How to handle passwords?

MickB

Hello from a new user!

I am working on a user manager system, written in Laravel and using Datatables/Editor.

This is the functionality I am looking for:

When the users are created (pressing the New button), their password is typed in (by the admin).
When edit is clicked, the password field is not shown.

I am currently loading the passwords into a hidden column (hashed!), just to get the field on the create. I hate this, I don't see why I need to get this data from the db.

Mick

allan

Hi Mick,

Have a look at this blog post about using server-side events. Also you can use Field->get( false ) to not get the value.

Allan

MickB

Cheers Allan,

Can I still use these if using http://datatables.codetoweb.com/ ?

Not sure where they should go.

Mick

allan

Not directly. That is a third party library that I haven't actually used myself. I don't think it has support for server-side events - certainly the "events" that the Editor libraries do provide are specific to it since there isn't really a built in event handler in PHP.

Allan

MickB

Hmmm I wonder if I should be ditching the package and somehow hooking into your PHP library from Laravel myself, this would give me much more functionality.

I'm guessing that there isn't a way to get this functionality from the front end.

Thanks,

Mick

allan

You couldn't stop the server responding to the Ajax request with the password hashes form the client-side. Its up to the server what it sends back.

The Editor libraries are PHP so they should really sit alongside Laravel without issue (this is something that I intend to set up locally myself and write it up).

Allan

MickB

Cheers.

I was thinking of not pulling back the password field, not having it on the edit, just having it on the create.

Would be great to see how it fits with Laravel.

MickB

I now have your examples working with Laravel and the Editor libraries.

This helped.

http://laraveldaily.com/how-to-use-external-classes-and-php-files-in-laravel-controller/

I had to change the namespaces, so they matched the Laravel directory structure.
I also needed to add <meta name="csrf-token" content="{{ csrf_token() }}"> to the html and the Ajax
url: '/dtAjax',
headers: {
'X-CSRF-TOKEN':'{{ csrf_token() }}'

I also needed to do this:

global $db;

$db = new Database( $sql_details );

In Bootstrap,php because the db global was for some reason not in scope.

allan

Thanks for the update and the information. I'll include this information when I can write it up into the Editor manual.

Allan

MickB

Hi,

I am doing this:

    )->on( 'preEdit', function ( $e, $id, $values ) {
                if ( $values['password'] === '' ) {
                    $e->field( 'password' )->set( false );
                }
            } )

but the password field is never '', is is always populated, even when not edited.

Is there a setting to only post edited fields?

I am trying to use submit: 'changed' but can't see how it works with editor.

Mick

MickB

Found how to do this here;

https://editor.datatables.net/reference/option/formOptions.main

I needed to use formOptions