How to handle passwords?

How to handle passwords?

MickBMickB Posts: 103Questions: 25Answers: 2

Hello from a new user!

I am working on a user manager system, written in Laravel and using Datatables/Editor.

This is the functionality I am looking for:

When the users are created (pressing the New button), their password is typed in (by the admin).
When edit is clicked, the password field is not shown.

I am currently loading the passwords into a hidden column (hashed!), just to get the field on the create. I hate this, I don't see why I need to get this data from the db.

Mick

This question has accepted answers - jump to:

Answers

  • allanallan Posts: 63,685Questions: 1Answers: 10,500 Site admin
    Answer ✓

    Hi Mick,

    Have a look at this blog post about using server-side events. Also you can use Field->get( false ) to not get the value.

    Allan

  • MickBMickB Posts: 103Questions: 25Answers: 2

    Cheers Allan,

    Can I still use these if using http://datatables.codetoweb.com/ ?

    Not sure where they should go.

    Mick

  • allanallan Posts: 63,685Questions: 1Answers: 10,500 Site admin

    Not directly. That is a third party library that I haven't actually used myself. I don't think it has support for server-side events - certainly the "events" that the Editor libraries do provide are specific to it since there isn't really a built in event handler in PHP.

    Allan

  • MickBMickB Posts: 103Questions: 25Answers: 2

    Hmmm I wonder if I should be ditching the package and somehow hooking into your PHP library from Laravel myself, this would give me much more functionality.

    I'm guessing that there isn't a way to get this functionality from the front end.

    Thanks,

    Mick

  • allanallan Posts: 63,685Questions: 1Answers: 10,500 Site admin

    You couldn't stop the server responding to the Ajax request with the password hashes form the client-side. Its up to the server what it sends back.

    The Editor libraries are PHP so they should really sit alongside Laravel without issue (this is something that I intend to set up locally myself and write it up).

    Allan

  • MickBMickB Posts: 103Questions: 25Answers: 2

    Cheers.

    I was thinking of not pulling back the password field, not having it on the edit, just having it on the create.

    Would be great to see how it fits with Laravel.

  • MickBMickB Posts: 103Questions: 25Answers: 2
    edited December 2015

    I now have your examples working with Laravel and the Editor libraries.

    This helped.

    http://laraveldaily.com/how-to-use-external-classes-and-php-files-in-laravel-controller/

    I had to change the namespaces, so they matched the Laravel directory structure.
    I also needed to add <meta name="csrf-token" content="{{ csrf_token() }}"> to the html and the Ajax
    url: '/dtAjax',
    headers: {
    'X-CSRF-TOKEN':'{{ csrf_token() }}'

    I also needed to do this:

    global $db;

    $db = new Database( $sql_details );

    In Bootstrap,php because the db global was for some reason not in scope.

  • allanallan Posts: 63,685Questions: 1Answers: 10,500 Site admin

    Thanks for the update and the information. I'll include this information when I can write it up into the Editor manual.

    Allan

  • MickBMickB Posts: 103Questions: 25Answers: 2
    edited February 2016

    Hi,

    I am doing this:

        )->on( 'preEdit', function ( $e, $id, $values ) {
                    if ( $values['password'] === '' ) {
                        $e->field( 'password' )->set( false );
                    }
                } )
    

    but the password field is never '', is is always populated, even when not edited.

    Is there a setting to only post edited fields?

    I am trying to use submit: 'changed' but can't see how it works with editor.

    Mick

  • MickBMickB Posts: 103Questions: 25Answers: 2
    Answer ✓

    Found how to do this here;

    https://editor.datatables.net/reference/option/formOptions.main

    I needed to use formOptions

This discussion has been closed.