[html-formfu] password element: empty after submission

Carl Franks fireartist at gmail.com
Tue Nov 11 09:30:44 GMT 2008 

Hi Jens, and welcome to the list!

> I want to create a form where the user can change its password (i.e. something like "password" and "password confirm") and store it sha1-hashed in my mySQL-DB. In order to accomplish this, I thought I could get the contents of the password field after the user submission, run a sha1-hash over it an finally store it to the DB. But that does not work because after the user submits the password field it seems to be emtpy. Is this a FormFu problem?
>
> Here is the situation right now:
>
> <catalyst root>/root/src/foobar.tt2:
>
> [% form %]
>
> <catalyst root>/root/forms/foobar.yml:
>
> ---
> indicator: submit
> elements:
>  - type: Password
>    name: mypass
>    label: Enter password
>    constraints:
>      - type: Equal
>        others: mypass_confirm
>      - type: Required
>  - type: Password
>    name: mypass_confirm
>    label: Please confirm password
>    constraints:
>      - type: Required
>  - type: Submit
>    name: submit
>    value: Here we go
>
> <catalyst root>/lib/MyApp/Controller/Root.pm:
>
> sub foobar :Local :FormConfig('foobar.yml') {
>  my ($self, $c) = @_;
>  my $form = $c->stash->{form};
>  $c->log->info($form->get_element({ name => "mypass" }));
>  $c->stash->{template} = 'foobar.tt2';
> }
>
> <catalyst output after user has submitted form>:
>
> [info] <div class="password label">
> <label>Enter password</label>
> <input name="mypass" type="password" value="" />
> </div>
>
> Please note the empty value attribute where I espected the user input!

You're not really checking what was submitted, you're re-rendering the
form - and for security, password field values aren't returned to the
browser, by default.

If you're running the Catalyst built-in server under debug mode,
you'll see exactly what is being submitted.
And to figure out what HTML-FormFu sees, you could do something like this:

use Data::Dumper;
sub foobar :Local :FormConfig('foobar.yml') {
    my ($self, $c) = @_;
    my $form = $c->stash->{form};

    if ( $form->submitted_and_valid ) {
        $c->stash->{form} = sprintf "<pre>%s</pre>", Dumper( $form->params );
    }
    elsif ( $form->submitted ) {
        $c->stash->{form} = sprintf "<pre>%s</pre>", Dumper(
$form->has_errors );
    }

    $c->stash->{template} = 'foobar.tt2';
}

If you want password fields to keep their value when you're rendering
them after a submission, you need to set $field->render_value(1)

> Any hints on how I can get my password hashed as intended?

Generally, I would have DBIx::Class handle that, but you could easily
write a FormFu Filter to do it.

Carl

More information about the HTML-FormFu mailing list