[mjkulet]

Hi. I created a model 'User', which contains id,username,password. I want it to save the password hashed, so I created a public function 'hashPassword' for this. I created a 'beforeSave' public function ,in accordance to my understanding in the documentation, which will call the hashPassword before proceeding to saving. However, passwords are still saved as is.

Here are the details:

//User.php
public function hashPassword($password,$salt)
    {
        return md5($salt.$password);
    }

//UserController.php
public function beforeSave()
	{
	
	   if (parent::beforeSave())
	   {
	
	      if ($this->isNewRecord)
	      {
	         $this->password = User::hashPassword($this->password,'s0m3s@Lt');
	      }
	      
	      return true;
	
	   }
	
	}

Maybe my codes are incorrect,or I placed the functions in an incorrect file, or both...which is more likely.

I am a newbie, please make it simple for me

[Maurizio Domba]

beforeSave() is a method of CActiveRecord - http://www.yiiframew...foreSave-detail

You put you function in the controller and that's why it does not get called...

put it in user.php and it should work...

[dyabr]

Also
call User::hashPassword() is incorrect

[Maurizio Domba]

If beforeSave() and hashPassword are both in User.php than you call it with

$this->hashPassword(...)

[Trejder]

dyabr, on 09 December 2010 - 09:52 AM, said:

Also call User::hashPassword() is incorrect

Why? You have to turn strict error reporting in php.ini to have errors like this (calling statically a non static function) to be reported. But with default php.ini configuration, strict error reporting is turned off and above code should be executed without problems (although it is a bad idea to call like that non static function).

[Chris83]

Trejder, on 09 December 2010 - 05:20 PM, said:

Why? You have to turn strict error reporting in php.ini to have errors like this (calling statically a non static function) to be reported. But with default php.ini configuration, strict error reporting is turned off and above code should be executed without problems (although it is a bad idea to call like that non static function).

I agree that it's incorrect to call a method statically if it isn't declared static. Even though you don't get any errors it doesn't mean that the code is correct. Maybe it's just me being a perfectionist.

[mjkulet]

Thank you guys for your help, the password saved is now hashed!

I am amazed how fast and accurate you guys respond

Where can I tag this post as solved?

[Trejder]

Chris83, on 09 December 2010 - 05:37 PM, said:

I agree that it's incorrect to call a method statically if it isn't declared static. Even though you don't get any errors it doesn't mean that the code is correct. Maybe it's just me being a perfectionist.

It's not only you, Chris! Turning on E_STRICT error reporting in php.ini is among first things I do for each larger project!

[Trejder]

mjkulet, on 09 December 2010 - 09:38 PM, said:

Thank you guys for your help, the password saved is now hashed! I am amazed how fast and accurate you guys respond

We are trying to do our best! The truth is that being active member of Yii community is like using all the advantages of collective knowledge (hhhh... we're the Borg, you will be assimilated! ). As someone (probably jacmoe! ) pointed out somewhere here, it is always a pleasure (feeling that you can help is a quite nice thing, at least for me) and this is something both sides profit from. Not only the one that asks, but also the person, who answers - as he or she may start to see things he/she would never do without help form second side.

Wow! That is completely off-topic!

mjkulet, on 09 December 2010 - 09:38 PM, said:

Where can I tag this post as solved?

Common, but not written rule is to add [Solved] at the beginning of topic title. In this forum you can change topic title with every edit or addition of a new post to it. Try it! And good luck with wonderful Yii!

[Maurizio Domba]

Some users has a habit to put [SOLVED] in the forum title... but as I see this... it's not needed... as it happens that a solved thread gets "reopened"... for example someone with a similar problem post a question in that thread and the posting continues to solve this similar problem... in that case the [SOLVED] in the title is misleading...

and anyway... as this community is getting bigger and better every day... it's very rare to have un-solved posts... so in the end there would be a list of posts all beginning with [SOLVED]...

[Trejder]

mdomba, on 10 December 2010 - 02:18 AM, said:

Some users has a habit to put [SOLVED] in the forum title... but as I see this... it's not needed... as it happens that a solved thread gets "reopened"... for example someone with a similar problem post a question in that thread and the posting continues to solve this similar problem... in that case the [SOLVED] in the title is misleading...

Yes, you are right. I haven't thought about this that way. Even if some one reopens a solved topic, there is 99% chance he or she forgot to remove [SOLVED] part from a title.

Then maybe we make common, but not written rule that to mark topic as solved, its initiator will write in a last (for that moment) post a simple thank you and short info that the problem was solved? :]

P.S.: I mislead some people. To edit thread topic, one need to edit first (not any) post in it - this way topic can be changed only by thread's creator, not by anyone.

[zaccaria]

mdomba, on 10 December 2010 - 02:18 AM, said:

it's very rare to have un-solved posts... [SOLVED]

That's a very strong affermation, anyway I can quote!

[Maurizio Domba]

zaccaria, on 10 December 2010 - 05:33 AM, said:

That's a very strong affermation, anyway I can quote!

At least there are very very few unanswered posts...

[Trejder]

mdomba, on 10 December 2010 - 05:57 AM, said:

At least there are very very few unanswered posts...

Well, then... why most of them are mine?

Like those:

• Oracle column names case-sensitivity
• ChoiceFormat and truly PHP evaluation?
• Menu active state lost when using modules?

It drives me a little bit crazy, that there are no answers to those, as they are somehow key problems to my current app! :/

But, to be honest, as you said. I never met any other forum before, that would have that small factor of unanswered posts and where community would be so warm and helpful!

[Maurizio Domba]

Could be that you have really specific problems that others has not encountered or even used until now

[Trejder]

mdomba, on 10 December 2010 - 07:10 AM, said:

Could be that you have really specific problems that others has not encountered or even used until now

I can agree with you about ChoiceFormat and truly PHP evaluation? but not with Menu active state lost when using modules? as it is (at least for me) so obvious problem, that I was kind of surprised that I did not noticed anything interesting in this matter in the forum. Don't tell me that I'm first here, who used menu for accessing modules and submodules!

[zaccaria]

I did it, and I had no problem

I just set active with some logic expression based on the actual controller and view, and all always worked fine.

I never used the extension you mentioned, always used bare CMenu.

Anyway, or is a ccs problem or is an expression problem, I think that there are no other options.

[Maurizio Domba]

we are here too deep OT... I answered you on the menu topic

Edit:

Quote

...
Don't tell me that I'm first here
...

I wrote "not encountered" first... only then "or even used"

[Trejder]

mdomba, on 10 December 2010 - 07:41 AM, said:

we are here too deep OT... I answered you on the menu topic

Yes I agree! We should end this conversation, before we get busted by Qiang or other forum members for doing off-topic chitchat!

[mongoose76]

Hi all,

I see the hashing happens only on new record.

What if I want to update the password? How would you do it?

Doru

mjkulet, on 09 December 2010 - 07:16 AM, said:

Hi. I created a model 'User', which contains id,username,password. I want it to save the password hashed, so I created a public function 'hashPassword' for this. I created a 'beforeSave' public function ,in accordance to my understanding in the documentation, which will call the hashPassword before proceeding to saving. However, passwords are still saved as is.

Here are the details:

//User.php
public function hashPassword($password,$salt)
    {
        return md5($salt.$password);
    }

//UserController.php
public function beforeSave()
	{
	
	   if (parent::beforeSave())
	   {
	
	      if ($this->isNewRecord)
	      {
	         $this->password = User::hashPassword($this->password,'s0m3s@Lt');
	      }
	      
	      return true;
	
	   }
	
	}

Maybe my codes are incorrect,or I placed the functions in an incorrect file, or both...which is more likely.

I am a newbie, please make it simple for me