Reputation: 507
password decode in controller
I use it to encode my password:
$entity->setSalt(md5(time()));
$encoder = new MessageDigestPasswordEncoder('sha1');
$password = $encoder->encodePassword($editForm->get('password')->getData(), $entity->getSalt());
$entity->setPassword($password);
But how could relizar step opposite? that is, how could I get the unencrypted password? if i use this
$entity->getPassword()
shows me this:
xOGjEeMdi4nwanOustbbJlDkug8=
Thank you very much for the reply. I am trying to create a form where users enter the old password and verify that it is true. in the form I have this:
->add('antigua', 'password', array('property_path' => false))
->add('password', 'repeated', array('first_name' => 'Nueva contraseña','second_name' => 'Repite contraseña','type' => 'password'));
and when I go to edit a user in the crud I have this: in update action :
public function updateAction($id)
{
$em = $this->getDoctrine()->getEntityManager();
$entity = $em->getRepository('miomioBundle:Empleado')->find($id);
if (!$entity) {
throw $this->createNotFoundException('Unable to find Empleado entity.');
}
$editForm = $this->createForm(new EmpleadoType(), $entity);
$deleteForm = $this->createDeleteForm($id);
$request = $this->getRequest();
**$entity->getPassword() is blank why?**
$editForm->bindRequest($request);
if ($editForm->isValid()){
$em->persist($entity);
$em->flush();
}
return $this->redirect($this->generateUrl('empleado_edit', array('id' => $id)));
return array(
'entity' => $entity,
'edit_form' => $editForm->createView(),
'delete_form' => $deleteForm->createView(),
);
}
the problem is I can not get the encoded password is blank. (in db is correct) thanks
Upvotes: 5
Views: 15583
Answers (2)
Reputation: 433
You should encrypt the same way the old password was, the password entered by user. The result encrypted password should be the same.
$encoder = new MessageDigestPasswordEncoder('sha1');
$password = $encoder->encodePassword($editForm->get('antigua')->getData(), $entity->getSalt());
Now you can compare the old encrypted password with the new user entered one...
Upvotes: 4
Reputation: 8645
There is no possibility to decrypt password encoded in sha1 or md5, these crypt methods were created to be impossible to be decrypt !
Custom encoder:
The only way is to create your own custom encoder using a homemade method to encrypt (and so to decrypt) your passwords, here an example: http://blogsh.de/2011/09/29/create-a-custom-password-encoder-for-symfony/
You are not forced to use the $salt inside encodePassword(), and you can replace for example each letter by a specific number so that you can retrieve the password by doing the opposite, you can also cut the salt and add part inside the password, etc...
Plaintext, not recommended:
Or less recommended, not encrypt your passwords and let them plaintext:
# app/config/security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Upvotes: 2
Related Questions
- How to encode a password in Symfony 5?
- custom password encoder symfony 5
- How to encode the password for an arbitrary entity in Symfony?
- Get a UserPasswordEncoder Instance in Symfony 4
- Password encoding symfony 3
- Symfony2 How to use encode password (not for security)
- The best way to encode user password in Symfony 3?
- How to Encode and Decode password in symfony2
- How to encode password?
- Symfony2 Form Encode Password on Submit