Where the passwd is hashed on reset?

  1. 6 years ago
    Edited 6 years ago by RIscRIpt

    I cannot understand where the password is hashed when it is reset by user.

    File ETUserController.class.php reset function:

    $model = ET::memberModel();
    $model->updateById($memberId, array(
    	"password" => $form->getValue("password"),
    	"resetPassword" => null
    ));

    Function updateById is in ETModel.class.php :

    public function updateById($id, $values)
    {
            return $this->update($values, array($this->primaryKey => $id));
    }

    update is in the same file above

    public function update($values, $wheres = array())
    {
            return ET::SQL()->update($this->table)
                    ->set($values)
                    ->where($wheres)
                    ->exec();
    }

    I wasn't able to find ETMemberModel overriding function updateById.
    Function ETSQLQuery::set does nothing if key name is password.
    As I understood ETForm::getValue returns the plain text password.

    So where is it hashed, before updating esotalk.et_members table?!

    Edit:
    I've just tried resetting password, and it does get hashed. But I still cannot find out where...
    I know that ETMemberModel::create uses ETMemberModel::hashPassword to hash password. The same hashing function is used in ETMemberModel::update.
    ETUserController::reset uses ETMemberModel::updateById, which I guess is not overridden, so ETModel::updateById is used instead.
    I must be mistaken somewhere, otherwise how the password is hashed when it is reset =/

    Oops, I didn't know that calling ETMemberModel::updateById, ETModel::updateById would call ETMemberModel::update.
    So the following code:

    <?php
    class CLS1 {
    	public function f1() { echo "C1::f1<br>";  }
    	public function f2() { echo "C1::f2 calls this->f1<br>"; $this->f1(); }
    }
    class CLS2 extends CLS1 {
    	public function f1() { echo "C2::f1<br>"; parent::f1(); }
    }
    
    $C1 = new CLS1;
    $C2 = new CLS2;
    
    $C2->f2();
    ?>

    output is

    C1::f2 calls this->f1
    C2::f1
    C1::f1
  2. Oops, I didn't know that calling ETMemberModel::updateById, ETModel::updateById would call ETMemberModel::update.
    So the following code:

    <?php
    class CLS1 {
    	public function f1() { echo "C1::f1<br>";  }
    	public function f2() { echo "C1::f2 calls this->f1<br>"; $this->f1(); }
    }
    class CLS2 extends CLS1 {
    	public function f1() { echo "C2::f1<br>"; parent::f1(); }
    }
    
    $C1 = new CLS1;
    $C2 = new CLS2;
    
    $C2->f2();
    ?>

    output is

    C1::f2 calls this->f1
    C2::f1
    C1::f1
  3. passwd hash could be obtained also in database.

  4. @pmache passwd hash could be obtained also in database.

    There wouldn't be a problem if finding the ready hash was the deal...

 

or Sign Up to reply!