It would be better to design the system so the password is never saved raw in the system, only save hashed. Then if a user wants to recover the password generate a temp and then have them set a new password. Then if you are salting your hashes you have a far more secure application. Just my humble opinion.
Joshua Morris On Mar 31, 2011, at 7:23 PM, Simon Walter <si...@gikaku.com> wrote: > On 31/03/2011 19:48, Steve Rayner wrote: >> Is it possible to get the password field populated when populating a form? >> >> I like the default behaviour for a login form, when the value is not >> populated, but for editing a user's details i want the current >> password populated in the box. >> My only work around at the moment is to use a Zend_Form_Element_Text >> object instead and make the password visible. > > Rather than this, what I do is only if the password field is filled in, I > check it against the password confirmation field and include it in the data > to updated in the DB. > > If there are better ways of doing this, I'm also interested in hearing about > it. > > > > -- > List: fw-general@lists.zend.com > Info: http://framework.zend.com/archives > Unsubscribe: fw-general-unsubscr...@lists.zend.com > > -- List: fw-general@lists.zend.com Info: http://framework.zend.com/archives Unsubscribe: fw-general-unsubscr...@lists.zend.com
