[SOLVED]Password Encryption

Yii 1.1 General Discussion
1

I Want to store the password in encrypted form inside my db.

I have gone through some forum topics and i was not able to solve the problem using that method.


$password=md5($password)

Because i am storing password from a form of another model and i am storing it inside the userinfo model using a function inside controller

So here is my controller code where i store password from a model to another




public function actionRegister()

{

    $model=new PsmsEmpInfo('register');

    // uncomment the following code to enable ajax-based validation

  

    if(isset($_POST['ajax']) && $_POST['ajax']==='psms-emp-info-register-form')

    {

        echo CActiveForm::validate($model);

        Yii::app()->end();

    } 

	 

    if(isset($_POST['PsmsEmpInfo']))

    {

        $model->attributes=$_POST['PsmsEmpInfo'];

		

		$valid=$model->validate();




        if($valid)

        {

			 $model->save(false);

			 

			 $model2=new PsmsUserAccInfo;

			 

			 $model2->username=$model->mobilenumber;

			 

			 $model2->password=$model->mobilenumber;

			

			$model2->save(false);


           if($model->save() )

				$this->redirect(array('view','id'=>$model->empid));

            return;

        }

    }

    $this->render('register',array('model'=>$model));

	

	

}
2

Firstly, you must understand some basic terminology.

Encryption is different then hashing,

In an encryption you turn the data into something else that can be decrypted in order to get the original data back.

In a hash its a one way street. Hash is a mathematical function that can take any amount of data and calculate its hash value, which is alway 32 characters in size using md5 has algorithm. So natuarally its a one way street and you are not going to be able to turn it back from the hash value. This is a good way to store your password, cuz in the event that your database is compromised, the user’s passwords will still be safe.

Anyways, now for the problem, you will need to do something like the following :




 //i am going to skip the codes before, this is the code in the if ($valid) block

$model2=new PsmsUserAccInfo;

$model2->username=$model->mobilenumber;

$model2->password=md5($model->mobilenumber);// storing the hash instead of the original password

if($model->save(false) && $model2->save(false)) //false for disabling validation.

          //do the redirect

else

          die('either $model or $model2 havn\'t been successfully saved <img src='http://www.yiiframework.com/forum/public/style_emoticons/default/sad.gif' class='bbc_emoticon' alt=':(' />');

Firstly : You might want to add some random salt to the password when hashing. Unless the passwords are longer then 7 characters (7 character hash’s database are pretty common on the web, so easily crackable)

Secondly: Why do you use mobile number for password, not a safe bet.

Thirdly: you have already saved $model, why save it again?? In my code i saved both at the same time in the code.

Any problem??/

cheersz…

mursi

3

Thanx a lot for the explaining it to me.

4

1.How can i add some random salt to the password?

  1. Yep even i know that but my boss wants it like that… ;)

3.Thanx a lot for making it more logically correct.

For decrypting i did

inside authenticate function


 

else if ($user->password !==md5($this->password)) 

{

		         $this->_id=$this->username;

Thanx a lot for the help… :)