CakePHP AuthComponent hashing empty string causes notEmpty validation problem

Question

I have a notEmpty validation rule set to my password field. The problem is, the AuthComponent auto hashes the string. So if the password is empty it will turn into a hash before the validation so it will appear not empty when hashed, but the actual plain text password is empty.

The best solution I can think of is to make the AuthComponent not hash an empty string. Can anyone tell me how to do that? or a better solution?

Answer 1

An idea: you could reset the password in the beforeValidate callback method of your user model like:

public function beforeValidate() {
    App::import('Core', 'Security'); // not sure whether this is necessary
    if ($this->data['User']['password'] == Security::hash('', null, true)) {
        $this->data['User']['password'] = '';
    }
    return true;
}