User experience question: Password change in users management module

We ar开发者_C百科e writing a user management module where the admin can change passwords for other users. We store hashed passwords of users in DB.

The question is what field do we present to the admin user ?

There are some options:

• Present the input filed with no value, and change the password only if the some value was entered

• Present the input field with fixed-length string, and detect the change when the value changes

There's an option of presenting a change password button, but we prefer not to do it this way.

What option do you use and why ?

I would go with option 1.

Present the input filed with no value, and change the password only if the some value was entered

This is because its not really a "change password" option, its really a "set password" option. There is no value in showing the current hash to the admin user.

So in your update user code you just check if the password field is set, if so hash the new value and store the new hash.

Note: this is traditionally different to the way a user (including admin) changes their own password.

In that case the user is usually prompted for the value of the old password to ensure that its not someone else coming across the screen when its already logged in. But if you wanted to re-use the same screen (with a different where clause) then this is not essential - just what's normally done.

After a few minutes of brainstorming we got to the merged option, of showing fixed-size value inside the text-box and use onfocus() and onblur() events to blank the field on focus and return to the fixed size string on loose of focus when no text was entered.