Password Encryption

alankar1985 · March 24, 2013, 7:23pm

I have created a user controller. on create record its wrking fine but while updating record i dont want to enter password every time means password should be update when i change it other wise not. code is given below




<?php 

		if(isset($_POST['User']))

		{

			//$model->attributes=$_POST['User'];

			

			if(!empty($_POST['User']['password']))

			{

				$model->password=$_POST['User']['password'];

			}

			$model->username=$_POST['User']['username'];

			$model->firstname=$_POST['User']['firstname'];

			$model->lastname=$_POST['User']['lastname'];

			$model->email=$_POST['User']['email'];

			$model->status=$_POST['User']['status'];

			$model->role=$_POST['User']['role'];

				if($model->save())

			{

				Yii::app()->user->setFlash('success', "Record Has Been Updated");

				$this->redirect(array('admin'));

			}

		} ?>

Now the issue is i want to encrypt password before save. i also use beforesave() in model to encrypt password but it always encrypt password either password field is empty or not.


	  public function beforeSave() 

    {

	

      if (!empty($this->password))

        { $this->password=md5($this->password);}


    

	 //  return parent::beforeSave();

    }

Can anyone guide what is wrong i am doing here and which encryption we should use MD5 or crypt ?

konapaz · March 26, 2013, 9:35pm

Hi Alankar.

Are you sure the password is empty on beforesave?

If update a record the password has the stored from database value. (update action)

With your code you set the password from post form when the field is not empty.

But if it is empty the password remains the same (by the database)

Then in your beforesave code you re-encrypt the old password and then save!

To see if it is empty echo the password ob beforesave like that




       public function beforeSave() 

    {

      echo($this->password); die();

      if (!empty($this->password))

        { $this->password=md5($this->password);}


    

         //  return parent::beforeSave();

    }

If the value is not empty then I will thing what you can do

alankar1985 · March 27, 2013, 6:30pm

KonApaz:

Hi Alankar.

Are you sure the password is empty on beforesave?

If update a record the password has the stored from database value. (update action)

With your code you set the password from post form when the field is not empty.

But if it is empty the password remains the same (by the database)

Then in your beforesave code you re-encrypt the old password and then save!

To see if it is empty echo the password ob beforesave like that
       public function beforeSave() 

    {

      echo($this->password); die();

      if (!empty($this->password))

        { $this->password=md5($this->password);}


    

         //  return parent::beforeSave();

    }
If the value is not empty then I will thing what you can do

Hi KonApaz

i checked it and found that password is not empty, it has a password value from database.

What actually i want that password should updated when i enter it into textbox otherwise it should remains same.

konapaz · March 27, 2013, 7:16pm

ok, as I ecpected…

In your model (User)

first store the pass in another variable,and set null the password on afterFind


private $sPassword=null;

 public function afterFind() {

            if ($this->password) {

                $this->sPassword = $this->password;

                $this->password=null;

            }

        }

        parent::afterFind();

    }

now the system knows whether the password pre-exists, now what…

If the password filled by post form it means that will have to be stored


 public function beforeSave() {

            if (!$this->password) 

                $this->password = $this->sPassword;       

            } else {

                $this->password = md5( $this->password);

            }

        return parent::beforeSave();

}

Now you can save the new or not password!

alankar1985 · March 28, 2013, 5:35pm

KonApaz:

ok, as I ecpected…

In your model (User)

first store the pass in another variable,and set null the password on afterFind
private $sPassword=null;

 public function afterFind() {

            if ($this->password) {

                $this->sPassword = $this->password;

                $this->password=null;

            }

        }

        parent::afterFind();

    }
now the system knows whether the password pre-exists, now what…

If the password filled by post form it means that will have to be stored
 public function beforeSave() {

            if (!$this->password) 

                $this->password = $this->sPassword;       

            } else {

                $this->password = md5( $this->password);

            }

        return parent::beforeSave();

}
Now you can save the new or not password!

Thanks, its working

konapaz · March 28, 2013, 10:40pm

You welcome Thanks the Yii team for pre and post event-action

alankar1985 · March 29, 2013, 8:12am

KonApaz:

ok, as I ecpected…

In your model (User)

first store the pass in another variable,and set null the password on afterFind
private $sPassword=null;

 public function afterFind() {

            if ($this->password) {

                $this->sPassword = $this->password;

                $this->password=null;

            }

        }

        parent::afterFind();

    }
now the system knows whether the password pre-exists, now what…

If the password filled by post form it means that will have to be stored
 public function beforeSave() {

            if (!$this->password) 

                $this->password = $this->sPassword;       

            } else {

                $this->password = md5( $this->password);

            }

        return parent::beforeSave();

}
Now you can save the new or not password!

Hi KonApaz

your solution is 100% good for updatation but by this now i am unable to login because $this->password hassbeen set to null

redguy · March 30, 2013, 9:13am

You need to keep the value in ‘password’ attribute.


private $sPassword=null;

    public function afterFind() {

        $this->sPassword = $this->password;

        parent::afterFind();

    }

    public function beforeSave() {

        if ($this->isNewRecord || $this->password != $this->sPassword) {

            $this->password = md5( $this->password);

        }

        return parent::beforeSave();

    }

konapaz · April 2, 2013, 5:13pm

Ok, make this trick


public static $getPass=false;

private $sPassword=null;

 public function afterFind() {

            if ($this->password) {

                $this->sPassword = $this->password;

                if (self::$getPass==false) $this->password=null;

            }

        }

        parent::afterFind();

    }


//in your protected/components/UserIntentity.php modify the authenticate method like this


 public function authenticate() {

 User::$getPass = true;

..all left code...

 User::$getPass = false;

}

alankar1985 · April 9, 2013, 8:43pm

KonApaz:

Ok, make this trick


public static $getPass=false;

private $sPassword=null;

 public function afterFind() {

            if ($this->password) {

                $this->sPassword = $this->password;

                if (self::$getPass==false) $this->password=null;

            }

        }

        parent::afterFind();

    }


//in your protected/components/UserIntentity.php modify the authenticate method like this


 public function authenticate() {

 User::$getPass = true;

..all left code...

 User::$getPass = false;

}

thanks