Adding a 'fake' field to grocerycrud add/edit form

Question

On my users table I have a 128 char 'hashed_password' field. In my User_model I have functions to encrypt and decrypt the password. When encrypting I randomly generate a salt and it gets stored in the first 64 chars of hashed_password field. The hashed pw result gets stored in the last 64 chars. When decrypting I do the reverse.

As I guess is almost universal, there is never a plaintext password to display.

So, when my users (through grocery_CRUD) are adding/editing a user I thought it was possible to include fake fields: "password" and "passconf" to the add & edit forms with the following:

$crud->fields('username', ... <other fields> ... 'password', 'passconf');

Just to be crystal clear - the "password" and "passconf" fields DO NOT exist on my users table. I just want my users to input the new password there then deal with it in my own way.

But it doesn't work. By that I mean the add/edit form renders with the two fake fields correctly (validation below works correctly) but if I try to update any other user information then 'Update Changes', that action fails with "Loading" graphic spinning briefly but not updating the database.

I have tried replicating this on a VERY simply grocery_CRUD form with no other complexity and get the same behaviour: the form renders correctly but will not update the db.

Is it even possible to use fake fields? Am I missing something?

Is grocery_CRUD trying to do something with these fields behind the scenes that is causing the db update to fail?

I had then hoped to do the following:

$crud->set_rules('password', 'Password', 'callback_valid_password');
$crud->set_rules('passconf', 'Password Confirmation', 'matches[password]');

$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));

function encrypt_password_callback($post_array, $primary_key = null){
    if ($post_array['password'] <> '') {
        $this->User_model->set_password($post_array['username'], $post_array['password']);
    }
}

function valid_password($str) {
    //do some pw validation
    return TRUE;
}

score 2 · Answer 1 · answered Dec 10 '12 at 03:16

2

I have solved this problem using insert and update callbacks then encrypting the password then unset(ing) the offending 'password' & 'passconf' fields before the insert or update db call.

answered Dec 10 '12 at 03:16

Kenilik

366
7
16

Adding a 'fake' field to grocerycrud add/edit form

1 Answers1