Validate Password Before Hashing It

Yii 1.1 General Discussion
1

Hello,

i have made an crud to add users to my application, and made a model which is checking if the password length is higher than 6, but before im saving my password i’am hashing it with the md5 wich will make it pass always.

model




            array('password', 'length', 'min' => 6),

controller




        if (isset($_POST['Users'])) {

            $model->attributes = $_POST['Users'];

            $model->validate();

            $model->Password= md5($model->Password);


            if ($model->save())

                $this->redirect(array('view', 'id' => $model->id));

        }

but it will always pass because the password will be hased to a 32 character long string,

how can i validate the original input string, but still insert the hashed string to the database?

Thanks in advance.

2

You’re validating without checking the return value. Also: I’d rather hash the password in the model’s [font=“Courier New”]beforeSave()[/font] method. Also 2: MD5 is not safe for this purpose.

3

  1. how do i do this?

  2. this is just a school project and will never go live, so i dont have to do anything fancy, just a hash so it isnt plain text.

thanks allot.

4

Ad 1: Just overwrite CActiveRecord.beforeSave() in your model. It’ll be called after validation has been passed. Don’t forget to [font=“Courier New”]return parent::beforeSave()[/font] in the end!

Ad 2: Ok, just checking. I still see MD5 hashes for passwords quite a lot. And given that google makes a formidable rainbow table for sha1 and md5 hashes … ;)

Edit: I forgot to mention this: Unless [font="Courier New"]save()[/font] is being called with [font="Courier New"]false[/font] as its only parameter, it will invoke [font="Courier New"]validate()[/font] itself and return [font="Courier New"]false[/font] if validation fails.