Nevermind, self-help desk strikes again. On the second bad submit, the URL looks like:
localhost/login/login/login/login instead of the proper /login/login. Changing line 8 of the form class to 8 $this->setAction('/login/login'); fixed the problem. Kids, this is why you shouldn't file bug reports after midnight. Hope the code example can help someone out! -K On Fri, Mar 28, 2008 at 12:34 AM, Karl Katzke <[EMAIL PROTECTED]> wrote: > I have a Zend_Form class used for a login form. When I validate the form > once, it repopulates correctly. When I resubmit the form a second time with > a bad password value but the correct login value, the login value is > repopulated as 'login'. I'm not quite sure what in tarnation could be > happening here, but maybe someone can give me a hand. > > I'm using the latest from: > http://framework.zend.com/svn/framework/branch/release-1.5/library/Zend... > r9083 as of this writing. > > Here's my form class: > > 1 <?php > 2 > 3 class My_Form_Login extends Zend_Form { > 4 > 5 public function __construct($options = null) { > 6 parent::__construct($options); > 7 > 8 $this->setAction('login/login'); > 9 $this->setMethod('post'); > 10 > 11 $login = new Zend_Form_Element_Text('login'); > 12 $login->setLabel('Login'); > 13 $login->setRequired(true); > 14 $this->addElement($login); > 15 > 16 $pass = new Zend_Form_Element_Password('pass'); > 17 $pass->setLabel('Password'); > 18 $pass->setRequired(true); > 19 $this->addElement($pass); > 20 > 21 $submit = new Zend_Form_Element_Submit('submit'); > 22 $submit->setLabel('Submit'); > 23 $this->addElement($submit); > 24 > 25 } > 26 > 27 } > 28 > 29 ?> > > And here's the login action: > > 30 function loginAction() { > 31 $form = new My_Form_Login(); > 32 $param = $this->getRequest()->getParams(); > 33 > 34 //Init the view up here, even if we throw it out. > 35 $this->initView(); > 36 > 37 if(!empty($param['submit']) && $form->isValid($param)) { > 38 // If the form validated, then we know there are both passwd > and value fields. > 39 // Authenticate against the databse. First, get an instance. > 40 $auth = Zend_Auth::getInstance(); > 41 > 42 // Let's set up the adapter. Don't forget that the password is > just hashed, > 43 // while the email has had htmlspecialchars run on it before > being inserted. > 44 // This also serves as our input cleaning... no bobby tables! > 45 $adapt = new > Zend_Auth_Adapter_DbTable(Zend_Registry::get('db')); > 46 $adapt->setTableName('users'); > 47 $adapt->setIdentityColumn('login'); > 48 $adapt->setCredentialColumn('sha1password'); > 49 $adapt->setCredential(sha1($param['pass'])); > 50 $adapt->setIdentity(htmlspecialchars($param['login'])); > 51 > 52 > 53 // And run the auth. > 54 $result = $auth->authenticate($adapt); > 55 > 56 // Compare the values and do stuff. > 57 if($result->isValid()) { > 58 $storage = new Zend_Auth_Storage_Session(); > 59 > $storage->write($adapt->getResultRowObject(array('login','password_reset'))); > 60 $auth->setStorage($storage); > 61 $this->_redirect('/user/index'); > 62 } else { > 63 $this->view->message = 'Invalid login. Please try again.'; > 64 $this->view->form = $form; > 65 } > 66 } else { > 67 $this->view->form = $form; > 68 } > 69 } > > And here's the login form: > 1 <h1>Administration Login</h1> > 2 <? if(!empty($this->message)): ?> > 3 <p class="error"><?= $this->message ?></p> > 4 <? endif; ?> > 5 <?= $this->form ?> > 6 > > > The behaviour I'm getting can be reproduced in Firefox and Safari by > repeating the following steps: > > 1) Going to the login form in your browser > 2) Typing a username in the login field > 3) Typing an incorrect password > 4) The form repopulates as expected, and shows the expected error message. > 5) Type another incorrect password > 6) The form repopulates with the string 'login' in the login instead of > the expected user name. > > > Matt, I'll email you a link to my working copy so you can see the > behaviour. > > Thanks! > > -Karl >