0

I have created a form with a password field for signing up at a website.

new Zend_Form_Element_Password('password', array(
    'required' => true,
    'label' => $this->getView()->translate('createprofile_password'),
    'filters' => array('StringTrim'),
    'validators' => array(
        new Zend_Validate_StringLength(array('min' => 6, 'max' => 20, 'encoding' => 'utf-8')),
    ),
    'class' => "validate['required','length[6,20]']",
)),

How do I save it to the database? I have tried something like this, but that doesn't work. The password is not encrypted.

$profile = new Profile();
$entry = $profile->createEntry(array(
    'firstname' => $requestPost['firstname'],
    'lastname' => $requestPost['lastname'],
    'email' => $requestPost['email'],
    'password' => $requestPost['password'],
    'published' => 1,
));
$profileId = $entry->save();
Improve this question
3
  • For it to be encrypted you need to... encrypt it. Or hash it. Commented Mar 29, 2012 at 12:48
  • If you are serious about implementing this on a (soon to be?) live system/website, I would definitly recommend encrypting your passwords. If this is just to learn it can wait Commented Mar 29, 2012 at 12:49
  • 1
    Without knowing how Profile is storing information to the database this question can't be answered. Please show us the implementations for Prifile::createEntry and Profile::save Commented Mar 29, 2012 at 13:02

1 Answer 1

Reset to default
1

this is a simple as:

$profile = new Profile();
$entry = $profile->createEntry(array(
    'firstname' => $requestPost['firstname'],
    'lastname' => $requestPost['lastname'],
    'email' => $requestPost['email'],
     //hash password using sha1 and a salt (returns 40 character string) . 
     //Save the salt reference somewhere so you can rebuilt the string to compare hashes for authentication.
     //a salt is arbitrary data prepended or appended to the data being hashed
    'password' => sha1($salt . $requestPost['password']),
    'published' => 1,
));
$profileId = $entry->save();

to authenticate the password later rebuild and hash the string:

//both hashes should match exactly
if (sha1($salt . $inputPassword) === $password)//$password form data store

a hash is often used for passwords because it's easier on resources and no one, other then the person who made the password, can know it. There is no reasonable way to undo a salted hash. All you will know is if the hashed password+salt entered is the same as the hashed password+salt that was saved.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.