问题
Because of the huge help from 3dgoo here Store Sensitive Data in Silverstripe I was able to create this Dataobject to store ClientPasswords -> http://www.sspaste.com/paste/show/5257a5ccdf990
The Problem is, after creating the fields with getCMSFields the de/and encryption doesn't work anymore and the password is stored as plaintext in the database :/
Can someone help me to fix it? Where is the bug?
回答1:
I can't spot a bug per se there as you have none, if you don't call an ideological one that.
You arent actually rewriting the password anywhere to the hashed version when you use the text field.
this relates to the actual field to the db element:
new TextField('Password', _t('Dict.PASSWORD', 'Password'))
So you aren't catching the write or read to feature the crypting or decrypting.
One way to make it work is to bound the textfield to a custom getter/setter that is not the db relation directly and then on get and set the actual db field.
The sample for that is:
1) add the field as this way
$fields->addFieldToTab("Root.Main", new TextField('CusotomgetterSetter', "Set the password")
2) create the setters to the class:
public function setCusotomgetterSetter($value){
if(!$this->Salt){
$this->Salt = uniqid(mt_rand());
}
$test = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->Salt), $value, MCRYPT_MODE_CBC, md5(md5($this->Salt))));
$this->Password = $test;
}
public function getCusotomgetterSetter(){
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->Salt), base64_decode($this->Password), MCRYPT_MODE_CBC, md5(md5($this->Salt))), "\0");
}
3) add new salt field to the db, remember to run /dev/build
static $db = array (
'Type' => 'Text',
'Username' => 'Text',
'Password' => 'Text',
'URL' => 'Text',
'Webadmin' => 'Text',
'Editable' => 'Text',
"Salt" => "Text"
);
I amended the get and set fields to use the salt created here. Not the one found in the member as there is a possibility that on that point we dont actually now the member relation so $this->Member() might be null.
A "working" sample http://www.sspaste.com/paste/show/5257f7743cf0b
来源:https://stackoverflow.com/questions/19312702/silverstripe-password-de-encrypting-doesnt-work