Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork CakePHP minLength data validation is not working with Auth component for CakePHP

Thread Rating:
  • 393 Vote(s) - 3.47 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
minLength data validation is not working with Auth component for CakePHP

Offline vitiazm


Member
*
Member
Posts: 1
Threads: 1
Joined: Dec 2018
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-06-2023, 05:06 PM
Let's say I have a user registration and I'm using the Auth component (/user/register is allowed of course).

The problem is if I need to set a minLength validation rule in the model, it doesn't work since the Auth component hashes the password therefore it's always more than my minlength password and it passes even if it's blank.

How do I fix this issue? Thanks in advance!
Reply

Offline slipforms539334


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Oct 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-06-2023, 05:06 PM
Essentially, you have to rename the password field (for example, to "pw") to prevent the Auth component from hashing it automatically. Then, if the password passes the validation rules, hash it and save the hash under the `password` key. This is usually done in the `beforeFilter()` callback as [this article][1] describes.

It is also possible to validate the data and hash the password in the controller. This practice is generally discouraged, but it might be a little easier to wrap your head around if you're just starting out with CakePHP.

// this code would go after: if (!empty($this->data)
// and before: $this->User->save($this->data)

// validate the data
$this->User->set($this->data);
if ($this->User->validates()) {

// hash the password
$password_hash = $this->Auth->password($this->data['User']['pw'];
$this->data['User']['password'] = $password_hash;
}

[1]:

[To see links please register here]

Reply

Offline micropaleontology16310


Member
*
Member
Posts: 0
Threads: 0
Joined: Dec 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
08-06-2023, 05:09 PM
hmm.. here's what I consider best practice: Left the password field as is. Include a second password field 'pw2' so the user can re-type the password. Advantages:

- prevent user typo
- Auth won't hash pw2. In the model, you can write a custom validation method for password (because you need to check if the 2 passwords are the same too)

> var $validate = array(
'password' => array(
'rule' => array('checkPwd')
)
);
function checkPwd($check) {
if(!isset($this->data[$this->alias]['password']) ||
!isset($this->data[$this->alias]['pw2']))
return 'Where are the passwords?';
if($this->data[$this->alias]['password'] !==
Security::hash($this->data[$this->alias]['pw2'],null,true))
return 'Passwords are not the same';
if(strlen($this->data[$this->alias]['pw2']))<10)
return 'Password not long enough';
return true;
}

One little thing, in the form view, set the 'value'=>'' for both passwords fields.

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through