[Solar-talk] Working with hashes (MD5) and column updates

Raymond Kolbe rkolbe at gmail.com
Thu Jan 3 10:06:51 CST 2008 

Oh, I just remembered why I created sanitizeMD5. If you use the code block
you posted above, it changes the password to a hash before any model
validation takes place.

Let's say I wanted to make sure the password was more than 5 characters and
contained at least 1 number. I can't do this unless I put that logic in the
controller because the hash is 32 characters so we will always get a false
positive from validateMin in the model and we also will not be able to
verify there is at least 1 number in the password, again because it is
hashed already.

Yes this can be put in the controller but it shouldn't be there really,
right?

Thank you,
Raymond Kolbe

On Jan 2, 2008 8:22 PM, Raymond Kolbe <rkolbe at gmail.com> wrote:

> I guess that is the only option then, eh? I did have that in an earlier
> version of my project but decided to implement sanitizeMD5 because it seemed
> to make sense. I guess I will KISS for the time being ;-)
>
> Thanks Rodrigo
>
>
> On Jan 2, 2008 4:43 PM, Rodrigo Moraes <rodrigo.moraes at gmail.com> wrote:
>
> > On Jan 1, 2008 2:15 PM, Raymond Kolbe wrote:
> > > I noticed that Tipos has encountered the same hash filter issue I have
> > as I
> > > see a commented line in your model for your hash filter ;-)
> >
> > Oh, I tried it after our IRC talks, but gave up to continue using what
> > I was using before, which is...
> >
> > In the model:
> >
> >        $this->_calculate_cols[] = 'passwd_confirm';
> >        $this->_addFilter('passwd', 'validateConfirm');
> >
> > In the controller:
> >
> >        $data = $request->post('user', array());
> >
> >        if (! empty($data['passwd']) && !empty($data['passwd_confirm']))
> > {
> >            // Force hashed values for password comparison.
> >            $data['passwd'] = hash('md5', $data['passwd']);
> >            $data['passwd_confirm'] = hash('md5',
> > $data['passwd_confirm']);
> >        }
> >
> > No validateHash(), only the code above. It works fine for me.
> >
> > -- rodrigo
> > _______________________________________________
> > Solar-talk mailing list
> > Solar-talk at lists.solarphp.com
> > http://mailman-mail3.webfaction.com/listinfo/solar-talk
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman-mail3.webfaction.com/pipermail/solar-talk/attachments/20080103/6bfb39dd/attachment-0001.html

More information about the Solar-talk mailing list