Geek Answers Handbook

Cakephp password verification

var $validate = array( 'password' => array( 'passwordlength' => array('rule' => array('between', 8, 50),'message' => 'Enter 8-50 chars'), 'passwordequal' => array('checkpasswords','message' => 'Passwords dont match') ) ); function checkpasswords() { return strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm password']); }

This code does not work and always gives an error message, even if they match. Also, when I do the editing, I get the following error, since there is no password field. is there any fix

 Undefined index: password [APP/models/airline.php, line 25]
+7
php passwords cakephp
source share
6 answers

here is a mistake

 'passwordequal' => array('checkpasswords','message' => 'Passwords dont match')

I changed it to

 'passwordequal' => array('rule' =>'checkpasswords','message' => 'Passwords dont match')

also the strcmp function also had errors, as it returned 0 (i.e. False) all the time in the above code

 if(strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm_password']) ==0 ) { return true; } return false;
+5
source share

Are you using AuthComponent? Keep in mind that it hashes all incoming password fields (but not “password confirmation”, check with debug($this->data) ), so the fields will never be the same. Read the manual and use AuthComponent::password to complete the verification.

Having said that, here I use:

 public $validate = array( 'password' => array( 'confirm' => array( 'rule' => array('password', 'password_control', 'confirm'), 'message' => 'Repeat password', 'last' => true ), 'length' => array( 'rule' => array('password', 'password_control', 'length'), 'message' => 'At least 6 characters' ) ), 'password_control' => array( 'notempty' => array( 'rule' => array('notEmpty'), 'allowEmpty' => false, 'message' => 'Repeat password' ) ) ); public function password($data, $controlField, $test) { if (!isset($this->data[$this->alias][$controlField])) { trigger_error('Password control field not set.'); return false; } $field = key($data); $password = current($data); $controlPassword = $this->data[$this->alias][$controlField]; switch ($test) { case 'confirm' : if ($password !== Security::hash($controlPassword, null, true)) { $this->invalidate($controlField, 'Repeat password'); return false; } return true; case 'length' : return strlen($controlPassword) >= 6; default : trigger_error("Unknown password test '$test'."); } }

This is bad for the following reasons:

  • It has a tight connection with the form, always expects the password_control field to be there. You need to use the white list or disable the check if you do not have it, i.e.: $this->User->save($this->data, true, array('field1', 'field2')) .
  • Manually hashes the password as AuthComponent does (since there is no clean access to components from the model). If you change the algorithm used in AuthComponent, you also need to change it here.

Having said that, he transparently checks and creates the correct error messages for both the password and password management fields, without requiring additional code in the controller.

+12
source share

To confirm the password, old password and confirm the password

 class Adminpassword extends AppModel { public $name = 'Admin'; public $primaryKey = 'id'; public $validate = array( 'oldpassword' => array( array( 'rule' => 'notEmpty', 'required' => true, 'message' => 'Please Enter Current password' ), array( 'rule' =>'checkcurrentpasswords', 'message' => 'Current Password does not match' ) ), 'password' => array( array( 'rule' => 'notEmpty', 'required' => true, 'message' => 'Please Enter password' ), array( 'rule' => array('minLength', 6), 'message' => 'Passwords must be at least 6 characters long.', ) ), 'cpassword' => array( array( 'rule' => 'notEmpty', 'required' => true, 'message' => 'Please Enter Confirm password' ), array( 'rule' => 'checkpasswords', 'required' => true, 'message' => 'Password & Confirm Password must be match.' ) ) ); function checkpasswords() // to check pasword and confirm password { if(strcmp($this->data['Adminpassword']['password'],$this->data['Adminpassword']['cpassword']) == 0 ) { return true; } return false; } function checkcurrentpasswords() // to check current password { $this->id = $this->data['Adminpassword']['id']; $user_data = $this->field('password'); //print_r(Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true)); if ($user_data == (Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true))) { return true; } else { return false; } } }
+3
source share

For CakePHP 2.x users using authentication, you may notice that "AuthComponent no longer automatically hashes every password that it can find." That is, the above solutions may not be the correct way to solve the problem for 2.x. http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords

+2
source share

Heres is my solution:

You should make a method called match (you can name it whatever you want):

 public function match($check, $with) { // Getting the keys of the parent field foreach ($check as $k => $v) { $$k = $v; } // Removing blank fields $check = trim($$k); $with = trim($this->data[$this->name][$with]); // If both arent empty we compare and return true or false if (!empty($check) && !empty($with)) { return $check == $with; } // Return false, some fields is empty return false; }

And the $ validate method should look like this:

 public $validate = array( 'password' => array( 'match' => array( 'rule' => array('match', 'password2'), 'message' => 'Passwords doesnt match', ), ), );

Where password2 is the field to compare your first password field

I'm glad to share it !: D

+1
source share

Would this help: http://sumanrs.wordpress.com/2011/10/01/cakephp-user-password-manager-authentication-missing-guide/ ? This should take care of password verification.

0
source share

More articles:


All Articles