in the case of a password field - where the field should *always* be
cleared when the view loads - all of the clearing logic should be at
the view level.
Using the form helper
e( $form->input( 'User.password', array( 'type' => 'password', 'value'
=> '' ) ) );
I believe that should do the trick for views needing to have the hash
removed from the form field as well as allow validation to continue
working.
On May 5, 6:26 pm, drumdance <[EMAIL PROTECTED]> wrote:
> Ok, I've only been playing with CakePHP for a couple days, so go easy
> on me.
>
> I'm trying to create a simple user management system, similar to
> WordPress. I'm using Auth, and that seems to be at the core of the
> problem. I've seen this discussed on various blog posts and tutorials,
> but none seem to address the issue.
>
> Use case 1:
>
> Create a user - username, email, password, confirm password -
> reasonably straightforward except for the confirm password check. The
> problem is, what if password confirm passes valdation, but something
> else (like malformed email address) doesn't? The default behavior when
> reloading the page is fill the password field with the *encrypted*
> version of the password. I've seen some people suggest that the
> workaround is to null the password fields so they user gets a blank
> field and has to re-enter. I don't like this because there is no
> validation error - on a longer page this could be a PITA for the user
> - what if a field at the top failed validation and they don't notice
> that their password is blank.
>
> My workaround was, in the case of no pw validation errors but when
> other errors pop up, refill password and password_confirm with the
> values in the $_POST array. If there *are* password confirm errors,
> then I just unset both values and the validation error was correct
> (essentially "your passwords mismatch, so do them both again")
>
> I did this by overriding User::save() like so:
>
> function save(&$data,$validate=true,$fieldlist=array()){
> if(parent::save($data,$validate,$fieldlist)){
> return true;
> }
> //if save fails, reset passwords
> $password_error =
> array_key_exists('password_match',$this->invalidFields()) ||
> array_key_exists('password',$this-
> >invalidFields());
>
> if($password_error){
> unset($data['password']);
> unset($data['password_match']);
> } else {
> $data['password'] =
> htmlentities($_POST['data']['User']
> ['password']);
> $data['password_match'] =
> htmlentities($_POST['data']['User']
> ['password_match']);
> }
>
> }
>
> This worked fine until I tried to edit an exiting user. The problem -
> the values loaded into the password field are the *encrypted* values
> in the db, So if the user doesn't change his password, then the
> encrypted version becomes encrypted itself, and the password will no
> longer work at login.
>
> The only workaround I can see is to remove password from the user form
> and make changing the password a separate form unto itself. Am I wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
