Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Data Model Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

ModelAdmin not encrypting passwords


Go to End


4 Posts   2170 Views

Avatar
colymba

Community Member, 26 Posts

20 April 2010 at 11:09pm

Hi,

I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.

But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.

I have tried adding this in the onBeforeWrite of my member object:

if ( $this->isChanged('Password') )
{
		$encryptedPass = Security::encrypt_password($this->Password);
		$this->Password = $encryptedPass['password'];
		$this->PasswordEncryption = $encryptedPass['algorithm'];
		$this->Salt = $encryptedPass['salt'];
}

This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.

If there some configuration option to set for ModelAdmin to encrypt password as a default?
Any help much appreciated.

(using SS 2.4 rc1)

Thanks, Thierry

Avatar
joern

Community Member, 28 Posts

23 April 2010 at 9:38am

same problem here. When you look in the code, you can see the unencrypted password also.

<input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">

sounds like a bug…

Avatar
colymba

Community Member, 26 Posts

23 April 2010 at 8:39pm

The only way I managed to get around it is by adding this in onBeforeWrite()

$this->PasswordEncryption = "sha1_v2.4";

The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...

Avatar
congii

Community Member, 6 Posts

5 February 2013 at 4:27pm


Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.

Any idea would be very much appreaciated.

Thanks!