I'm using Redbean as an ORM for my php-application.
Every user (employee in this situation), has to have a password in order to login, and I thought i'd generate one for them, so they don't have to type it in the form.
Obviously, this means they all have to have a salt, and the only password stored should be the hash value of the actual password. Because of that I have to send the password to the user (otherwise they won't know it :D), and thus have to have it as a property of the object, without saving it for the database.
A clever place to generate passwords would be in the model, so that it basically does it by itself for every new employee (user), therefor I created this model:
class Model_employee extends RedBean_SimpleModel
{
public function dispense()
{
$this->salt = cypher::getIV(32);
$this->tempPassword = cypher::getIV(8);
$this->password = md5($this->salt . $this->password);
}
public function update()
{
unset($this->tempPassword);
}
}
The generating password in dispense() works fine. The update() is supposed to be run right before the bean is saved, and so it is (if I null the property it is saved as null), however, the tempPassword is still saved, even if I unset it (the column is also created, even if I store it as null).
Basically, the question boils down to this: How do I get rid of the tempPassword property, so that it is not saved to the database?
It turns out that someone else just asked that exact question a couple of days ago, in the readBean forum.
Basically, redbean won't store private properties of any class extension.
The solution was then quite simple:
class Model_employee extends RedBean_SimpleModel
{
private $tempPassword;
public function dispense()
{
$this->salt = cypher::getIV(32);
$this->tempPassword = cypher::getIV(8);
$this->password = md5($this->salt . $this->password);
}
}
This won't store the password in the database, nor create the column. Of course, I have to add a getter() if I want to read the password, but the above solves the immediate problem :)