How to manage passwords with datatable editor (my own logical bug)

edwardc

So, I have some sort of blackout and I can not figure it out how to approach this. On a super-admin page I have a table with users and their right. For some reasons, the password is set in editor by the super-admin and then the user may change it at his/hers convenience.
But...
The password is encrypted with md5. The admin open the modal editing to change some rights or other less important data. When he save the editor, the password is changed from "1234" (basic example) to md5("1234") so of course is not the same anymore.

I know is a silly logical bug, but still, may I get some suggestions how to handle this? How to store and edit password in editor without over-write it with md5 encryption?

allan

I would suggest having the password field as "set only" - i.e. it cannot be read. md5 can relatively easily be computed on a computer with a decent gpu (bcrypt or scrypt is safer ) but that is by the by.

To mark a field as set only with the PHP Editor libraries use .Get( false ). Then on the client-side have fields.def as an empty string for the password input.

Next, back on the server-side you can use [a server-side event]https://editor.datatables.net/manual/php/events) to check if a password value was submitted, or if it was an empty string. If empty string, don't do anything (you could add .Set( false ) for that field. If it isn't an empty string use a set formatter to md5 it.

Allan