Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions /

ModelAdmin not encrypting passwords


Reply


4 Posts   1399 Views

Avatar
colymba

Community Member, 26 Posts

20 April 2010 at 11:09pm

Hi,

I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.

But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.

I have tried adding this in the onBeforeWrite of my member object:

if ( $this->isChanged('Password') )
{
      $encryptedPass = Security::encrypt_password($this->Password);
      $this->Password = $encryptedPass['password'];
      $this->PasswordEncryption = $encryptedPass['algorithm'];
      $this->Salt = $encryptedPass['salt'];
}


This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.

If there some configuration option to set for ModelAdmin to encrypt password as a default?
Any help much appreciated.

(using SS 2.4 rc1)

Thanks, Thierry

Avatar
joern

Community Member, 28 Posts

23 April 2010 at 9:38am

same problem here. When you look in the code, you can see the unencrypted password also.

<input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">

sounds like a bug…

Avatar
colymba

Community Member, 26 Posts

23 April 2010 at 8:39pm

The only way I managed to get around it is by adding this in onBeforeWrite()

$this->PasswordEncryption = "sha1_v2.4";

The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...

Avatar
congii

Community Member, 6 Posts

5 February 2013 at 4:27pm

Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.

Any idea would be very much appreaciated.

Thanks!