Nevermind, self-help desk strikes again. On the second bad submit, the URL
looks like:
localhost/login/login/login/login
instead of the proper /login/login.
Changing line 8 of the form class to
8 $this->setAction('/login/login');
fixed the problem.
Kids, this is why you shouldn't file bug reports after midnight.
Hope the code example can help someone out!
-K
On Fri, Mar 28, 2008 at 12:34 AM, Karl Katzke <[EMAIL PROTECTED]> wrote:
> I have a Zend_Form class used for a login form. When I validate the form
> once, it repopulates correctly. When I resubmit the form a second time with
> a bad password value but the correct login value, the login value is
> repopulated as 'login'. I'm not quite sure what in tarnation could be
> happening here, but maybe someone can give me a hand.
>
> I'm using the latest from:
> http://framework.zend.com/svn/framework/branch/release-1.5/library/Zend...
> r9083 as of this writing.
>
> Here's my form class:
>
> 1 <?php
> 2
> 3 class My_Form_Login extends Zend_Form {
> 4
> 5 public function __construct($options = null) {
> 6 parent::__construct($options);
> 7
> 8 $this->setAction('login/login');
> 9 $this->setMethod('post');
> 10
> 11 $login = new Zend_Form_Element_Text('login');
> 12 $login->setLabel('Login');
> 13 $login->setRequired(true);
> 14 $this->addElement($login);
> 15
> 16 $pass = new Zend_Form_Element_Password('pass');
> 17 $pass->setLabel('Password');
> 18 $pass->setRequired(true);
> 19 $this->addElement($pass);
> 20
> 21 $submit = new Zend_Form_Element_Submit('submit');
> 22 $submit->setLabel('Submit');
> 23 $this->addElement($submit);
> 24
> 25 }
> 26
> 27 }
> 28
> 29 ?>
>
> And here's the login action:
>
> 30 function loginAction() {
> 31 $form = new My_Form_Login();
> 32 $param = $this->getRequest()->getParams();
> 33
> 34 //Init the view up here, even if we throw it out.
> 35 $this->initView();
> 36
> 37 if(!empty($param['submit']) && $form->isValid($param)) {
> 38 // If the form validated, then we know there are both passwd
> and value fields.
> 39 // Authenticate against the databse. First, get an instance.
> 40 $auth = Zend_Auth::getInstance();
> 41
> 42 // Let's set up the adapter. Don't forget that the password is
> just hashed,
> 43 // while the email has had htmlspecialchars run on it before
> being inserted.
> 44 // This also serves as our input cleaning... no bobby tables!
> 45 $adapt = new
> Zend_Auth_Adapter_DbTable(Zend_Registry::get('db'));
> 46 $adapt->setTableName('users');
> 47 $adapt->setIdentityColumn('login');
> 48 $adapt->setCredentialColumn('sha1password');
> 49 $adapt->setCredential(sha1($param['pass']));
> 50 $adapt->setIdentity(htmlspecialchars($param['login']));
> 51
> 52
> 53 // And run the auth.
> 54 $result = $auth->authenticate($adapt);
> 55
> 56 // Compare the values and do stuff.
> 57 if($result->isValid()) {
> 58 $storage = new Zend_Auth_Storage_Session();
> 59
> $storage->write($adapt->getResultRowObject(array('login','password_reset')));
> 60 $auth->setStorage($storage);
> 61 $this->_redirect('/user/index');
> 62 } else {
> 63 $this->view->message = 'Invalid login. Please try again.';
> 64 $this->view->form = $form;
> 65 }
> 66 } else {
> 67 $this->view->form = $form;
> 68 }
> 69 }
>
> And here's the login form:
> 1 <h1>Administration Login</h1>
> 2 <? if(!empty($this->message)): ?>
> 3 <p class="error"><?= $this->message ?></p>
> 4 <? endif; ?>
> 5 <?= $this->form ?>
> 6
>
>
> The behaviour I'm getting can be reproduced in Firefox and Safari by
> repeating the following steps:
>
> 1) Going to the login form in your browser
> 2) Typing a username in the login field
> 3) Typing an incorrect password
> 4) The form repopulates as expected, and shows the expected error message.
> 5) Type another incorrect password
> 6) The form repopulates with the string 'login' in the login instead of
> the expected user name.
>
>
> Matt, I'll email you a link to my working copy so you can see the
> behaviour.
>
> Thanks!
>
> -Karl
>
