Skip to content
Browse files

Improved 'Hashing passwords' example.

The previous example checked if an id was set in the model, and therefore may save passwords in plaintext if an id was set and a password field was submitted with form data. My change simply checks if there's a password field from the form data and hashes it.
  • Loading branch information...
1 parent e908b04 commit bd1f6e1daff3f915af3e8aa7b6a223b6b58a51e5 @ojtibi ojtibi committed Mar 10, 2014
Showing with 1 addition and 1 deletion.
  1. +1 −1 en/core-libraries/components/authentication.rst
View
2 en/core-libraries/components/authentication.rst
@@ -373,7 +373,7 @@ callback of your model using appropriate password hasher class::
class User extends AppModel {
public function beforeSave($options = array()) {
- if (!$this->id) {
+ if (!empty($this->data['User']['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data['User']['password'] = $passwordHasher->hash(
$this->data['User']['password']

0 comments on commit bd1f6e1

Please sign in to comment.
Something went wrong with that request. Please try again.