Jump to:

3062 Posts in 864 Topics by 646 members

Data Model Questions

SilverStripe Forums » Data Model Questions » ModelAdmin not encrypting passwords

Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1078 Views
  • thi3r
    Avatar
    Community Member
    22 Posts

    ModelAdmin not encrypting passwords Link to this post

    20 April 2010 at 11:09pm

    Hi,

    I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.

    But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
    However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.

    I have tried adding this in the onBeforeWrite of my member object:

    if ( $this->isChanged('Password') )
    {
          $encryptedPass = Security::encrypt_password($this->Password);
          $this->Password = $encryptedPass['password'];
          $this->PasswordEncryption = $encryptedPass['algorithm'];
          $this->Salt = $encryptedPass['salt'];
    }


    This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.

    If there some configuration option to set for ModelAdmin to encrypt password as a default?
    Any help much appreciated.

    (using SS 2.4 rc1)

    Thanks, Thierry

  • joern
    Avatar
    Community Member
    28 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    23 April 2010 at 9:38am

    same problem here. When you look in the code, you can see the unencrypted password also.

    <input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">

    sounds like a bug…

  • thi3r
    Avatar
    Community Member
    22 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    23 April 2010 at 8:39pm

    The only way I managed to get around it is by adding this in onBeforeWrite()

    $this->PasswordEncryption = "sha1_v2.4";

    The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
    It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...

  • congii
    Avatar
    Community Member
    6 Posts

    Re: ModelAdmin not encrypting passwords Link to this post

    5 February 2013 at 4:27pm

    Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.

    Any idea would be very much appreaciated.

    Thanks!

    1078 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.