cakephp. how to compare password with password in database

1
votes

Since few days, almost one week, i have an issue, to compare passwords in cakephp.

I'm preparing edit user view, and befor user will be able to change his current password he needs to type his old password. ( i'm extending authorization tutorial from cakebook.)

While user is creating his password is hashing in User.php (Model)

public function beforeSave($options = array()) {
    {
        if(isset($this->data[$this->alias]['password']))
        {
                $this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
        }
        return true;
}

i tried compare field old_password after AuthComponent with ( any way to receive user pass) like $this->Session->read('Auth.User.password'), but ofcourse it fails, i tried to send old_password and hash it in model User.php, also i created in this model

App::uses('AuthComponent', 'Controller/Component');
class User extends AppModel
{
public $validate = array(
    'username'=>array(
        'required'=>array(
            'rule'=>array('notEmpty'),
            'message'=>'Write correct Login'
        )
    ),
    'password'=>array(
        'required'=>array(
            'rule'=>array('notEmpty'),
            'message'=>'Please re-enter your password twice so that the values match'
        )
    ),
    'old_password'=>array(
        'required'=>array(
            'rule'=>array('equalTo'=>'password'),
            'message'=>'Wrong'
        )
    )
);

with using different ways of 'equalTo',password or 'equalTo','password' i also tried to compare old_password input with database one in edit.ctp, but all my works fails.

please give me some tip.

EDIT (becouse of my low reputation i can;t answer my own post before 8 hours after asking so i edit this part to)

Anil Kumar You gave me good advice. I fallow your way, but An Internal Error Has Occurred. Error: An Internal Error Has Occurred. every time, i change this part of code on my way, as fallows, and it perfectly works, ofcourse thanks to You Anil Kumar.

public function password_verifies()
{
    //$this->User->id = $this->data[$this->alias]['id'];
    //return AuthComponent::password($this->data[$this->alias]['password']) == $this->User->field('password');
    $od = AuthComponent::password($this->data['User']['old_password']);
    if($od == $this->field('password'))
    {
        return true;
    }
    return false;
}
2
phpcakephppasswords
You might want to look into this. As part of the behavior you can set current to true. - mark

2 Answers

0
votes

Defining Rule for old password

'old_password' => array(
    'rule' => 'password_verifies',
    'message' => 'wrong'
)

Function that verfies the password matching

public function password_verifies() {
    // getting password via field method by assuming you're setting $this->User->id from your controller
    return AuthComponent::password($this->data[$this->alias]['password']) == $this->User->field('password'); 
}

Validating from controller

And in your controller you've to set the id before validating.

$this->User->id = $this->Auth->user('id');
$this->User->set($this->request->data);
if ($this->User->validates()) {
    // do your stuff..
}
0
votes

Below is the working example of compare password of my websites,

/**
     * Validation rules
     * @var array
     */
    var $validate = array(
        'changepass' => array(
            'notEmpty' => array(
                'rule' => 'notEmpty',
                'message' => 'Please insert Password',
                'last' => true
            ),
            'minLength' => array(
                'rule' => array('minLength', 8),
                'message' => 'Your password must be at least 8 characters long',
                'last' => true
            )
        ),
        'checkpassword' => array(
            'notEmpty' => array(
                'rule' => 'notEmpty',
                'message' => 'Please insert Confirm Password',
                'last' => true
            ),
            'checkValue' => array(
                'rule' => array('comparePassword', 'changepass'),
                'message' => 'Please enter the same password as above',
                'last' => true
            )
        )
    );

// Validating the values of two fields to not to be identical to each other
function comparePassword($field = array(), $compareField = null) {
    foreach ($field as $key => $value) {
        $v1 = $value;
        $v2 = $this->data[$this->name][$compareField];

        if ($v1 != $v2)
            return false;
        else
            continue;
    }
    return true;
}