Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Improved 'Hashing passwords' example.

The previous example checked if an id was set in the model, and therefore may save passwords in plaintext if an id was set and a password field was submitted with form data. My change simply checks if there's a password field from the form data and hashes it.
  • Loading branch information...
commit bd1f6e1daff3f915af3e8aa7b6a223b6b58a51e5 1 parent e908b04
@ojtibi ojtibi authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  en/core-libraries/components/authentication.rst
View
2  en/core-libraries/components/authentication.rst
@@ -373,7 +373,7 @@ callback of your model using appropriate password hasher class::
class User extends AppModel {
public function beforeSave($options = array()) {
- if (!$this->id) {
+ if (!empty($this->data['User']['password'])) {
$passwordHasher = new SimplePasswordHasher();
$this->data['User']['password'] = $passwordHasher->hash(
$this->data['User']['password']
Please sign in to comment.
Something went wrong with that request. Please try again.