Probably in this moment i’m really stupid and I’m losing in a glass of water…
Suppose that I want to crypt the user’s password. Ok, during registration i can use beforeSave and save the sha1 value (or better hasing it…). No problem. Now we have stored the crypted password.
Now suppose that we have a Profile area where the user can edit his own data. If the password is not modified, how can i tell to beforeSave not to perform the function again (it is already crypted!) ?
old password never goes back to browser when you edit profile - regardless crypted or not;
in update password action, you always receive user’s password in un-crypted plain text;
now if you receive empty in user’s input (password) assuming user does not want to change password, you don’t do anything to touch the encrypted password in db;
if you input some valid new password, then you simply encrypt it and save to db;
The user register his self with password "hello". Now with sha1 it become "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d".
The user go in his profile for change the address. But in the form is displayed "password" with sha1 value. If the user send the form, the sha1 password will not crypted again?