Home/ Questions/Q 8272545
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T07:09:21+00:00

I am using FOSUserBundle and I am trying to create a page that allows

  • 0

I am using FOSUserBundle and I am trying to create a page that allows a user to update their user profile. The problem I am facing is that my form does not require that the user reenter their password if they don’t want to change/update their password. So when a user submits the form with an empty password the database will be updated with an empty string, and the user will not be able to log in.

How can I get my form to ignore updating the password field if it is not set? Below is the code I am using.

$user = $this->get('security.context')->getToken()->getUser();

//user form has email and repeating password fields    
$userForm = $this->createForm(new UserFormType(), $user);

if ($request->getMethod() == 'POST') {
   $userForm->bindRequest($request);

   if($userForm->isValid()){
      //this will be be empty string in the database if the user does not enter a password
      $user->setPlainPassword($userForm->getData()->getPassword());
      $em->flush();
   }
}

I have tried a few things such as the following, but this is still empty because the bindRequest sets the empty password to the user

if($userForm->getData()->getPassword())
   $user->setPlainPassword($userForm->getData()->getPassword());

I have also tried, but this results in a similar situation and causes an unneeded query

if($userForm->getData()->getPassword())
   $user->setPlainPassword($userForm->getData()->getPassword());
else
   $user->setPlainPassword($user->getPlainPassword());

Are there any elegant ways to handle this use case?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you should reconsider if this is in fact a good use case. Should users be able to edit other users passwords? At our institution we do not allow even the highest level admin to perform this task.

    If a user needs their password changed we let them handle that themselves. If they have forgotten their password we allow them to retrieve it via email. If they need assistance with adjusting their email we allow our admins to assist users then. But all password updating and creation is done soley by the user.

    I think it is great that FOSUserBundle makes it so difficult to do otherwise but if you must DonCallisto seems to have a good solution.

    • 0