Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Did you display the old password in the password form field ? in this case it could be displayed encrypted and thus encrypted a second time on saving. </p> <p>Hashes are typically not decypherable, so you should not display the password on a field.</p> <p>This is a common problem when working with sfGuard. Here are 2 solutions, there is probably others that will answer this issue :</p> <ol> <li>Do not let user changer user's password in this form and create a separate form for password reset</li> <li>Let password form field empty by default, and save it only when the user types in a new password</li> </ol> <p>I usually get into the second way, here is the form class used :</p> <pre><code>class ewaSfGuardUserForm extends sfGuardUserForm { public function configure() { // parent::configure(); //"virtual" new password fields, empty by default $this-&gt;widgetSchema['new_password'] = new sfWidgetFormInputPassword(); $this-&gt;widgetSchema['new_password_bis'] = new sfWidgetFormInputPassword(); $error_messages = array('min_length' =&gt; 'Passwords must be at least 4 characters long.'); $this-&gt;validatorSchema['new_password'] = new sfValidatorString(array('required' =&gt; false, 'min_length' =&gt; 4), $error_messages); $this-&gt;validatorSchema['new_password_bis'] = new sfValidatorString(array('required' =&gt; false, 'min_length' =&gt; 4), $error_messages); $error_messages = array('invalid' =&gt; 'New password didn\'t match confirmation'); //validate identical password $this-&gt;validatorSchema-&gt;setPostValidator(new sfValidatorSchemaCompare('new_password', '==', 'new_password_bis', array(), $error_messages)); $this-&gt;validatorSchema-&gt;setPostValidator( new sfValidatorAnd(array( new sfValidatorDoctrineUnique(array('model' =&gt; 'sfGuardUser', 'column' =&gt; array('email_address'))), new sfValidatorDoctrineUnique(array('model' =&gt; 'sfGuardUser', 'column' =&gt; array('username')), array('invalid' =&gt; 'Email is already in use for another account')), new sfValidatorSchemaCompare('new_password', '==', 'new_password_bis', array(), $error_messages) )) ); //unused fields unset( $this['groups_list'], $this['permissions_list'], $this['password'], $this['created_at'], $this['updated_at'], $this['last_login'], $this['salt'], $this['algorithm'] ); //putting back validator for real password field $this-&gt;validatorSchema['password'] = new sfValidatorPass(); } } </code></pre> <p>The other part is in action class sf_guard_userActions </p> <pre><code> protected function processForm(sfWebRequest $request, sfForm $form) { $requestParams = $request-&gt;getParameter($form-&gt;getName()); $requestParams['password'] = $requestParams['new_password']; $requestParams['email_address'] = $requestParams['username']; $form-&gt;bind($requestParams, $request-&gt;getFiles($form-&gt;getName())); if ($form-&gt;isValid()) { [....] Copy of generated code } } </code></pre> <p>The specificity of my implementation is it always force uses email == username. </p> <p>I do not use an extended model for storing user's profile, but I override defaut sfGuardUser doctrine table to add extra fields like first name, last name, etc. It works this way, perhaps doctrine inheritance would have been better.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload