rip747 · November 16, 2010 16:53
diff --git a/cfwheels password handling in models b/cfwheels password handling in models
 <!--- 
 this is for wheels.1.1
 --->
 <cffunction name="init">
 	<cfset afterFind("passwordToBlank")>
 	<cfset beforeSave("passwordProtection")>
 	
 	<!--- 
 	only valid the password when creating a record or if the password isn't
 	blank. this allows you to not enter anything when updating a record
 	thus avoiding the validation from being triggered.
 	 --->
 	<cfset validatesLengthOf(property="password", minimum="10", message="Password is required.", if="IsNew() OR len(this.password)")>
 	<!--- we always want the confirmation to run --->
 	<cfset validatesConfirmationOf(property="password", message="Password must be confirmed.")>
 </cffunction>

 <cffunction name="passwordToBlank">
 	<!---
 	this will set the password property to an empty string
 	this is good for security and also so that you don't accidentially
 	expose the password in form fields.
 	
 	this also nescessary so that the validateLengthOf() validaton for
 	the password property doesn't trigger.
 	--->
 	<cfset this.password = "">
 </cffunction>

 <cffunction name="passwordProtection" access="private">
 	<!--- 
 	the method does two things:
 	
 	1) it will delete the password property if it is an empty
 	string, so that the password column doesn't get updated.
 	
 	for instance: this allows users to update their profile
 	without having to update their passwords.
 	
 	2) if the password property isn't empty, it will encrypt the
 	password automatically before saving it in the database.
 	
 	you can set the myapp.secretkey in your config/settings.cfm
 	like so:
 	
 	<cfset loc.myapp = {}>
 	<cfset loc.myapp.secretkey = "this is a secret key">
 	<cfset set(myapp=loc.myapp)>
 	 --->
 	<cfif not len(this.password)>
 		<cfset structdelete(this, "password")>
 	<cfelse>
 		<cfset this.password = hash("#get('myapp').secretkey##this.password#", "SHA")>
 	</cfif>
 </cffunction>
	<!---
	this is for wheels.1.1
	--->
	<cffunction name="init">
	<cfset afterFind("passwordToBlank")>
	<cfset beforeSave("passwordProtection")>

	<!---
	only valid the password when creating a record or if the password isn't
	blank. this allows you to not enter anything when updating a record
	thus avoiding the validation from being triggered.
	--->
	<cfset validatesLengthOf(property="password", minimum="10", message="Password is required.", if="IsNew() OR len(this.password)")>
	<!--- we always want the confirmation to run --->
	<cfset validatesConfirmationOf(property="password", message="Password must be confirmed.")>
	</cffunction>

	<cffunction name="passwordToBlank">
	<!---
	this will set the password property to an empty string
	this is good for security and also so that you don't accidentially
	expose the password in form fields.

	this also nescessary so that the validateLengthOf() validaton for
	the password property doesn't trigger.
	--->
	<cfset this.password = "">
	</cffunction>

	<cffunction name="passwordProtection" access="private">
	<!---
	the method does two things:

	1) it will delete the password property if it is an empty
	string, so that the password column doesn't get updated.

	for instance: this allows users to update their profile
	without having to update their passwords.

	2) if the password property isn't empty, it will encrypt the
	password automatically before saving it in the database.

	you can set the myapp.secretkey in your config/settings.cfm
	like so:

	<cfset loc.myapp = {}>
	<cfset loc.myapp.secretkey = "this is a secret key">
	<cfset set(myapp=loc.myapp)>
	--->
	<cfif not len(this.password)>
	<cfset structdelete(this, "password")>
	<cfelse>
	<cfset this.password = hash("#get('myapp').secretkey##this.password#", "SHA")>
	</cfif>
	</cffunction>