开发者

Best way to handle a form with password field in CakePHP 1.3?

问答 作者:

I have a User controller and User model. This model and associated database table is used for authentication and naturally there's a password field.

In my edit action when I call $this->data is puts the hashed password in my password field in my edit view. Naturally, I don't want a password field with a 40-character value, which will then get re-hashed upon save.

My action looks like this:

function edit($id) {
    $this->User->id = $id;
    if (empty($this->data)) {
        $this->data = $this->User->read();
    }
    else {
        if ($this->User->save($this->data)) {
            $this->Session->setFlash('User has been updated.');
            $this->redirect(array('action' => 'view', $this->User->id));
        }
    }
}

And my view looks like this:

<h2>Edit User</h2>
<?php
    echo $this->Form->create('User', array('action' => 'edit'));
    echo $this->Form->input('username');
    echo $this->Form->input('password');
    echo $this->Form->input('first_name');
    echo $this->Form->input('last_name');
    echo $this->Form->input('email');
    echo $this->Form->end('Save User');
?>

How can I have a form for users to edit thei开发者_如何学Pythonr account (username etc) that doesn't update the password if left blank, but does update it if the user enters a new password into the password field?

The common & most secure method is to have a separate form for changing the password where you ask the user to confirm the change by asking the old password. This is because if you forget the site open on a public computer, the next person who comes in can't just hijack the account by just giving a new password.

If you still want to go with the original plan, you can unset the variable if it's empty before saving the data:

if( $this->data[ 'User' ][ 'password' ] == '' ) {
    unset( $this->data[ 'User' ][ 'password' ] );
}

The other option is to list allowed fields as a parameter to save() and leave out password if the field is empty.

In the view you can use

echo $this->Form->input('password', array( 'value' => '' ) );

to keep the hash from showing up in the field.

Most places only allow editing passwords when they enter their original passwords. It helps protect against password changes with unauthorized access.

But if you want to do it, try

echo $this->Form->input('password', array('default'=>false));

继续阅读:cakephpcakephp-1.3cakephp-model

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9