开发者

Checking password length problem for registration in CakePHP

I'm trying to write a base user registration page and my problem is on checking password length string. I've read of various problem and solutions on that but I still in troubles.

This is what I've wrote:

class UsersController extends AppController {

    function register () {
        if (!empty ($this->data)) {
            if ($this->data['User']['password'] == $this->Auth->password($this->data['User']['password_confirm'])) {
                if ($this->User->save($this->data)) {
                    $this->Session->setFlash('All ok');
                    $this->redirect(array('action', 'login'));
                }
            } else {
                $this->Session->setFlash('Password mismatch');
                $this->redirect(array('action', 'register'));
            }
        }
    }
}

Then the user model:

var $validate = array (
    'username' => array (
        'alphaNumeric' => array(
            'rule' => 'alphaNumeric',
            'required' => true,
            'message' => 'Alphanumeric chars only'
        ),
        'between' => array(
      开发者_Go百科      'rule' => array('between', 1, 24),
            'message' => 'Username between 1 and 24 chars'
        )
    ),
    'password' => array (
        'between' => array(
            'rule' => array('between', 7, 25),
            'message' => 'Password between 8 and 24 chars'
        )
    )
);

File register.ctp

<?php
echo $this->Form->create('User');
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->input('password_confirm', array('type' => 'password'));
echo $this->Form->end('Register account');
?>

The password and password_confirm checking works perfect, if I write different passwords I get the error, if the password are equal, I get a password length error, where I'm wrong?

log:

2011-03-29 23:20:41 Error: Array
(
    [User] => Array
    (
        [username] => tonino
        [password] => ae4f47749b697085b2f7322383fa7b14c79e06f6
        [password_confirm] => passwordtest
    )

)

I've forgot to say my password is SHA1 hashed, so how I can check if an user write a too long password?


Passwords are hashed automatically by the AuthComponent. All the validation you're doing is done on the password "ae4f47749b697085b2f7322383fa7b14c79e06f6", not "passwordtest", which is why it fails validation. You need to do the validation on the password_confirm field, not the password field.

See here for an example of a somewhat transparent solution.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜