Home/ Questions/Q 339305
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T10:30:38+00:00

Greetings, I am setting up a pretty standard registration form with password field. The

  • 0

Greetings,

I am setting up a pretty standard registration form with password field.

The problem is, after a failed submission (due to empty field, incorrect format etc), the controller reloads the registration page, but with the password field containing the hashed value of the previously entered password. How do I make it empty after each failed submission?

View:

echo $form->password('Vendor.password', array('class' => 'text-input'));

Controller:

Security::setHash('sha1');
$this->Auth->sessionKey = 'Member'; 
$this->Auth->fields = array(
    'username' => 'email',
    'password' => 'password'
);

Help is very much appreciated, thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may run into another problem down the road with cakePHP password validation.

    The problem is that cake hashes passwords first, then does validation, which can cause the input to fail even if it is valid according to your rules. This is why the password is returned to the input field hashed instead of normal.

    to fix this, instead of using the special field name ‘password’, use a different name like ‘tmp_pass’. This way, cakePHP Auth won’t automatically hash the field.

    Here’s a sample form

    echo $form->create('Vendor', array('action' => 'register'));
echo $form->input('email');
echo $form->input( 'tmp_pass', array( 'label' => 'Password','type'=>'password' ));
echo $form->end('Register');

    In your Vendor model, don’t assign validation rules to ‘password’ instead assign these rules to ‘tmp_pass’, for example

    var $validate = array('email' => 'email', 'password' => ... password rules... );

    becomes

    var $validate = array('email' => 'email', 'tmp_pass' => ... password rules... );

    Finally, in your Vendor model, implement beforeSave().

    First, see if the data validates (‘tmp_pass’ will be validated against your rules).

    If successful, manually hash tmp_pass and put it in $this->data[‘Vendor’][‘password’] then return true. If unsuccessful, return false.

    function beforeSave() {
    if($this->validates()){
        $this->data['Vendor']['password'] = sha1(Configure::read('Security.salt') . $this->data['User']['tmp_pass']);
        return true;
    }
    else
        return false;
}
    • 0