2015-10-17 17:15



I have a MySQL database and User table. I store different types of users with different roles in User table.

I am using CakePHP framework. In my core.php file, I have added SALT and HASH code for storing the encrypted password in DB. Now everything is good here so far. And CakePHP will make sure to stored encrypted password in DB.

Consider this scenario: I am trying to register the Webmaster/WebAdmin user. I will not be able to provide the Register User link for WebMaster. Only from back-end I should be able to add the WebAdmin/Webmaster user.

So I need to be able to create the Admin user and store his password using the SQL statement and utilizing the same HASH and SALT used by CakePHP to authorize/authenticate the WebAdmin user from front-end page.

I am not very familiar with how to write this type of SQL statement for MySQL DB to accomplish this task. And I am not sure if this is even achievable. How to accomplish this?

If nothing works then I will have to provide a temp View to register and then remove this view from the code. But I do not really like this option if there is a way to achieve this using SQL statement on MySQL DB.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • duanqian6295 duanqian6295 6年前

    The most portable way would be to add the 'secret' function & view to your User controller as you wrote, because you don't know exactly how CakePHP processes the salt and hash. It could use any of the available hash functions.

    But adding such a function is not so bad if you check in the code if the account already exists. Even if somebody guesses the URL the account will only be added once. Of course, once the acocunt is created you should immediately login and change the password to something that is not in your code.

    An alternative would be to create the admin as a regular user first, then using PHPMyAdmin or commandline mysql change the privilege level of the account directly in the database.

    点赞 评论 复制链接分享