I am calling save() on a database item after assigning a value to $item->password. The problem is that it updates the database field weirdly. A string other than what I am assigning is saved. Check the code:
if ($password == $passwordConfirm && $password != NULL) {
//Save the password in db
$settings = Engine_Api::_()->getApi('settings', 'core');
$staticSalt = $settings->getSetting('core.secret', 'staticSalt');
$user = Engine_Api::_()->getItemTable('user')->fetchRow(['phone_number=?' => $this->session->phone, 'account_recovery=?' => $this->session->recoveryCode]);
$userSalt = $user->salt;
$dbPassword = md5($staticSalt . $password . $userSalt);
$user->password = $dbPassword;
$user->save();
$this->view->form->addNotice(Zend_Registry::get('Zend_Translate')->_('Password updated'));
echo $this->session->recoveryCode . ', ' . $staticSalt . ' . ' . $password . ' . ' . $userSalt . ' dbpassword: ' . $dbPassword . ', ' . $user->password;
}
Output of echo:
41d53c78ace54bef39a4d22749447a8f, 06eebbd766133fda10c526e9fad2da6c84df0597 . [email protected] . 4826122 dbpassword: c2cec82096e9b89a22961cf5f70be639, 06af9074fbd95452c2a01603ec54cb58
You see that the calculated password, which I assume is correct, is different than the password that is saved in the database. Is there any special consideration I need to keep in mind before calling save() like casting the value or something?
I just found out that I don't need to call save() for the database table to be updated. In fact, calling save() after assigning a value to a column saves a weird value. I tried commenting out save and then reading the value. This time, the password column is correctly updated with the calculated password. But, again, my problem is that the password cannot be used to login. For example, if the user password that I use to calculate the database password is abcdabcd, I cannot log in to the account with that password. I might be missing something on how user authentication is done in SocialEngine.