Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CakePHP: Clearing password field on failed submission

Greetings,

I am setting up a pretty standard registration form with password field.

The problem is, after a failed submission (due to empty field, incorrect format etc), the controller reloads the registration page, but with the password field containing the hashed value of the previously entered password. How do I make it empty after each failed submission?

View:

echo $form->password('Vendor.password', array('class' => 'text-input'));

Controller:

Security::setHash('sha1');
$this->Auth->sessionKey = 'Member'; 
$this->Auth->fields = array(
    'username' => 'email',
    'password' => 'password'
);

Help is very much appreciated, thanks!

like image 428
Andreas Wong Avatar asked Aug 23 '09 14:08

Andreas Wong


3 Answers

You may run into another problem down the road with cakePHP password validation.

The problem is that cake hashes passwords first, then does validation, which can cause the input to fail even if it is valid according to your rules. This is why the password is returned to the input field hashed instead of normal.


to fix this, instead of using the special field name 'password', use a different name like 'tmp_pass'. This way, cakePHP Auth won't automatically hash the field.

Here's a sample form

echo $form->create('Vendor', array('action' => 'register'));
echo $form->input('email');
echo $form->input( 'tmp_pass', array( 'label' => 'Password','type'=>'password' ));
echo $form->end('Register');

In your Vendor model, don't assign validation rules to 'password' instead assign these rules to 'tmp_pass', for example

var $validate = array('email' => 'email', 'password' => ... password rules... );

becomes

var $validate = array('email' => 'email', 'tmp_pass' => ... password rules... );

Finally, in your Vendor model, implement beforeSave().

First, see if the data validates ('tmp_pass' will be validated against your rules).

If successful, manually hash tmp_pass and put it in $this->data['Vendor']['password'] then return true. If unsuccessful, return false.

function beforeSave() {
    if($this->validates()){
        $this->data['Vendor']['password'] = sha1(Configure::read('Security.salt') . $this->data['User']['tmp_pass']);
        return true;
    }
    else
        return false;
}
like image 106
cardflopper Avatar answered Nov 08 '22 13:11

cardflopper


this?

password('Vendor.password', array('class' => 'text-input','value'=>'')) 
like image 36
Funky Dude Avatar answered Nov 08 '22 15:11

Funky Dude


In your controller:

function beforeRender() {
    parent::beforeRender();
    $this->data['Vendor']['password'] = '';
}
like image 3
Matt Curry Avatar answered Nov 08 '22 15:11

Matt Curry