CakePHP not hashing password before adding to MySQL

2
votes

add in UsersController.php

public function add() {
    if ($this->request->is('POST')) {
        if ($this->confirmPass()) {
            //Want false
            if (!$this->validateSQL('username', 'add')) {
                $this->Session->write('User.username', strtolower('User.username'));
                //Want false
                if (!$this->validateSQL('email', 'add')) {
                    $this->Session->write('User.email', strtolower('User.email'));
                    $this->User->create();
                    if ($this->User->save($this->request->data)) {
                        $this->Session->setFlash(__('Your account has been created'), 'flash_success', array('class' => 'success'), 'success');
                        $this->redirect(ACCOUNT_LOG);
                    } else {
                        $this->Session->setFlash(__('Your account could not be created'), 'flash_failure', array('class' => 'failure'), 'failure');
                    }
                } else {
                    $this->Session->setFlash(__('E-mail already in use'), 'flash_failure', array('class' => 'failure'), 'failure');
                }
            } else {
                $this->Session->setFlash(__('Username already in use'), 'flash_failure', array('class' => 'failure'), 'failure');
            }
        }
    }
}

validateSQL only makes call to check the username and/or email fields to see if they exist or not (I've left them in the controller because I'd like to fix this first, I know I need to move them to the model).

confirmPass only compares the fields password and confirmPassword from the view, returning true or false.

beforeSave in User.php

public function beforeSave($options = array()) {
        if (isset($this->request->controller->data[$this->alias]['password'])) {
            $this->request->controller->data[$this->alias]['password'] = AuthComponent::password($this->request->controller->data[$this->alias]['password']);
        }
        return true;
}

Yesterday everything was working perfectly. All the values are still being saved to the correct tables, just no hashing on the password is being done (md5+salt). Does anyone have any ideas if this is a known or common problem with AuthComponent?

If I remove the isset I get from my model:

Notice (8): Trying to get property of non-object [APP/Plugin/Account/Model/User.php, line 65]

Notice (8): Trying to get property of non-object [APP/Plugin/Account/Model/User.php, line 65]

Notice (8): Indirect modification of overloaded property User::$request has no effect [APP/Plugin/Account/Model/User.php, line 65]

1
phpcakephpauthentication
Your $this->validateSQL() part with all those strange session thingies going on does not look very cakish - or clean. Thats what save() and validation in the model is for usually.mark
I noted that I will be migrating those into the model. And since I'm using this as a plugin and save() doesn't quite do what I'd like and I'm new(ish) to Cake I wrote it first in PHP then will be migrating to full cake syntax, all without modifying the base library.thepratt
is this cakephp 2.0 or 3.0?user1767754
@user1767754 2; 3 wasn't available to the public until Mar 2015. This question was posted in 2013.thepratt

1 Answers

0
votes

Use this instead:

public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
    }
    return true;
}

Reason: In models you just need $this->data, not $this->request->controller->data