Ok, I've only been playing with CakePHP for a couple days, so go easy
on me.
I'm trying to create a simple user management system, similar to
WordPress. I'm using Auth, and that seems to be at the core of the
problem. I've seen this discussed on various blog posts and tutorials,
but none seem to address the issue.
Use case 1:
Create a user - username, email, password, confirm password -
reasonably straightforward except for the confirm password check. The
problem is, what if password confirm passes valdation, but something
else (like malformed email address) doesn't? The default behavior when
reloading the page is fill the password field with the *encrypted*
version of the password. I've seen some people suggest that the
workaround is to null the password fields so they user gets a blank
field and has to re-enter. I don't like this because there is no
validation error - on a longer page this could be a PITA for the user
- what if a field at the top failed validation and they don't notice
that their password is blank.
My workaround was, in the case of no pw validation errors but when
other errors pop up, refill password and password_confirm with the
values in the $_POST array. If there *are* password confirm errors,
then I just unset both values and the validation error was correct
(essentially "your passwords mismatch, so do them both again")
I did this by overriding User::save() like so:
function save(&$data,$validate=true,$fieldlist=array()){
if(parent::save($data,$validate,$fieldlist)){
return true;
}
//if save fails, reset passwords
$password_error = array_key_exists('password_match',$this-
>invalidFields()) || array_key_exists('password',$this-
>invalidFields());
if($password_error){
unset($data['password']);
unset($data['password_match']);
} else {
$data['password'] = htmlentities($_POST['data']['User']
['password']);
$data['password_match'] =
htmlentities($_POST['data']['User']
['password_match']);
}
}
This worked fine until I tried to edit an exiting user. The problem -
the values loaded into the password field are the *encrypted* values
in the db, So if the user doesn't change his password, then the
encrypted version becomes encrypted itself, and the password will no
longer work at login.
The only workaround I can see is to remove password from the user form
and make changing the password a separate form unto itself. Am I wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
