Yii-Confirm password field in the model

When I add or modify user records, I encountered some trouble in handling and confirming the password. I would like to share with you how I handled it.

When I add or modify user records, I encountered some trouble in handling and confirming the password. I would like to share with you how I handled it.

The scenario is the basic ones used (the system comes with it). you need to have a data table (user) and a password field (password) in the table ), it uses sha1, md5, or other encryption methods to encrypt user passwords.

Is its workflow: When creating a user, the password needs to be encrypted and saved, however, if we use the same scenario when modifying user records, we will eventually re-encrypt the user's encrypted password, which is not what we want. When we want to modify it, first clear the password in the model object, save it to a temporary variable, and then check whether the password is submitted in the form, if the password is submitted, it means that the user's password needs to be modified. we need to encrypt the password (now it is plain text not encrypted). If the password is not submitted, it means we do not need to modify it, we will save the value of the temporary variable to the database.

Now let's take a look at the code, model:

 'resetPassword, insert'), array('password, repeat_password', 'length', 'min'=>6, 'max'=>40), array('password', 'compare', 'compareAttribute'=>'repeat_password'), ); } public function beforeSave() { // in this case, we will use the old hashed password. if(empty($this->password) && empty($this->repeat_password) && !empty($this->initialPassword)) $this->password=$this->repeat_password=$this->initialPassword; return parent::beforeSave(); } public function afterFind() { //reset the password to null because we don't want the hash to be shown. $this->initialPassword = $this->password; $this->password = null; parent::afterFind(); } public function saveModel($data=array()) { //because the hashes needs to match if(!empty($data['password']) && !empty($data['repeat_password'])) { $data['password'] = Yii::app()->user->hashPassword($data['password']); $data['repeat_password'] = Yii::app()->user->hashPassword($data['repeat_password']); } $this->attributes=$data; if(!$this->save()) return CHtml::errorSummary($this); return true; } }

When adding a user, we use the "insert" scenario. the password is required at this time. When we modify it, we use the "update" scenario. the password is optional at this time. the password field can be blank during submission and verification will not fail. We can recover the encrypted password from the temporary variable.

In the following example, how is the controller implemented:

public function actionCreate() { $user=new User('insert'); $this->saveModel($user); $this->setViewData(compact('user')); $this->render('create', $this->getViewData()); } public function actionUpdate($id) { $user=$this->loadModel($id); $user->scenario='update'; $this->saveModel($user); $this->setViewData(compact('user')); $this->render('update', $this->getViewData()); } protected function saveModel(User $user) { if(isset($_POST['User'])) { $this->performAjaxValidation($user); $msg = $user->saveModel($_POST['User']); //check $msg here } }

The following figure shows the form code:

     
  labelEx($user,'password'); ?> 
  
 
        
   passwordField($user,'password',array('maxlength'=>40)); ?> 
   passwordField($user,'repeat_password',array('maxlength'=>40)); ?> 
  
 
    
  error($user,'password'); ?> 
 

I hope this will help you.