tags:

views:

70

answers:

2
+1  Q: 

Validate passwords with CakePHP 1.3

How do I run validation checks on a password field in CakePHP, seeing that the password is hashed before I get a chance to run any checks on it?

A: 

It works this way for me (in the model): 

  public $validate = array(
        'password' => array(
            'minLength' => array(
                'rule' => array('minLength', '8')
            )
         )
    );

If you want to do more validations then create a custom validation method in the appropriate model. In the custom validation method hash password this way: Security::hash($this->data['User']['password'], null, true)

bancer  2010-06-30 22:54:36
Of course this works, as it **ALWAYS** will since the password is hashed prior to validation and the hash is always longer than 8 characters. This does nothing to enforce the unhashed password being 8 characters or longer. Try testing your form with a single digit password - it will validate.
Abba Bryant  2010-07-05 03:20:44
Actually, I had to mention that I have 'confirm_password' field in the same form with the same validation rule. I created this form so long time ago that I forgot that I labeled it 'Password' in the views and the real field 'password' I labeled 'Confirm password'. So, when I enter one character for the password validation fails.
bancer  2010-07-05 10:01:14
+2  A: 

If you only have a single password field in your form, you will need to create a custom hash function that either does nothing, or, better, preserves the original password somewhere.

Most likely though you have two password fields in your form where the user is required to confirm the password. In this case, you perform your password validation rules on the second password field. This can automatically happen in a custom validation rule, remember that you have access to all other fields inside a validation function via $this->data. You can then confirm that the two passwords are identical as described here.

deceze  2010-06-30 23:05:07
The problem I seem to have is that the password is hashed before it gets to the validation stage, so that the validations that i run only only apply to the hashed password.
chustar  2010-07-01 00:05:24
@chustar That's why you do the validation **on the `password2` field,** which is not automatically hashed.
deceze  2010-07-01 00:07:56
This blog post details how to create a custom hash function, as deceze mentions, to work around this issue: http://teknoid.wordpress.com/2008/10/08/demystifying-auth-features-in-cakephp-12/ (Start reading from the second code example.)
deizel  2010-07-01 21:41:31

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases