Cake PHP Simple Password Hasher()

StackOverflow https://stackoverflow.com/questions/23462401

Question

I'm using the CakePHP SimplePasswordHasher to hash my customer password. Is it possible to retrieve the un hashed password in the edit view? At the moment my edit view shows the hashed password. I want it to show the original password because if the hashed password is shown in the edit and the user submits the form the hash hashes that hash value and the password changes. My code is as follows:

edit.ctp

  <div class="customers form">
<?php echo $this->Form->create('Customer'); ?>
    <fieldset>
        <legend><?php echo __('Edit Customer Details'); ?></legend>
    <?php
        echo $this->Form->input('id');
        echo $this->Form->input('customer_name', array('required'=>false));
        echo $this->Form->input('customer_address');
        echo $this->Form->input('customer_suburb');
        echo $this->Form->input('customer_state', array('options' => array('SA' => 'SA', 'VIC' => 'VIC','ACT' => 'ACT', 'NSW' => 'NSW', 'NT'=> 'NT', 'QLD'=>'QLD','TAS'=> 'TAS','WA'=>'WA','empty'=>'(choose one)')));
        echo $this->Form->input('customer_postcode', array('required'=>false));
        echo $this->Form->input('customer_dob',array('required'=>false,'id'=>'datepicker','type'=>'text'));
        echo $this->Form->input('customer_anniversary',array('required'=>false,'id'=>'datepicker2','type'=>'text'));
        echo $this->Form->input('customer_phone1', array('required'=>false));
        echo $this->Form->input('customer_phone2', array('required'=>false));
        echo $this->Form->input('customer_phone3', array('required'=>false));
        echo $this->Form->input('customer_fax', array('required'=>false));
        echo $this->Form->input('customer_email', array('required'=>false));
        echo $this->Form->input('customer_gender', array('required'=>false,'options' => array('M' => 'M', 'F' => 'F','empty'=>'(choose one)')));
        echo $this->Form->input('customer_type', array('required'=>false,'options' => array('Gold' => 'Gold', 'Silver' => 'Silver','Bronze'=> 'Bronze','empty'=>'(choose one)')));
        echo $this->Form->input('customer_username', array('required'=>false));
        echo $this->Form->input('customer_PW', array('required'=> false));
    echo $this->Form->input('companies_id', array('label' =>'Company Name','options'=>$companies, 'label'=>'Company Name','required'=>false));
        echo $this->Form->input('employees_id', array('label' =>'Employee name','options'=>$employees, 'label'=>'Employee name','required'=>false));

    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit')); ?>
</div>

customersController:

class CustomersController extends AppController {

//some code

public function edit($id = null) {
        if (!$this->Customer->exists($id)) {
            throw new NotFoundException(__('Invalid customer'));
        }
        if ($this->request->is(array('post', 'put'))) {
            if ($this->Customer->save($this->request->data)) {
                $this->Session->setFlash(__('The customer has been saved.'));
                return $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash(__('The customer could not be saved. Please, try again.'));
            }
        } else {
            $options = array('conditions' => array('Customer.' . $this->Customer->primaryKey => $id));
            $this->request->data = $this->Customer->find('first', $options);
        }
        //$companies = $this->Customer->Companies->find('list');
        $companies= $this->Customer->Companies->find('list',array('order'=>'company_name ASC','fields'=>array('id','company_name')));       
        $employees= $this->Customer->Employees->find('list',array('order'=>'employee_name ASC','fields'=>array('id','employee_name')));         
        $this->set(compact('companies'));
        $this->set(compact('employees'));
    }

//some code }

Can some one please help?

Was it helpful?

Solution 2

Do you really want the password to be on the form for the user to edit?

You might want to just clear the password fields so your users can edit and save the rest of profile without bothering with the password. If they post the form, and the password field has been filled out, you know that they have entered a new password which should be hashed and saved. If the password field is blank, then make sure you delete the password field from the array before you save the Model from the Controller.

If you use jquery, it is simple to make sure the password field is empty.

$(document).ready(function() {
    $('#CustomerPW').val('');
});

OTHER TIPS

SimplePassword Hasher uses the md5 encryption.

md5 is supposed to be a one way encryption. The reason you use it, is so only the user knows their password, but you can still validate the password. How you validate it is to create an md5 hash of the password supplied by the user, and compare that with the md5 hash of the password in the database.

The whole idea behind a one way encryption is to generate a hashed value that cannot be decrypted to reveal the original string.

That's the reason that when dealing with lost passwords administrators typically reset it to a new value.

I think you just have to empty the password field while editing in edit.ctp like

echo $this->Form->input('customer_PW', array('value'=> ''));
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top