Jump to:

3372 Posts in 998 Topics by 712 members

Data Model Questions

SilverStripe Forums » Data Model Questions » ModelAdmin not encrypting passwords

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1259 Views
  • thi3r
    Avatar
    Community Member
    25 Posts

    ModelAdmin not encrypting passwords Link to this post

    Hi,

    I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.

    But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
    However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.

    I have tried adding this in the onBeforeWrite of my member object:

    if ( $this->isChanged('Password') )
    {
          $encryptedPass = Security::encrypt_password($this->Password);
          $this->Password = $encryptedPass['password'];
          $this->PasswordEncryption = $encryptedPass['algorithm'];
          $this->Salt = $encryptedPass['salt'];
    }


    This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.

    If there some configuration option to set for ModelAdmin to encrypt password as a default?
    Any help much appreciated.

    (using SS 2.4 rc1)

    Thanks, Thierry

  • joern
    Avatar
    Community Member
    28 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    same problem here. When you look in the code, you can see the unencrypted password also.

    <input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">

    sounds like a bug…

  • thi3r
    Avatar
    Community Member
    25 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    The only way I managed to get around it is by adding this in onBeforeWrite()

    $this->PasswordEncryption = "sha1_v2.4";

    The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
    It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...

  • congii
    Avatar
    Community Member
    6 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.

    Any idea would be very much appreaciated.

    Thanks!

    1259 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.