MD5 encrypted password cannot be saved

MD5 encrypted password cannot be saved

lancwplancwp Posts: 85Questions: 18Answers: 1
    ->fields(

                Field::inst( 'id' )->set(false)  //ID是自新增的,加上set(false才能新增后自动刷新)
                    ->validator( Validate::notEmpty( ValidateOptions::inst()
                        ->message( 'id is required' )   
                    ) ),
                Field::inst( 'UserName' )
                    ->validator( Validate::notEmpty( ValidateOptions::inst()
                        ->message( '用户名不能为空' )  
                    ) )         
                ->validator( Validate::unique( ValidateOptions::inst()
                        ->message( '用户名重复' )                    
                    ) ),        
                 Field::inst( 'PassWord' ),                                 

                Field::inst( 'removed_date' )
                    ->setFormatter( Format::ifEmpty( null ) )
            )

            ->on( 'preCreate', function ( $editor, &$values ) {
                $editor 
                    ->field('PassWord')
                    ->setValue(md5($values['PassWord']));

            } )


             ->on( 'preEdit', function ( $editor, $id, &$values ) {       
            if ($values["PassWord"]==="")
               {
               $editor->field('PassWord')->set(false);         
               }     

            } )


    ->where( 'removed_date', null )     
->on( 'preRemove', function () {
        // Disallow all delete actions since data cannot be removed completely
        return false;
    } )

    ->debug(true)
    ->process( $_POST )
    ->json();

I pre submit the MD5 password field according to the example. If the password is not modified, it can not be saved to the database.It's ok, However, If I modify the password, it cannot be MD5 encrypted when saving, and the saved value is still unencrypted, How does this need to be modified? Thaks

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 61,438Questions: 1Answers: 10,052 Site admin
    edited August 2021

    It looks like you probably need to add ->get(false) to your PassWord field, since you wouldn't want to read the hashes into your DataTable. You should also use Field->setValue() in an else statement for your preEdit so if a value is submitted then it will get hashed.

    As a slight aside, md5 is a hashing algorithm, not encryption. It is not sure as md5 hashes can be easily brute forced on modern hardware. I would very strongly suggest you use PHP's password_hash() function rather than md5(). md5 is not safe for password storage.

    Allan

  • lancwplancwp Posts: 85Questions: 18Answers: 1
     ->on( 'preEdit', function ( $editor, $id, &$values ) {       
        if ($values["PassWord"]==="")
           {
           $editor->field('PassWord')->set(false);         
           }    
         else
         {
        $editor 
                ->field('PassWord')
                ->setValue(md5($values['PassWord']));    
         }
    

    As above, however, it will cause the value of MD5 to be repeated by MD5

  • allanallan Posts: 61,438Questions: 1Answers: 10,052 Site admin
    Answer ✓

    Did you add ->get(false) as well so the hash is not read? Otherwise, as you say, the hash would then be hashed again!

    Allan

  • lancwplancwp Posts: 85Questions: 18Answers: 1
     Field::inst('PassWord')     
           ->get(false),
    

    After I add it now, it works ,Now it's OK, thank allan,

Sign In or Register to comment.