md5 hash in selector

[Raymond Geerts]

Im working on a sort of "friend request" script for a front end user profile.

the user template has the following extra fields of the type Page

• friend_invite_in
• friend_invite_out
• friend_confirmed

There will be a ajax post containing the username when pressing a button to send a friend request.

Lets say user "A" does a request for user "B" to become friends.

The ajax script should handle the post and add the foloowing page references:

User "A" will receive a page reference to user "B" in the friend_invite_out field.

User "B" will receive a page reference to user "A" in the friend_invite_in field.

Then user "B" can confirm, so that the page references are moved in the following manner:

User "A" page reference to user "B" will be moved from friend_invite_out field to friend_confirmed field

User "B" page reference to user "A" will be moved from friend_invite_in field to friend_confirmed field

This i kinda the logic behind the whole process.

But to prevent sending clear usernames i would like to have a md5 hash in my HTML/jQuery code. This is no problem to do with PHP.

But how would i make a selector that can handle this md5 hash and get the right user?

// this does not work!
$md5 = $this->input->post->userid;
$u = $this->users->get("MD5(name)=$md5");

In MySQL it the query would be something like this (havent tested it)

SELECT * FROM users WHERE MD5(name)=$md5

[Raymond Geerts]

Discussing it with my college Martijn he came up with the idea of putting a md5 hash of the username in an extra field attached to the user template and do this upon user creation.

And since there doesnt have to be any reference anymore to the username it could be a combination of several values like for example a unix timestring.

$username = $this->input->post->username;
$hash = md5($username."-".time());

But in general it would be nice to know if it is possible to get a user (or page object) with a selector containing a md5 hash.

[ryan]

I think that usernames as MD5 hashes are going to be difficult to look at on the admin side, and kind of defeats the purpose of the name field being a readable, unqiue identifier. I would create a separate field to handle your md5 hash and add that to your user template. Lets say you created a text field called user_hash and added it to your user template. You could have it automatically updated every time a user is added or saved just by putting some hook code in your /site/templates/admin.php file

$pages->addHook('saveReady', function($event) {
  $page = $event->arguments(0); 
  if($page->template == 'user') {
    $page->user_hash = md5($page->name . time()); 
  }
});