Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions

ModelAdmin not encrypting passwords


Reply

4 Posts   1340 Views

Avatar
colymba

20 April 2010 at 11:09pm Community Member, 25 Posts

Hi,

I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.

But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.

I have tried adding this in the onBeforeWrite of my member object:

if ( $this->isChanged('Password') )
{
      $encryptedPass = Security::encrypt_password($this->Password);
      $this->Password = $encryptedPass['password'];
      $this->PasswordEncryption = $encryptedPass['algorithm'];
      $this->Salt = $encryptedPass['salt'];
}


This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.

If there some configuration option to set for ModelAdmin to encrypt password as a default?
Any help much appreciated.

(using SS 2.4 rc1)

Thanks, Thierry

Avatar
joern

23 April 2010 at 9:38am Community Member, 28 Posts

same problem here. When you look in the code, you can see the unencrypted password also.

<input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">

sounds like a bug…

Avatar
colymba

23 April 2010 at 8:39pm Community Member, 25 Posts

The only way I managed to get around it is by adding this in onBeforeWrite()

$this->PasswordEncryption = "sha1_v2.4";

The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...

Avatar
congii

5 February 2013 at 4:27pm Community Member, 6 Posts

Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.

Any idea would be very much appreaciated.

Thanks!