Home/ Questions/Q 6730067
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T10:21:50+00:00

the following code is not able to hash the user’s password, and it stores

  • 0

the following code is not able to hash the user’s password, and it stores the password in clear text in the database. After changing the password, I am unable to log in as the password needs to be in hash.
The following code is in my model.

'password_confirm'=>array(  
        'compare'    => array(
            'rule'      => array('password_match', 'password', true),
            'message'   => 'Password does not match',
            'required'  => true,
        ),
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Confirm password is empty',
            'allowEmpty' => false,
            'required' => true)
    ),

    'password'=>array(
        'notempty' => array(
            'rule' => array('notempty'),
            'message' => 'Password is empty',
            'allowEmpty' => false,
            'required' => true)
    )

function password_match($data, $password_field, $hashed = true)
    {
        $password         = $this->data[$this->alias][$password_field];
        $keys             = array_keys($data);
        $password_confirm = $hashed ?
              Security::hash($data[$keys[0]], null, true) :
              $data[$keys[0]];
        return $password === $password_confirm;
    }

The following code is in my user_controller

function change_password(){
        #CURRENTLY NOT WORKING
    $this->layout = "mainLayout";
    $in_user_id = $id = $this->Auth->user('id');

    if($this->data){
        $this->User->validate['password_confirm']['compare']['rule'] =
        array('password_match', 'password', false);

        $this->User->set($this->data);
        $this->User->useValidationRules('ChangePassword');
        if($this->User->validates()){
            $this->data['User']['id']=$in_user_id;
            $this->User->save($this->data,array('validate'=>false));
        }
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your model and validation function are only checking that the password and confirm_password inputs match. At no point does it alter the data to hash the input value.

    After you validate your input, and before you save your model, you need to hash the password input. Something like this:

    $this->data[ 'User' ][ 'Password' ] = Security::hash( $this->data[ 'User' ][ 'Password' ], null, true );
    • 0