Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming form_validation rule for password using match['passconf']
form_validation rule for password using match['passconf']
  • El Forum
    Guest
  •  
#1
03-14-2012, 04:41 PM

[eluser]cobolCowboy[/eluser]
Hello,

in setting up form validation rules, this works

Code:
$this->form_validation->set_rules('password','Password','trim|required|matches[passconf]');
$this->form_validation->set_rules('passconf','Password Confirmation', 'trim|required');

But not when both password and passconf are set to md5, as such.
Code:
$this->form_validation->set_rules('password','Password','trim|required|matches[passconf]|md5');
$this->form_validation->set_rules('passconf','Password Confirmation', 'trim|required|md5');

The match function only seems to work without the encryption rule.
Can someone tell me if this is a bug, or the intended behavior.
  • El Forum
    Guest
  •  
#2
03-15-2012, 06:04 AM

[eluser]InsiteFX[/eluser]
CodeIgniter Users Guide - Form Validation Callbacks
  • El Forum
    Guest
  •  
#3
03-15-2012, 07:39 AM

[eluser]cobolCowboy[/eluser]
And that very same link you posted also contains this

Quote:matches Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item]

So there is a validation rule that will check for a match between two form items.
But not when they are flagged for md5 encryption.

So again, is this normal?
encrypted or not, if I compare the same value twice, they should compare favorably.

It seems like a sequence of operations error in the way that the form validation class was coded.

But dare I make such a bold assumption. After all, I am only a summer student.
  • El Forum
    Guest
  •  
#4
03-15-2012, 09:21 AM

[eluser]CroNiX[/eluser]
Personally, I would just use the md5 (well, actually I wouldn't use md5, I'd use sha512) when you are inserting it into the database after validation passes and also then when checking the password when logging in. It's not necessary to do it in the validation and your app won't function any less securely if you don't do it in the validation.
  • El Forum
    Guest
  •  
#5
03-15-2012, 11:26 AM

[eluser]InsiteFX[/eluser]
Here is an sha512 method if you do not know how to do it!
Code:
// -----------------------------------------------------------------------

/**
  * hash_password()
  *
  * Hashes the users name, password with SHA-512 and the 32-bit encryption key.
  *
  * NOTE: Do not change the encryption Key once it is set or you will be
  *       Asking for trouble! Like not being able to login again!
  *
  * @access public
  * @param string - $user_name
  * @param string - $password
  * @retrun mixed - the 128 char encrypted password
  */
public function hash_password($user_name, $password)
{
  $salt = $this->_ci->config_item('encryption_key');

  return hash('SHA512', $user_name . $password . $salt);
}

NOTE: Your database password field needs to be varchar(128)
and make sure you use a 32-bit encryption key in config.php




Theme © iAndrew 2016 - Forum software by © MyBB