Ver Mensaje Individual
  #3 (permalink)  
Antiguo 01/12/2014, 17:24
moginn
(Desactivado)
 
Fecha de Ingreso: enero-2013
Mensajes: 289
Antigüedad: 12 años
Puntos: 10
Respuesta: Modificar action create en YII framework

Cita:
Iniciado por anacona16 Ver Mensaje
Hay varias maneras, la mas facil y como lo estas haciendo, que no te la recomiendo (deja que algo haga eso por ti), es, despues de la linea que tienes, y antes del $model->save(); pon esto:

Código PHP:
Ver original
  1. $model->campoPassword = md5($model->campoPassword);
  2. // O
  3. $model->campoPassword = md5($_POST['Cities']['campoPassword']);

Otras opciones:

1. Con el lanzamiento de la version 1.1.14 de Yii, se agrego un password helper:

http://www.yiiframework.com/news/75/...4-is-released/

2. Si quieres una gestion de usuarios mas completa, te recomiendo Cruge:

http://yiiframeworkenespanol.org/wik...hp?title=Cruge
estoy de acuerdo contigo excepto con lo de usar md5. Existen alternativas mejores, por ejemplo Blowfish. Yiiframework usa la clase CPasswordHelper para implementar Blowfish. Según la documentación de Yii framework:

CPasswordHelper provides a simple API for secure password hashing and verification.
CPasswordHelper uses the Blowfish hash algorithm available in many PHP runtime
environments through the PHP {@link http://php.net/manual/en/function.crypt.php crypt()}
built-in function. As of Dec 2012 it is the strongest algorithm available in PHP
and the only algorithm without some security concerns surrounding it. For this reason,
CPasswordHelper fails to initialize when run in and environment that does not have
crypt() and its Blowfish option. Systems with the option include:
(1) Most *nix systems since PHP 4 (the algorithm is part of the library function crypt(3));
(2) All PHP systems since 5.3.0; (3) All PHP systems with the
{@link http://www.hardened-php.net/suhosin/ Suhosin patch}.
For more information about password hashing, crypt() and Blowfish, please read
the Yii Wiki article
{@link http://www.yiiframework.com/wiki/425...sword-storage/ Use crypt() for password storage}.
and the
PHP RFC {@link http://wiki.php.net/rfc/password_hash Adding simple password hashing API}.

CPasswordHelper throws an exception if the Blowfish hash algorithm is not
available in the runtime PHP's crypt() function. It can be used as follows

Generate a hash from a password:

$hash = CPasswordHelper::hashPassword($password);

This hash can be stored in a database (e.g. CHAR(64) CHARACTER SET latin1). The
hash is usually generated and saved to the database when the user enters a new password.
But it can also be useful to generate and save a hash after validating a user's
password in order to change the cost or refresh the salt.

To verify a password, fetch the user's saved hash from the database (into $hash) and:

if (CPasswordHelper::verifyPassword($password, $hash))
// password is good
else
// password is bad

Última edición por moginn; 07/12/2014 a las 18:24