. I haven’t thought about this that way. Even if some one reopens a solved topic, there is 99% chance he or she forgot to remove [SOLVED] part from a title.

Then maybe we make common, but not written rule that to mark topic as solved, its initiator will write in a last (for that moment) post a simple thank you and short info that the problem was solved? :]

P.S.: I mislead some people. To edit thread topic, one need to edit first (not any) post in it - this way topic can be changed only by thread’s creator, not by anyone.


(Matteo Falsitta) #12

That’s a very strong affermation, anyway I can quote!


(Maurizio Domba Cerin) #13

At least there are very very few unanswered posts… :)


(Tomasz) #14

Well, then… why most of them are mine? :P :P :P

Like those:

  • Oracle column names case-sensitivity
  • ChoiceFormat and truly PHP evaluation?
  • Menu active state lost when using modules?

It drives me a little bit crazy, that there are no answers to those, as they are somehow key problems to my current app! :confused:

But, to be honest, as you said. I never met any other forum before, that would have that small factor of unanswered posts and where community would be so warm and helpful!


(Maurizio Domba Cerin) #15

Could be that you have really specific problems that others has not encountered or even used until now :)


(Tomasz) #16

I can agree with you about ChoiceFormat and truly PHP evaluation? but not with Menu active state lost when using modules? as it is (at least for me) so obvious problem, that I was kind of surprised that I did not noticed anything interesting in this matter in the forum. Don’t tell me that I’m first here, who used menu for accessing modules and submodules! :)


(Matteo Falsitta) #17

I did it, and I had no problem

I just set active with some logic expression based on the actual controller and view, and all always worked fine.

I never used the extension you mentioned, always used bare CMenu.

Anyway, or is a ccs problem or is an expression problem, I think that there are no other options.


(Maurizio Domba Cerin) #18

we are here too deep OT… I answered you on the menu topic :D

Edit:

I wrote “not encountered” first… only then “or even used” ;)


(Tomasz) #19

Yes I agree! :) We should end this conversation, before we get busted by Qiang or other forum members for doing off-topic chitchat! :) :P


(Doru Paraschiv) #20

Hi all,

I see the hashing happens only on new record.

What if I want to update the password? How would you do it?

Doru