Yii Framework Forum: Md5 Password - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Md5 Password action Update, x2 md5 password Rate Topic: -----

#1 User is offline   kopecldz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 86
  • Joined: 20-February 13

Posted 03 June 2013 - 05:39 AM

hello.

I have problem.

I have MD5 decript password to my DB. When i register new user, the MD5 change my password to md5 + salt to DB.

All its ok, when i login, password is correct.. but..

when i click "update user" and i don't change passsword, only save this edit user, my password change MD5 password to MD5 + MD5 and when i login to user, i can't, password is wrong.

Example:
make new user : password - pass1
in DB save : password - a722c63db8ec8625af6cf71cb8c2d939

When i edit user i get:

password - **************************** <- a722c63db8ec8625af6cf71cb8c2d939

and where i save this user the MD5 change : a722c63db8ec8625af6cf71cb8c2d939 to new MD5 : 57a7ce8ba8e428f96afae6828592e688

and password now is : a722c63db8ec8625af6cf71cb8c2d939 no pass1..
0

#2 User is offline   EvilKarter 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 14
  • Joined: 24-May 13

Posted 03 June 2013 - 05:48 AM

Hi,

can you please the code for creating and updating the password?

If I may give you a hint:
Try to avoid MD5 Hashs because they are insecure. You can use SHA512 instead.
0

#3 User is offline   kopecldz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 86
  • Joined: 20-February 13

Posted 03 June 2013 - 05:50 AM

Thx for reply.

USER MODEL:

public function beforeSave() {
        $pass = md5($this->password);
        $this->password = $pass;
        return true;
    }


USER IDENTITY:

public function authenticate() {
        $user = user::model()->findByAttributes(array('name' => $this->username));
//        echo md5($this->password); echo '<br>';
//        echo $user->password; exit;
        if ($user === null) { // No user was found!
            $this->errorCode = self::ERROR_USERNAME_INVALID;
        }
        // $user->Password refers to the "password" column name from the database
        else if ((md5($this->password) . Yii::app()->params["salt"]) !== $user->password) {
            $this->errorCode = self::ERROR_PASSWORD_INVALID;
        } else {
// User/pass match
            $this->_id = $user->id;
            $this->errorCode = self::ERROR_NONE;
        }
        return !$this->errorCode;
    }

    public function getId() {
        return $this->_id;
    }

USER CREATE:
public function actionCreate()
	{
		$model=new User;

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if(isset($_POST['User']))
		{
			$model->attributes=$_POST['User'];
			if($model->save())
				$this->redirect(array('index'));
		}

		$this->render('create',array(
			'model'=>$model,
		));
	}

USER UPDATE:
public function actionUpdate($id)
	{
		$model=$this->loadModel($id);

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if(isset($_POST['User']))
		{
			$model->attributes=$_POST['User'];
			if($model->save())
				$this->redirect(array('index'));
		}

		$this->render('update',array(
			'model'=>$model,
		));
	}

0

#4 User is offline   kumarkulandai 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 152
  • Joined: 18-November 11
  • Location:Bangalore

Posted 03 June 2013 - 05:51 AM

Use Yii Security Extension to encrypt/decrypt password based on an encryption key

To implement,

• Download the extension from the below link
http://www.yiiframew...on/yii-encrypt/

• Unzip the data in the extension folder

• Import the class by adding the below code in the import part of config
'application.extensions.encrypter.Encrypter',

• Add below piece of code in the component array in config file
'encrypter'=>array (
'class'=>'Encrypter',
'key'=>'XXXXXXXXXXXXXXXX',
),

• Now we can encrypt characters by calling the below function in controllers/views

$myEncryptedString = Yii::app()->encrypter>encrypt($myDecryptedString);

• For to decrypt
$myDecryptedString = Yii::app()->encrypter>decrypt($myEncryptedString);
Regards,
Kumar Kulandai.

Posted Image
0

#5 User is offline   kopecldz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 86
  • Joined: 20-February 13

Posted 03 June 2013 - 05:57 AM

Link to download Encrypter doesn't works.
0

#6 User is offline   EvilKarter 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 14
  • Joined: 24-May 13

Posted 03 June 2013 - 06:03 AM

View Postkopecldz, on 03 June 2013 - 05:50 AM, said:

Thx for reply.

USER MODEL:

public function beforeSave() {
        $pass = md5($this->password);
        $this->password = $pass;
        return true;
    }




I think the problem is, that you don't proof if a new user password is set or it is empty.
possible sequence:
You fetch the user model from the database. There is the password saved as MD5. If you update your user and no password is set, perhaps it takes the saved MD5 password as new password.

So if you proof if the user entered a new password or not the problem should be solved
0

#7 User is offline   waterloomatt 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 550
  • Joined: 09-April 10

Posted 03 June 2013 - 06:18 AM

Where are you hashing the password - beforeSave? You need to check the scenario (register) and only hash it on insert/create/register or when the user updates their password.

Matt
0

#8 User is offline   kopecldz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 86
  • Joined: 20-February 13

Posted 03 June 2013 - 06:25 AM

I delete beforeSave() function :).

In actionCreate I ADD :
$pass = md5($model->password);
            $model->password = $pass;


And in actionUpdate :

i add this:
$checkpass = $model->password;

and after $model->atributess :
if ($model->password == $checkpass) {
                
            } else {
                $pass = md5($model->password);
                $model->password = $pass;
            }
            if ($model->save())
                $this->redirect(array('index'));
        }

And all is done now.

Yes Matt, in beforeSave() function i hash password.
0

#9 User is offline   encyclopedia 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 11-November 14

Posted 03 February 2015 - 04:56 AM

can i encrypt in afterValidate function??
0

#10 User is offline   Ronald van Belzen 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 157
  • Joined: 04-July 13
  • Location:The Netherlands

Posted 03 February 2015 - 10:37 AM

View Postencyclopedia, on 03 February 2015 - 04:56 AM, said:

can i encrypt in afterValidate function??


The necro-posting force is strong in this one.
0

#11 User is offline   oligalma 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 418
  • Joined: 07-April 12
  • Location:Spain

Posted 03 February 2015 - 12:02 PM

don't use md5, it's not secure. Use CPasswordHelper instead

http://www.yiiframew...CPasswordHelper
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users