Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork CakePHP Only update password if field is filled in

Thread Rating:
  • 540 Vote(s) - 3.48 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Only update password if field is filled in

Offline baryon461832


Valued member
***
Valued member
Posts: 1
Threads: 1
Joined: Sep 2020
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-06-2023, 03:47 PM
My view:

<tr>
<td>Username</td>
<td><?php echo $this->Form->input('User.username', array('label' => '')); ?></td>
</tr>
<tr>
<td>Password</td>
<td><?php echo $this->Form->password('User.password', array('label' => '', 'value'=>'')); ?></td>
</tr>

My controller:

function edit($id = null) {

$this->User->id = $id;

$data = $this->data;
# print_r($data);

if (empty($data)) {
$this->data = $this->User->read();
} else {
if ($this->User->save($data)) {
$this->Session->setFlash('The user details have been updated.');
$this->redirect(array('action' => 'index'));
}
}

}

At the moment when I submit the form with a blank password the hash in the database still changes. How can I only update the password hash if a new password has been filled in.

Thanks.

EDIT: $data['User']['password'] is always a hash and never empty!
Reply

Offline roxinewgxqmxe


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Aug 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-06-2023, 04:12 PM
If the password field is empty unset it.

else {
if(empty($data['User']['password']))
{
unset($data['User']['password']);
}
if ($this->User->save($data)) {
$this->Session->setFlash('The user details have been updated.');
$this->redirect(array('action' => 'index'));
}
}
Reply

Offline exotropism571539


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Nov 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
08-06-2023, 04:42 PM
You can `unset` the variable from `$data`

function edit($id = null) {

$this->User->id = $id;

$data = $this->data;

if (empty($data)) {
$this->data = $this->User->read();
} else {
if($data['User']['password'] == ''){
unset($data['User']['password']);
}
if ($this->User->save($data)) {
$this->Session->setFlash('The user details have been updated.');
$this->redirect(array('action' => 'index'));
}
}
}
Reply

Offline shelbiviqwfj


Member
*
Member
Posts: 0
Threads: 0
Joined: May 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
08-06-2023, 05:07 PM
You could try updating only specific fields, based on an IF case:

if(empty($data['User']['password']))
{
$this->User->id = $user_i; // specify which User to update
//update only username
$this->User->save(array('User'=>array('User.username'=>$data['User']['username'])));
}
else{
//save as before
}
Reply

Offline highmuckamuck670


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
08-06-2023, 05:07 PM
you can use a behavior which handles it for you:

[To see links please register here]


you would then use the field "pwd" and set confirm to false (if you dont want the pwd_confirm field)
Reply

Offline whity410


Member
*
Member
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
08-06-2023, 05:07 PM
CakePHP 1.3 automatically hashes the `password` field. CakePHP 2.0 doesn't.

You have a few options (from worst to best, in my opinion):

1. Rename your field and swap it before saving

if ($data['User']['new_password'] != '') {
$data['User']['password'] = $this->Auth->password($data['User']['new_password']);
}

2. Hash the string in your equality check

if ($data['User']['password'] == $this->Auth->password('')) {
unset($data['User']['password']);
}

3. Change the hash function to one that doesn't hash empty passwords [see [book][1] for configuration]:

function hashPasswords($data) {
if (!empty($this->data['User']['password'])) {
$this->data['User']['password'] = $this->Auth->password($this->data['User']['password']);
}
return $data;
}

[1]:

[To see links please register here]

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through