5

I use it to encode my password:

 $entity->setSalt(md5(time()));
 $encoder = new MessageDigestPasswordEncoder('sha1');
 $password = $encoder->encodePassword($editForm->get('password')->getData(), $entity->getSalt());
 $entity->setPassword($password);

But how could relizar step opposite? that is, how could I get the unencrypted password? if i use this

$entity->getPassword()

shows me this:

xOGjEeMdi4nwanOustbbJlDkug8=

Thank you very much for the reply. I am trying to create a form where users enter the old password and verify that it is true. in the form I have this:

            ->add('antigua', 'password', array('property_path' => false))
        ->add('password', 'repeated', array('first_name' => 'Nueva contraseña','second_name' => 'Repite contraseña','type' => 'password'));

and when I go to edit a user in the crud I have this: in update action :

public function updateAction($id)
    {
        $em = $this->getDoctrine()->getEntityManager();

        $entity = $em->getRepository('miomioBundle:Empleado')->find($id);

        if (!$entity) {
            throw $this->createNotFoundException('Unable to find Empleado entity.');
        }

        $editForm   = $this->createForm(new EmpleadoType(), $entity);
        $deleteForm = $this->createDeleteForm($id);

        $request = $this->getRequest();
        **$entity->getPassword() is blank why?**
        $editForm->bindRequest($request);

        if ($editForm->isValid()){
            $em->persist($entity);
            $em->flush();
        }
            return $this->redirect($this->generateUrl('empleado_edit', array('id' => $id)));

        return array(
            'entity'      => $entity,
            'edit_form'   => $editForm->createView(),
            'delete_form' => $deleteForm->createView(),
        );
    }

the problem is I can not get the encoded password is blank. (in db is correct) thanks

Improve this question
1
  • SHA1 is a one-way hash. You can calculate the 40 byte hash of a 3GB movie and there's obviously no way to get the original movie back. Now, for most usages you don't need the original password at all—you only need to verify whether the user knows it! Commented Dec 28, 2015 at 12:53

2 Answers 2

Reset to default
4

You should encrypt the same way the old password was, the password entered by user. The result encrypted password should be the same.

$encoder = new MessageDigestPasswordEncoder('sha1');
$password = $encoder->encodePassword($editForm->get('antigua')->getData(), $entity->getSalt());

Now you can compare the old encrypted password with the new user entered one...

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

There is no possibility to decrypt password encoded in sha1 or md5, these crypt methods were created to be impossible to be decrypt !

Custom encoder:

The only way is to create your own custom encoder using a homemade method to encrypt (and so to decrypt) your passwords, here an example: http://blogsh.de/2011/09/29/create-a-custom-password-encoder-for-symfony/

You are not forced to use the $salt inside encodePassword(), and you can replace for example each letter by a specific number so that you can retrieve the password by doing the opposite, you can also cut the salt and add part inside the password, etc...

Plaintext, not recommended:

Or less recommended, not encrypt your passwords and let them plaintext:

# app/config/security.yml
security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.