Below is my function to register a new user. In the function, you
will notice that I attempt to sha256 the password to store in the
database. Works great.
However, just before the data is saved, the password box gets the new
sha256-ed password. In other words, if there is an error saving, you
can actually SEE the sha256 password. Which would mean that a user
might not catch that and re-submit which would pass their password in
as the new sha256 password. Hope that makes sense.
I know which line is doing it. What I am asking is for a more elegant
way. How would you guys change this function?
Thanks!
function register()
{
if(empty($this->data))
{
$this->render();
}
else
{
$this->cleanUpFields();
if($this->User->findByUsername($this->data['User']['username']))
{
$this->Session->setFlash('ERROR: User
already exists.');
$this->redirect('/users/register');
}
else
{
// sha256 the pass
$salt = "SOMESALTVALUE";
$user = $this->data['User']['username'];
$pass = $this->data['User']['password'];
$this->data['User']['password'] =
hash('sha256',$salt.$user.
$pass);
if($this->User->save($this->data))
{
$this->Session->setFlash('Thank
you for registering!');
$this->redirect('/users/index');
}
else
{
$this->Session->setFlash('Please correct errors below.');
}
}
}
}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
