Hashing password when adding new user

为君一笑 提交于 2019-12-23 02:18:23


CakePHP 2.4

While adding a new user I must hash passwords before storing it in the Database. To do so I did:

public $helpers = array('Html', 'Form');
public $components = array(
    'Auth' => array(
    'loginRedirect' => array('controller' => 'users', 'action' => 'home', 'home'),
    'logoutRedirect' => array('controller' => 'users', 'action' => 'logout')
public function add(){

public function beforeSave(){
        $this->data[$this->alias]['password'] = md5($this->data[$this->alias]['password']);
    return true;

echo $this->Form->create();
echo $this->Form->input('text', array('label'=>'Username', 'name'=>'username'));
echo $this->Form->input('text', array('label'=>'Full name', 'name'=>'fullname'));
echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));
echo $this->Form->input('text', array('label'=>'Password hint', 'name'=>'pass_hint'));
echo $this->Form->input('text', array('label'=>'Email', 'name'=>'email'));
echo $this->Form->input('text', array('label'=>'Contact', 'name'=>'cell'));
echo $this->Form->end('Create account');

But the thing is passwords are being stored without being hashed!

Thanks in advance...

Update: Changed view code to

echo $this->Form->create('User');
echo $this->Form->input('username', array('label'=>'Username'));
echo $this->Form->input('fullname', array('label'=>'Full name'));
echo $this->Form->input('pwd', array('label'=>'Password', 'type'=>'password'));
echo $this->Form->input('pass_hint', array('label'=>'Password hint'));
echo $this->Form->input('email', array('label'=>'Email'));
echo $this->Form->input('cell', array('label'=>'Contact'));
echo $this->Form->end('Create account');


I don't know why but I just baked a project with user table and found that CakePHP 2.4 is naming the model as User rather than UserModel. So, I renamed mine from UserModel to User and magically is worked for me :)


you are changing the default behavior by setting the name attributes in your input type,

Remove the name attributes then it'll work,

In your user model beforesave function you are checking for


which is no longer exist since you are setting password like this

echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));

change it to

echo $this->Form->input('User.password', array('label'=>'Password'));


and also Update the form like this then it'll work perfectly.

echo $this->Form->create('User');
echo $this->Form->input('username', array('label'=>'Username'));
echo $this->Form->input('fullname', array('label'=>'Full name'));
echo $this->Form->input('password', array('label'=>'Password', 'name'=>'password'));
echo $this->Form->input('pass_hint', array('label'=>'Password hint'));
echo $this->Form->input('email', array('label'=>'Email'));
echo $this->Form->input('cell', array('label'=>'Contact'));
echo $this->Form->end('Create account');


You forgot a vital part of add actions:

public function add(){
    if ($this->request->is('post')){
        $this->User->create(); // important!
        if ($this->User->save($this->request->data)){

It might work in your case (sometimes), but can easily break, once you do sth in your beforeFilter() callbacks etc

