Dealing with passwords

jupix

~~Hi all!
I cant find a good tutorial with dealing with passwords and editor.

I want to use MD5() for insert in the db. I dont know how to do this!
I already found out to use a set- or getformatter - but i dont know how to do this with md5().

I have the following code and it works fine... but if I insert the following code I get an error:

    ->on( 'preEdit', function ( $e, $id, $values ) {
        if ( $values['WEBUPusers.login_pwd'] === '' ) {
            $e->field( 'WEBUPusers.login_pwd' )->set( false );
        }
    } )

```
/ Build our Editor instance and process the data coming from _POST
Editor::inst( $db, 'WEBUPusers' )
->fields(
Field::inst( 'WEBUPusers.name' )
->validator( Validate::notEmpty( ValidateOptions::inst()
->message( 'A name is required' )
) ),
Field::inst( 'WEBUPusers.vorname' )
->validator( Validate::notEmpty( ValidateOptions::inst()
->message( 'A first name is required' )
) ),
Field::inst( 'WEBUPusers.abteilung' )
->options( Options::inst()
->table( 'WEBUPdepartments' )
->value( 'id' )
->label( 'caption' )
),
Field::inst( 'WEBUPdepartments.caption' ),
Field::inst( 'WEBUPusers.login_username' ),
Field::inst( 'WEBUPusers.login_pwd' ),
)
->leftJoin( 'WEBUPdepartments', 'WEBUPdepartments.id', '=', 'WEBUPusers.abteilung' )
->where( function ( $q ) use ( $cid ) {
$q->where( 'cid', $cid );
} )
->on( 'preEdit', function ( $e, $id, $values ) {
if ( $values['WEBUPusers.login_pwd'] === '' ) {
$e->field( 'WEBUPusers.login_pwd' )->set( false );
}
} )
->process( $_POST )
->json();

<?php > ``` Please help!~~ ?>

allan

Field::inst( 'WEBUPusers.login_pwd' )
    ->get( false ) // never read from the db
    ->setFormatter( function ( $val, $data ) {
         return md5( $val );
    } )

Should do it.

Btw, you might want to look into password_hash as a more secure way of storing passwords than an md5 hash.

Allan

jupix

Sorry... get an error:

"DataTables warning: table id=example - Requested unknown parameter 'WEBUPusers.login_pwd' for row 0, column 12. For more information about this error, please see http://datatables.net/tn/4"

        Field::inst( 'WEBUPusers.resturlaub_vorjahr' ),
        Field::inst( 'WEBUPusers.email' ),        
        Field::inst( 'WEBUPusers.login_username' ),        
        Field::inst( 'WEBUPusers.login_pwd' )
            ->get( false ) // never read from the db
            ->setFormatter( function ( $val, $data ) {
                 return md5( $val );
            } ),
        Field::inst( 'WEBUPusers.role' )        
    )

jupix

here my other source:

    {
                label: "Benutzername",
                name: "WEBUPusers.login_username"
            },
            {
                label: "Passwort",
                name: "WEBUPusers.login_pwd",
                type: "password"
            },            
            {
                label: "Rolle",
                name: "WEBUPusers.role",
                type: "select",
                options: [
                        "User",
                        "Manager",
                        "Administrator"
                ]
            }
        ]
    } );
 
    
    table = $('#example').DataTable( {
        dom: "Bfrtip",
        ajax: "./getUsersData.php",
        "columnDefs": [
            {
                "targets": [ 2 ],
                "visible": false,
                "searchable": false
            },
            {
                "targets": [ 7 ],
                "visible": false,
                "searchable": false
            },
            {
                "targets": [ 8 ],
                "visible": false,
                "searchable": false
            },
            {
                "targets": [ 9 ],
                "visible": false,
                "searchable": false
            },
            {
                "targets": [ 11 ],
                "visible": false,
                "searchable": false
            },           
            {
                "targets": [ 12 ],
                "visible": false,
                "searchable": false
            }
        ],
        columns: [
(...)
            { data: "WEBUPusers.login_username" },
         **   { data: "WEBUPusers.login_pwd" },**
            { data: "WEBUPusers.role" }
        ],
        select: true,        
        buttons: [
            { extend: "create", editor: editor },
            { extend: "edit",   editor: editor }/*, 
            { extend: "remove", editor: editor }*/
        ]

tangerine

The link provided in the error message is there for you to follow. It shows diagnostic steps to explain and resolve the problem.

jupix

Yeah! Thanks. But I dont find the error.

allan

{ data: "WEBUPusers.login_pwd" },

You don't actually want to display the MD5 hash in the table do you?! That would be a massive security issue (almost as much as using only MD5 ;-) ).

If you do want to display it then remove the ->get( false ) I suggested you add.

Allan

jupix

Allan! You did it!
Thanks for your great help!!!!!

I love your tool!

jupix

Argh!!!

It works well now.
I removed the line

{ data: "WEBUPusers.login_pwd" },

I have a blank password field now - great!`

But now, if I edit a existing user and DO NOT CHANGE the password, there is a "blank" md5-hash in the db :-/

I just tried to add you sample code:

    ->on( 'preEdit', function ( $e, $id, $values ) {
        if ( $values['WEBUPusers.login_pwd'] === '' ) {
            $e->field( 'WEBUPusers.login_pwd' )->set( false );
        }
    } )

But now I get an error:

Notice: Undefined index: WEBUPusers.login_pwd in ...

And in the values list I really can't find the key/value "WEBUPusers.login_pwd".

What should I do?

Thanks a lot!

jupix

Do you have any idea?

jupix

Need help please!! :-)

allan

$values['WEBUPusers.login_pwd']

Should be:

$values['WEBUPusers']['login_pwd']

Its a nested array.

Allan