Dealing with passwords

Dealing with passwords

jupixjupix Posts: 15Questions: 4Answers: 0

~~Hi all!
I cant find a good tutorial with dealing with passwords and editor.

I want to use MD5() for insert in the db. I dont know how to do this!
I already found out to use a set- or getformatter - but i dont know how to do this with md5().

I have the following code and it works fine... but if I insert the following code I get an error:

    ->on( 'preEdit', function ( $e, $id, $values ) {
        if ( $values['WEBUPusers.login_pwd'] === '' ) {
            $e->field( 'WEBUPusers.login_pwd' )->set( false );
        }
    } )
/ Build our Editor instance and process the data coming from _POST
Editor::inst( $db, 'WEBUPusers' )    
    ->fields(
        Field::inst( 'WEBUPusers.name' )
            ->validator( Validate::notEmpty( ValidateOptions::inst()
                ->message( 'A name is required' ) 
            ) ),
        Field::inst( 'WEBUPusers.vorname' )
            ->validator( Validate::notEmpty( ValidateOptions::inst()
                ->message( 'A first name is required' ) 
            ) ),
        Field::inst( 'WEBUPusers.abteilung' )
           ->options( Options::inst()
                    ->table( 'WEBUPdepartments' )
                    ->value( 'id' )
                    ->label( 'caption' )
                ),
        Field::inst( 'WEBUPdepartments.caption' ),
        Field::inst( 'WEBUPusers.login_username' ),        
        Field::inst( 'WEBUPusers.login_pwd' ),        
    )
    ->leftJoin( 'WEBUPdepartments',     'WEBUPdepartments.id',  '=', 'WEBUPusers.abteilung' )
    ->where( function ( $q ) use ( $cid ) {
        $q->where( 'cid', $cid );
    } )    
    ->on( 'preEdit', function ( $e, $id, $values ) {
        if ( $values['WEBUPusers.login_pwd'] === '' ) {
            $e->field( 'WEBUPusers.login_pwd' )->set( false );
        }
    } )
    ->process( $_POST )
    ->json();
?>  

Please help!~~

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin
    Field::inst( 'WEBUPusers.login_pwd' )
        ->get( false ) // never read from the db
        ->setFormatter( function ( $val, $data ) {
             return md5( $val );
        } )
    

    Should do it.

    Btw, you might want to look into password_hash as a more secure way of storing passwords than an md5 hash.

    Allan

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Sorry... get an error:

    "DataTables warning: table id=example - Requested unknown parameter 'WEBUPusers.login_pwd' for row 0, column 12. For more information about this error, please see http://datatables.net/tn/4"

            Field::inst( 'WEBUPusers.resturlaub_vorjahr' ),
            Field::inst( 'WEBUPusers.email' ),        
            Field::inst( 'WEBUPusers.login_username' ),        
            Field::inst( 'WEBUPusers.login_pwd' )
                ->get( false ) // never read from the db
                ->setFormatter( function ( $val, $data ) {
                     return md5( $val );
                } ),
            Field::inst( 'WEBUPusers.role' )        
        )
    
  • jupixjupix Posts: 15Questions: 4Answers: 0

    here my other source:


    { label: "Benutzername", name: "WEBUPusers.login_username" }, { label: "Passwort", name: "WEBUPusers.login_pwd", type: "password" }, { label: "Rolle", name: "WEBUPusers.role", type: "select", options: [ "User", "Manager", "Administrator" ] } ] } ); table = $('#example').DataTable( { dom: "Bfrtip", ajax: "./getUsersData.php", "columnDefs": [ { "targets": [ 2 ], "visible": false, "searchable": false }, { "targets": [ 7 ], "visible": false, "searchable": false }, { "targets": [ 8 ], "visible": false, "searchable": false }, { "targets": [ 9 ], "visible": false, "searchable": false }, { "targets": [ 11 ], "visible": false, "searchable": false }, { "targets": [ 12 ], "visible": false, "searchable": false } ], columns: [ (...) { data: "WEBUPusers.login_username" }, ** { data: "WEBUPusers.login_pwd" },** { data: "WEBUPusers.role" } ], select: true, buttons: [ { extend: "create", editor: editor }, { extend: "edit", editor: editor }/*, { extend: "remove", editor: editor }*/ ]
  • tangerinetangerine Posts: 3,342Questions: 35Answers: 394

    The link provided in the error message is there for you to follow. It shows diagnostic steps to explain and resolve the problem.

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Yeah! Thanks. But I dont find the error.

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin
    Answer ✓

    { data: "WEBUPusers.login_pwd" },

    You don't actually want to display the MD5 hash in the table do you?! That would be a massive security issue (almost as much as using only MD5 ;-) ).

    If you do want to display it then remove the ->get( false ) I suggested you add.

    Allan

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Allan! You did it!
    Thanks for your great help!!!!!

    I love your tool!

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Argh!!!

    It works well now.
    I removed the line

    { data: "WEBUPusers.login_pwd" },
    

    I have a blank password field now - great!`

    But now, if I edit a existing user and DO NOT CHANGE the password, there is a "blank" md5-hash in the db :-/

    I just tried to add you sample code:

        ->on( 'preEdit', function ( $e, $id, $values ) {
            if ( $values['WEBUPusers.login_pwd'] === '' ) {
                $e->field( 'WEBUPusers.login_pwd' )->set( false );
            }
        } )
    

    But now I get an error:

    Notice: Undefined index: WEBUPusers.login_pwd in ...

    And in the values list I really can't find the key/value "WEBUPusers.login_pwd".

    What should I do?

    Thanks a lot!

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Do you have any idea?

  • jupixjupix Posts: 15Questions: 4Answers: 0

    Need help please!! :-)

  • allanallan Posts: 61,446Questions: 1Answers: 10,054 Site admin

    $values['WEBUPusers.login_pwd']

    Should be:

    $values['WEBUPusers']['login_pwd']
    

    Its a nested array.

    Allan

This discussion has been closed.