ansaurus

Question

CakePHP: Clearing password field on failed submission

Answer 1

+3 A:

this?

password('Vendor.password', array('class' => 'text-input','value'=>''))

Funky Dude 2009-08-23 16:52:14

Thank's, this one works too. Is this the standard way of achieving what I want?

andreas 2009-08-23 18:12:06

that's how you set the value of an input field for form helper

Funky Dude 2009-08-24 13:49:21

Answer 2

+2 A:

In your controller:

function beforeRender() {
    parent::beforeRender();
    $this->data['Vendor']['password'] = '';
}

Matt Curry 2009-08-23 17:39:16

hmmm, this seems a bit hacky to me, as I have several types of user with distinct properties in the db and could add more in the future. But for now it works I guess, thank's :)

andreas 2009-08-23 18:08:41

Answer 3

+3 A:

Hello, You may run into another problem down the road with cakePHP password validation.

The problem is that cake hashes passwords first, then does validation, which can cause the input to fail even if it is valid according to your rules. This is why the password is returned to the input field hashed instead of normal.

to fix this, instead of using the special field name 'password', use a different name like 'tmp_pass'. This way, cakePHP Auth won't automatically hash the field.

Here's a sample form

echo $form->create('Vendor', array('action' => 'register'));
echo $form->input('email');
echo $form->input( 'tmp_pass', array( 'label' => 'Password','type'=>'password' ));
echo $form->end('Register');

In your Vendor model, don't assign validation rules to 'password' instead assign these rules to 'tmp_pass', for example

var $validate = array('email' => 'email', 'password' => ... password rules... );

becomes

var $validate = array('email' => 'email', 'tmp_pass' => ... password rules... );

Finally, in your Vendor model, implement beforeSave().

First, see if the data validates ('tmp_pass' will be validated against your rules).

If successful, manually hash tmp_pass and put it in $this->data['Vendor']['password'] then return true. If unsuccessful, return false.

function beforeSave() {
    if($this->validates()){
        $this->data['Vendor']['password'] = sha1(Configure::read('Security.salt') . $this->data['User']['tmp_pass']);
        return true;
    }
    else
        return false;
}

smchacko 2009-08-23 22:36:29

+1 - this was very helpful for me too, however I'd suggest using the proper `Auth->password()` or `Auth->hashPasswords()` functions rather than salting and hashing yourself.

nickf 2009-11-11 05:47:28

You should **not** hash the password yourself with `sha1`, as this **may** introduce inconsistencies with the way `Auth` (if that's what you're using) hashes the password down the road. Use `$this->Auth->password()` instead!

deceze 2009-11-11 05:48:05

@deceze, looking at the source, `Auth::hashPasswords()` will call the `User::hashPassword()` function if it is defined, whereas `Auth::password()` doesn't.

nickf 2009-11-11 06:08:17

@nickf Interesting. The manual does recommend `Auth::password()` to compare a hashed and a clear password. This issue should be worth some investigation. Either one's better than `sha1` though. :)

deceze 2009-11-11 06:20:35

ansaurus

tags:

views:

answers:

CakePHP: Clearing password field on failed submission

related questions