Hi bujanga, Thanks for your complex password validation code, does it solve the problem for auto-fill password value if I used Auth ?
On Dec 22, 11:16 am, bujanga <[email protected]> wrote: > On Tue, Dec 21, 2010 at 2:57 PM, Ryan Schmidt > > <[email protected]> wrote: > > I should add that Security::hash() does not use the salt unless you tell it > > to, by passing true in the third parameter. The Auth component does pass > > true in the third parameter, so if you want to write code today that will > > store passwords in the database that will be compatible with the Auth > > component when you switch to it later, you should hash with: > > > Security::hash($this->data['User']['password'], null, true) > > Definitely follow Ryan's clue here else you will have more work later. > I think you might find just going straight to Auth will save you a lot > of extra work but if you insist... > > Why don't you just verify the passwords match before you hash it? > > As a bonus here is my complexity validation on password > > 'password' => array( > 'create' => array( > 'rule' => array('g_isComplex'), > 'required' => TRUE, > 'allowEmpty' => FALSE, > 'on' => 'create', > 'message' => 'Password must have at least 6 characters and > must > contain at least 1 upper case letter, 1 lower case letter and 1 > number' > ), > 'update' => array( > 'rule' => array('g_isComplex'), > 'required' => FALSE, > 'allowEmpty' => TRUE, > 'on' => 'update', > 'message' => 'Password must have at least 6 characters and > must > contain at least 1 upper case letter, 1 lower case letter and 1 > number' > ), > ), > > function g_isComplex($check){ > if ( !isset($this->data['User']['verify']) ) return FALSE; > if ( $this->passwordComplex($this->data['User']['verify']) ) > return TRUE; > return FALSE; > > } > > function passwordComplex($password=null){ > if ( $this->enforceComplex ){ > if > (preg_match('/\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z/', > $password)){ > return TRUE; > }else{ > return FALSE; > } > }else{ > if ( preg_match('/^[a-zA-Z0-9_]{3,40}$/i', $password) ){ > return TRUE; > }else{ > return FALSE; > } > } > > } > > Where $this->enforceComplex is a configuration setting and > this->data['User']['verify'] is the plaintext verifying password. > Sorry not really a pro on regex, so I'm sure it could be more concise. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
