@ryantuosto The $data that is passed in is a different data array than the $this->data array. The reason we rewrote the hashPasswords method was so that we could properly validate the password ourselves rather than it coming in automatically hashed. By checking the $this->data passwords we can compare them before the hash. Then we manually hash them, returning the passed in $data array which is the same as what we just hashed anyways we just did it manually so we can compare them.

@ivolol Because allowing a user to create a password that is really long makes it harder for them to remember.

@abcd321839955 It's been a while but from what I remember when over writing the hashPasswords method for some reason if I don't pass true in as a second argument when calling this method it will not hash the password or will not save it. I can't remember which one. I figured this out from googling around. I looked at the api for the hashPasswords method and it doesn't seem to have a second parameter. Try it out, try not passing true in as a second param. It wont work properly.

@ryantuosto Not gonna lie, I'm not entirely sure the exact differences. All I know is that if I rewrite the hashPasswords method using $data it will not work because password will never match password_confirmation because password $data['User']['password'] comes into the $data array already hashed. Where as $this->data pulls directly from the form I believe, thus $this->data['User']['password'] is the plain password.

Question ..... in hashPassword method, if the driver uses the Auth compoent and POST data is received by containing the fields, automatically performs the hash the password field using this function.

Andrew I wander if you could do a User edit with a blank password maybe explain validate on THanks

Hi Andrew ! error "Strict (2048): Declaration of User::beforeSave() should be compatible with Model::beforeSave($options = Array) [APP\Model\User.php, line 2]" why ??????