Page 1 of 1

Two field Password Verify

PostPosted: Wed May 12, 2010 1:21 pm
by sheriff_deadeye
I am wondering if anyone has implemented a two-field password validation. i.e. When a user changes their password, they enter the new password in field 1, and then re-enter into field 2. if the values do not match, an error is displayed.

Thanks for the help.

Re: Two field Password Verify

PostPosted: Wed May 12, 2010 3:22 pm
by shannah
Nothing specifically has been implemented for this, but it's not hard to add. E.g. you could add a transient field called "password_confirm" and then use custom validation to check and make sure that the two fields match. I have created an example for this at
http://xataface.com/wiki/fieldname__validate#comments

Re: Two field Password Verify

PostPosted: Thu May 13, 2010 1:51 pm
by sheriff_deadeye
Thanks once again for such a quick response.

I will definitely be testing out these steps. i was thinking it would be more difficult b/c i did not think the actual password value was accessible for validation. thought i had read that somewhere in an unrelated post re: password security.

thanks.

Re: Two field Password Verify

PostPosted: Thu May 13, 2010 2:02 pm
by shannah
There are indeed limitations on password fields for security reasons. They are:

1. Xataface never loads password fields as part of database queries. e.g. If you have a 'password' field as part of the users table, and you make a call like:
Code: Select all
$user = df_get_record('users', array('user_id'=>10));
$user->val('password');  //   This will be blank even if there is a password in the db


However if a user is saving a new password, then you are able to intercept this password before it hits the database. E.g. in the fieldname__validate() method you will have access to the password field because it wasn't loaded from the database - it was inserted by the user.

And of course you can always cut out the middle man and use a mysql_query() call if you really need to retrieve the password from the db.