Home/ Questions/Q 8926375
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T07:57:42+00:00

I’m working on some admin functions to my site where a user with admin

  • 0

I’m working on some admin functions to my site where a user with admin privileges is able to open a form for a given user ID. From this form they can change user permissions, alter the user password or other means.

However, when the form is constructed from the model, the password field pulls the hashed password from the database and populates the password field. As a result, when the admin goes to save the form the hashed password is treated as a plaintext and therefore hashed again, overwriting the original password.

What I need is some way to allow admin users to change the form but only have passwords hashed and updated on the database in the event that it is changed.

My thoughts are to construct the form setting password to blank:

view/User/edit.ctp:

echo $this->Form->input('User.password',array(
        'value' => '',
        'type' => 'password',
        'autocomplete' => 'off'
    )
);

And have some sort of check on the save to skip the password; but this is where I’m stuck.

controller/userscontroller.php

public function edit($id = null) 
{
    $this->User->id = $id;
    if ($this->request->is('get')) 
    {
        $this->request->data = $this->User->read();
    } else  {
        //Something here????
        if ($this->User->save($this->data))
        {
            $this->Session->setFlash('Your user has been updated.');
            $this->redirect(array('action' => 'index'));
        } else 
        {
            $this->Session->setFlash('Unable to update your user.');
        }
    }

    $this->set('groups',$this->User->Group->find('list'));//, array( 'fields' => array('id', 'name'))));
    $this->set('sites',$this->User->Site->find('list'));//, array( 'fields' => array('id', 'name'))));
}

How do I check this and prevent the password from updating when there is no change?

Decided Solution:

As per the answers provided I used a second form on the same page that re-uses the signup validation that users go through. When updating site/group privileges the users are sent through one form while passwords through another.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would build two admin forms, one for changing permissions and the other for updating the password only. While you are at it, the change password form should have a second field for validating the change.

    There are some CakePHP plugins to help with managing users and specifically passwords.

    • 0