When users register, I have this code to insert their data:
if ($this->User->save($this->params['data'], true, array('username',
'password')))
{
$this->saveField('type', 'Normal User');
}
I also have this beforeSave function in my User model to md5 the
passwords:
function beforeSave()
{
$this->data['User']['password'] = md5($this->data['User']
['password']);
}
The problem comes in when the saveField function is executed. When
saveField is executed, beforeSave runs, and results in $this-
>data['User']['password'] equaling to the md5 of an empty string.
saveField then proceeds to update my "type" field AND my "password"
field, because $this->data['User']['password'] now contains a value.
Of course, a quick solution would be to test if the password field is
empty or not:
function beforeSave()
{
if ($this->data['User']['password'])
{
$this->data['User']['password'] = md5($this->data['User']
['password']);
}
}
However, what if someone would to modify the form and post a password,
thereby filling up $this->data['User']['password'], and resulting in
saveField updating the password when it is not supposed to?
Granted, there can be additional security checks in place to prevent
the user from posting their own form and so on, but my point of
contention is this, that saveField should be saving only ONE field, as
it was designed to do so.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
