Perhaps I am just having a blonde moment, but I seem to be having difficulties with ACL and passwords.
I followed the example at http://book.cakephp.org/view/641/Simple-Acl-controlled-Application and then once I was confident of what I was doing implemented it into my current project. It has all worked fine, AROS/ACOS all generated, logging in and out fine, permissions working.... however there is a problem. The edit form for users pulls in the password by default and I wanted to leave it blank so that the user can update extra info on themselves without having to change their password, so I passed in empty string as the value in the input. When the post occurs $this->data contains an sha1 encrypted string.... it seems that auth or acl is taking empty string, adding the salt and then encrypting....... before validation!!! I decided to just check the value for $_POST['data']['User'] ['password'] and if that is blank then unset $this->data['User'] ['password']...... problem solved..... in a not so nice way. However another issue has now raised its ugly head. My validation rules are now meaningless. I have a minimum length validation rule on the password field to ensure that passwords are 8 characters or more. This rule is now always met because the string is sha1 encrypted before validation and is therefore always 40 characters long..... The only solution I can think of, for now, is controller based validation on the raw post data..... which isn't very clean. If anyone has a better idea please let me know. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
