enconde password from a form

Question

I'm new on PHP symfony, I'm working with FOSUserbundle, I created a new view for the user change password but it was so hard to embeded the change password form from the FOSUserBundle so I created manually a html form and add some code in the controller of the view and everything is working fine, the change pasword works on my DB but the problem is that the password is plaintext and I need it encode (encrypt), how do I encode my password to send it to the db?

Here is the form in my twig view:

<form action="{{path ('fos_user_profile_change_password')}}" method="POST" id="form_user_change_password">                                       
    <div class="form-group">
        <div>
        <label for="fos_user_change_password_form_current_password" class="required">Contraseña actual</label>

        <input type="password" id="fos_user_change_password_form_current_password" name="fos_user_change_password_form[current_password]" required="required">
        </div>

        <div>
        <label for="new_password" class="required">Nueva contraseña</label>
        <input type="password" id="new_password" name="new_password" required="required">
        </div>

        <div>
        <label for="new_password_repeat" class="required">Repita la contraseña</label>
        <input type="password" name="new_password_repeat" id="new_password_repeat" required="required">
        </div>
        <div>

        <input type="submit" value="{{ 'change_password.submit'|trans }}" class="btn btn-primary btn-block uppercase" />
        </div>
    </div>
</form>

and here is my controller:

/**
 * Change user password.
 *
 * @param Request $request
 *
 * @return Response
 */
public function changePasswordAction(Request $request)
{
    $userManager = $this->get('fos_user.user_manager');       
    $user = $this->getUser();
    $new_password = $_POST['new_password'];
    $user->setPassword($new_password);
    $userManager->updateUser($user);
    $url = $this->generateUrl('fos_user_profile_edit');
    $response = new RedirectResponse($url);

    return $response;
}

Please I'm a newbie on PHP and Symfony3 :)

You do not need to encrypt it. You need to hash it. Please use **PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)** (`password_hash()` and `password_verify()`) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). **It is not necessary** to [escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so _changes_ the password and causes unnecessary additional coding — GrumpyCrouton, Oct 10 '17 at 16:22
@GrumpyCrouton - Did you notice that he is using Symfony? Symfony has password encoders which wrap various hashing routines. Using password_hash directly will lead to all kinds of fun. — Cerad, Oct 10 '17 at 20:11
@Cerad I'm sorry, I'm not familiar with Symfony at all. Either way "encrypting" is not the right action. — GrumpyCrouton, Oct 10 '17 at 20:12
Your issue is that you are not properly overriding the change password template and/or controller. Take a look at these: https://symfony.com/doc/current/bundles/FOSUserBundle/overriding_templates.html https://symfony.com/doc/current/bundles/FOSUserBundle/overriding_controllers.html Also, can you tell me what encoder you have configured in your security.yml file? — Forer, Oct 11 '17 at 08:47
Does your security.yml contain something like: ` encoders: FOS\UserBundle\Model\UserInterface: bcrypt ` — Forer, Oct 11 '17 at 08:55
@Forer The overriding was so hard and I don´t why, I just wanted to render the changepassword form into my new view but I couldnt, I just copied the same controller from the ChangePassword Controller to my new controller and then put the {{ form_start (form with the correct path) }} and didnt work, also change the routing to the correct path, there is something I'm missing. and due to the questions about the security.yml is: security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt — Capitan Duke, Oct 11 '17 at 10:20
@CapitanDuke from what you said & shown above in code, you want to use the existing FOSUserBundle ChangePassword form & controller but in a custom twig template. So you only need to override the change_password_content.html.twig from FOSUserBundle. I'll show you how to do that in an answer. If it doesn't solve your issue, we can go further by overriding other parts of FOSUserBundle. The key thing is for you to get familiar with how FOSUserBundle hangs together and how to correctly override parts of it when you need to because chances are, you will use FOSUserBundle a lot in symfony projects. — Forer, Oct 13 '17 at 08:46
Just a response to some of the other comments, Symfony is configured to use a password encoder in the security.yml file. This just says what method of hashing should be used on passwords. The base call in the symfony code is still password_hash. The issue is if you use password_hash directly passing in a different Encryption algorithm parameter, you will end up with passwords hashed using one algo and then FOSUserBundle & Symfony will use the different configured hash algo from security.yml on login and you will never get a password match. — Forer, Oct 13 '17 at 09:47
To manually hash passwords in Symfony, use the configured encoder & not password_hash directly: https://symfony.com/doc/current/security/password_encoding.html Unless you create a custom encoder of course. — Forer, Oct 13 '17 at 09:47

score 1 · Accepted Answer · answered Oct 13 '17 at 09:35

From above comments and code, it looks like you only want to override the change_password_content.html.twig template of FOSUserBundle. This will allow you to use the existing ChangePassword Form Type and ChangePasswordController for FOSUserBundle in your own template.

The reference to do this is here: https://symfony.com/doc/current/bundles/FOSUserBundle/overriding_templates.html

To help you with some implementation details:

Go to vendor/friendsofsymfony/user-bundle/Resources/views/ChangePassword/change_password.html.twig and copy the contents of this file.
Then go to app/Resources/views and create a folder named ChangedPassword and in that create a new file and paste the content you copied in (1) above. Save the file as change_password.html.twig - what you have done in steps (1) and (2) is override the template in FOSUserBundle with your own template in app/Resources/views. The content of your override template is just identical to that FOSUserBundle right now.
Now go ahead and make any changes you need to this override template: like change the extended layout to use your own and add any additional markup you may need around the fos_user_content block. Save.

You have now done a correct override of the FOSUserBundle template. If you need even further control over the content template containing the form, go ahead and repeat the above for the template named change_password_content.html.twig and change the include in your change_password.html.twig template to ":ChangePassword/change_password_content.html.twig".

The above will now mean that FOSUserBundle will use your override templates instead of the existing ones in the bundle giving you full control over mark-up, layout, styling, etc.

And in doing the override above correctly, you won't need to override the ChangePasswordController - so you will get the password hashing you need via the UserManager in FOSUserBundle.

@CapitanDuke My pleasure & well done. FOSUserBundle is one of the most popular and commonly used bundles. The way of overriding is similar for controllers and you can create your own FormTypes too which you can set in the config.yml of your project. Take a read about this here: https://symfony.com/doc/current/bundles/FOSUserBundle/index.html. You probably gonna start doing this next. — Forer, Oct 16 '17 at 12:40

enconde password from a form

1 Answers1