0

My Entity Card has fields: id, code and token. Two points:

1) I need to generate 'code' with something like this:

 ...
 public function __construct(){
    $date = new \DateTime();
    $year = $date->format('Y');
    $month = $date->format('m');
    $this->codigo = $year . $month . ($this->id + 150);
 }

But Id always return 0; I try to use LifeCycleCallBacks. But not works.

2) I need too generate one secure token with 5 digits. Like this:

$this->token = mt_rand(11111,99999);

But how to save it in the database (with sha1 encoder) and retrieve it decrypted.

I'm using Symfony2.2.

All my objects Card will be generated in administration. I need to populate the database with 2000 Cards.

Thank you all

Munir
  • 739
  • 2
  • 14
  • 38
  • First, *how* did you try to use LifeCycleCallBakcks? You're right in that you'd have to wait for the ID to load before you can use it; it'll not be set in the constructor - Second, SHA1 is not an encoding; it's a *hash*. Difference is that hashes can not be decrypted. If you want something to be decrypted, SHA1 is not the way to go. Look into the Mcrypt extension. – Atli Jul 11 '13 at 00:15
  • I don't know if I need hash or encoding. I just need to store this random value in database and get it back later. Which should I use? I try to use LifeCycleCallBakcks with PostPersist, but Id still 0. Maybe it's get value only when flush, right? thx – Munir Jul 11 '13 at 00:19
  • I think this http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file is what I need – Munir Jul 11 '13 at 00:45
  • Why would you need either? Is there any reason to encode this token? Either way, if you need the original value back, then hashing is not an option. - Why PostPersist? That will trigger *after* the object is saved, so even though it may generate the correct value, it's never actually saved. You need to either flush the EntityManager again after creating the code, or update the database directly. I've found that relying on the ORM entities inside life-cycle events is extremely unreliable; direct SQL access is preferable there. – Atli Jul 11 '13 at 00:46
  • This token will be place in a real card (with the code). To active card on system, client will buy a card and scrape it to the token appear. If someone get acess to my DataBase, all my cards can be active. I think the correct name of fields should br 'key' and 'password', not 'code' and 'token'. – Munir Jul 11 '13 at 01:02
  • 1
    OK, so you don't actually need to *decrypt* the token then. All you have to do is follow the standard password hashing procedure: Put a **hashed** version of the token that you put on the card into the database. Then when a user scrapes the card and sends you the token, hash that token as well and compare it to the hashed token in the database. – Atli Jul 11 '13 at 01:42
  • Yes I will do this. The 'code' will give me much work. I will create manually a card object with a large Id and use it in place of 'code'. Thank you!! – Munir Jul 11 '13 at 01:58

0 Answers0