Jump to:

1030 Posts in 805 Topics by 311 members

Forum Module

SilverStripe Forums » Forum Module » ConfirmedPasswordField content length on edit

Discuss the Forum Module.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 434 Views
  • midoriberlin
    Avatar
    Community Member
    5 Posts

    ConfirmedPasswordField content length on edit Link to this post

    Hello,

    I'm setting up a basic login/register/edit profile sequence and am having a minor problem with it I'm hoping someone can help me with.

    I have a ConfirmedPasswordField in my edit profile page that loads details from the $Member. I can save and edit here just fine but the minor problem is that I think it's showing the sha1 characters in the circled out characters for existing passwords.

    e.g. I create a user with a password of 'elf' and then go to the edit profile screen. The change password and confirm password fields have content in them that is, I'm guessing, the sha1 code i.e. instead of seeing *** in the fields, I see ********************************************************

    Is there a way I can get the hidden characters to reflect the actual length of the password? I'm not sure if this is possible...

    The other potential solution was mentioned here ( http://api.silverstripe.org/2.4/forms/fields-formattedinput/ConfirmedPasswordField.html#methodperformReadonlyTransformation ) where the poster suggested making the password fields empty and then not saving them. I can do this but that then triggers validation. If I turn off the validation then they can potentially set their passwords to an empty string.

    So...not the biggest problem in the world but wondering if i'm the only one who has experienced it?

    Any help appreciated.

    Regards,

    Andrew

  • Willr
    Avatar
    Forum Moderator
    5489 Posts

    Re: ConfirmedPasswordField content length on edit Link to this post

    Is there a way I can get the hidden characters to reflect the actual length of the password? I'm not sure if this is possible...

    No there is no way to get the information about the original password (thats the goal of hashing and salting the string in the first place!).

    434 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.