I have a Zend_Form class used for a login form. When I validate the form once, it repopulates correctly. When I resubmit the form a second time with a bad password value but the correct login value, the login value is repopulated as 'login'. I'm not quite sure what in tarnation could be happening here, but maybe someone can give me a hand.
I'm using the latest from: http://framework.zend.com/svn/framework/branch/release-1.5/library/Zend ... r9083 as of this writing. Here's my form class: 1 <?php 2 3 class My_Form_Login extends Zend_Form { 4 5 public function __construct($options = null) { 6 parent::__construct($options); 7 8 $this->setAction('login/login'); 9 $this->setMethod('post'); 10 11 $login = new Zend_Form_Element_Text('login'); 12 $login->setLabel('Login'); 13 $login->setRequired(true); 14 $this->addElement($login); 15 16 $pass = new Zend_Form_Element_Password('pass'); 17 $pass->setLabel('Password'); 18 $pass->setRequired(true); 19 $this->addElement($pass); 20 21 $submit = new Zend_Form_Element_Submit('submit'); 22 $submit->setLabel('Submit'); 23 $this->addElement($submit); 24 25 } 26 27 } 28 29 ?> And here's the login action: 30 function loginAction() { 31 $form = new My_Form_Login(); 32 $param = $this->getRequest()->getParams(); 33 34 //Init the view up here, even if we throw it out. 35 $this->initView(); 36 37 if(!empty($param['submit']) && $form->isValid($param)) { 38 // If the form validated, then we know there are both passwd and value fields. 39 // Authenticate against the databse. First, get an instance. 40 $auth = Zend_Auth::getInstance(); 41 42 // Let's set up the adapter. Don't forget that the password is just hashed, 43 // while the email has had htmlspecialchars run on it before being inserted. 44 // This also serves as our input cleaning... no bobby tables! 45 $adapt = new Zend_Auth_Adapter_DbTable(Zend_Registry::get('db')); 46 $adapt->setTableName('users'); 47 $adapt->setIdentityColumn('login'); 48 $adapt->setCredentialColumn('sha1password'); 49 $adapt->setCredential(sha1($param['pass'])); 50 $adapt->setIdentity(htmlspecialchars($param['login'])); 51 52 53 // And run the auth. 54 $result = $auth->authenticate($adapt); 55 56 // Compare the values and do stuff. 57 if($result->isValid()) { 58 $storage = new Zend_Auth_Storage_Session(); 59 $storage->write($adapt->getResultRowObject(array('login','password_reset'))); 60 $auth->setStorage($storage); 61 $this->_redirect('/user/index'); 62 } else { 63 $this->view->message = 'Invalid login. Please try again.'; 64 $this->view->form = $form; 65 } 66 } else { 67 $this->view->form = $form; 68 } 69 } And here's the login form: 1 <h1>Administration Login</h1> 2 <? if(!empty($this->message)): ?> 3 <p class="error"><?= $this->message ?></p> 4 <? endif; ?> 5 <?= $this->form ?> 6 The behaviour I'm getting can be reproduced in Firefox and Safari by repeating the following steps: 1) Going to the login form in your browser 2) Typing a username in the login field 3) Typing an incorrect password 4) The form repopulates as expected, and shows the expected error message. 5) Type another incorrect password 6) The form repopulates with the string 'login' in the login instead of the expected user name. Matt, I'll email you a link to my working copy so you can see the behaviour. Thanks! -Karl
