3062 Posts in 864 Topics by 646 members
|Go to End|
20 April 2010 at 11:09pm
I am building a website with member area and management. With a ModelAdmin for the member object (extending Member) and a registration form on the front end. All the creation and manipulation of the data works fine on both ends.
But just recently I have noticed that when creating a new member through ModelAdmin, the password is not encrypted.
However, encryption is made when registering through the front end form, or changing an already encrypted password through ModelAdmin.
I have tried adding this in the onBeforeWrite of my member object:
if ( $this->isChanged('Password') )
$encryptedPass = Security::encrypt_password($this->Password);
$this->Password = $encryptedPass['password'];
$this->PasswordEncryption = $encryptedPass['algorithm'];
$this->Salt = $encryptedPass['salt'];
This does encrypt the password, but probably in a wrong way or something, because there is no way to login anymore with that password.
If there some configuration option to set for ModelAdmin to encrypt password as a default?
Any help much appreciated.
(using SS 2.4 rc1)
23 April 2010 at 9:38am
same problem here. When you look in the code, you can see the unencrypted password also.
<input type="password" value="123456" name="Password[_Password]" id="Password-_Password" class="text">
sounds like a bugâ€¦
23 April 2010 at 8:39pm
The only way I managed to get around it is by adding this in onBeforeWrite()
$this->PasswordEncryption = "sha1_v2.4";
The code I previously posted would not work as the DataObject is "written" 3 times to save it, probably causing my previous code to encrypt the password multiple times.
It also seem that on each of those 3 write events, the PasswordEncryption property gets reset to null...
5 February 2013 at 4:27pm
Hi, anyone figure this out yet? on SS 3.0.3 I have a front-end registration form and it seems the password saved using the form is different than the one saved on the database. Thus when a member register, he/she can't login. I have to manually change the password on the CMS.
Any idea would be very much appreaciated.
|Go to Top|