Cakephp, Auth and Empty Password Problem

Auth component is excellent one that i love in Cakephp for authentication but one problem i faced with this, empty password problem. That is – to add a new user, it takes empty password if we use password field. Model validation doesn’t work for password field if we put no value in password field, because – auth component create a hashed password after the form submission with empty value, so it can pass Model validation easily. I solved it another way – here is it.

Don’t use the name ‘password’ for the password field instead use another name, let it is ‘passwd’. It’s better to use confirm password field. Lets add user view code is as below


echo $form->create('User');
echo $form->input('username');
echo $form->input('passwd');
echo $form->input('passwd_confirm');
echo $form->end('Submit');


As we don’t have password field in form, we need to create the value for password field in controller. Lets create this in beforeSave method and call this from add method. Here is a sample code to handle password stuffs in user controller –

function beforeSave()  
        if (!empty($this->data['User']['passwd']))  
            $this->data['User']['password'] = $this->Auth->password($this->data['User']['passwd']);           
     return true;         

function admin_add() {
	if (!empty($this->data)) {
			if ($this->User->save($this->data)) {

This will process the password by beforeSave call. Now its the time for add validation in Model. Here is the validation which will check if the username is a valid email address, uniqe, password field is minimum 6 characters in length, matching of password and confirm password. I’ve created a custom method to check the match of password and cofirm password. here are the validation and custom method codes for user Model –

var $validate = array(
	'username' => array(
		'email' => array(
		'rule' => 'email',
		'required' => true,
		'message' => 'Username should be a valid email'
		'unique' => array(
		'rule' => 'isUnique',
		'message' => 'This username has already been taken'
)	,
	'passwd' => array(
	'rule' => array('minLength', '6'),
	'message' => 'Password should be atleast 6 characters long',
	'required' => true,
	'allowEmpty' => false,
	'on' => 'create'
	'passwd_confirm' => array(
	'rule' => 'matchpwd',
	'message' => 'Confirm password doesnt match'

* This method will be called to check password match
function matchpwd($data){
	if ($this->data['User']['passwd']!=$data['passwd_confirm'] ) {
	return false;
	return true;

One small note, in database, we must have fields – username, password in users table. That’s it

This entry was posted in Uncategorized and tagged . Bookmark the permalink.

12 thoughts on “Cakephp, Auth and Empty Password Problem

  1. Thanks for the script.But I have one another problem :-
    when i enter username and password it just redirect to the blank page,url doesn’t change too.if i am trying to print the value of entered credential in login action of users controller it shows in the username field what i have inputted but it shows the password field empty.

    Please help me how to alleviate this problem.

    Thanks in Advance

  2. Another problem is when you edit this user .. it says that user already exists .. eg when editing it is checking and enforcing that the existing user already exists! So how do you stop if from checking if the current user exists when editing current user?

  3. Hi thanku for the information ,
    I am not able save the password , and even not getting data in $this->data[‘User’][‘password’] , i followed the same steps as mentioned above , pls help me out .

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.