tags:

views:

297

answers:

2
Q: 

sfDoctrineGuard question

Hi,

I'm trying to do a "i forgot my password" functionality. My problem is that if i try to do a Doctrine query and send password to email it retrieves password encrypted. I look at some webs that DoctrineGuard don't have this functionality and only have register and login functionality.

Is it true?

In this case, how i can do a remember password function?

thanks

+1  A: 

Password are hashed and then save to the database, thus you can't recover the password once it has been saved.

There are several ways you can create a "password lost" function :

  • Send a new password by email (not really secure but some people like it anyway)
  • Send the user an email with a reset password link (and a unique token), which either gives the user a new password, or allow the user to enter a new password.
DuoSRX  2010-04-26 17:59:00
Where you say that first method is not secure?In second method you say... set a random password, send it in a link like.... user/reset/xdErDerfEFe where "xdErDerfEFe" is token and in that action do a select where password = that... and allow change after?
nebur85  2010-04-26 21:31:21
The first method is less secure because if for example someone has access to the user inbox he can see his new password whereas with the second method, the token is only used once and then is useless after the password have been changed.
DuoSRX  2010-04-27 07:20:38
I try to do something like...1)Put password and if username is registered do a random password and do setpassword.2) It send a email like... 'username/password/xxxx' where xxx is generanted password3) If you click then try to find a username with this password.My problem is that password is encrypted and i can't find how is real encripted password :(Do you understand me?
nebur85  2010-04-27 13:12:50
it works OK. it's my fault :(
nebur85  2010-04-28 13:16:53
A: 

If I recall reading right, the sfDoctrineGuard doesn't have a "getPassword" method that would do what it needs to... retrieve the password unencrypted.

I'm using DuoSRX's first recommendation: creating a new password, saving it with $user->setPassword (which handles salting & hashing automatically), and emailing it to the user. The user is then advised to login and create a new password.

Tom  2010-04-26 22:50:54

related questions

can you begin a mysql statement with "IF"?
implementing "update if exists" in Doctrine ORM
How much should doctrine record do?
Doctrine_RawSql custom Select
Doctrine raw sql and prepared statements
Complex WHERE clauses using the PHP Doctrine ORM
Doctrine Named Queries: Specifing limit on query call
Integrate Doctrine with Zend Framework 1.8 app
Why overriding Doctrine_Record::save() give me a strict standard error in Symfony 1.2 ?
Can Doctrine generated models have a prefix?
[Doctrine] Can fixtures "copy" items from other fixtures?
Why am I getting "validator failed" one a save with Doctrine on Symfony 1.2 ?
Updating textfield in doctrine produces an exception
Doctrine profiler does not catch queries
Symfony - How can I insert behaviors in my doctrine migrations ?
How to add ORM to a PHP legacy project?
How can I allow Duplicate Records in a Doctrine Collection
Should a company enforce the use of a single architecture across all development efforts?
Join Table On Self using Doctrine (DQL)
Unit testing Doctrine objects with PHPUnit
Can you generate a migration from an existing table with Doctrine?
Why is PHP Doctine's free() not working?
Why is doctrine returning more fields than I asked for?
What's your experience with Doctrine ORM?
Search strategies in ORMs