Edit user page - password overwrite

I have a user`s edit page, where admin should be able to modify any of the avalible fields.

the data is passed from mysql as it should.
password filed is marked as password, so it is hidden symbols.

the problem is, if admin wants to modify only lets say status or tel number.
Without any changes to password field.

what happens is, the hash value from the db which is hidden on page, is passed again to update server action, and sha256 encryption happens again.

so every time admin goes and modifies any field, password is modified as well…

please advice how to avoid it.


Well, it’s not a good idea to return the hashed value back to the page. Just remove the dynamic value from the password field.

Hi Teodor, please advice how do i do it, without loosing the ability to modify the password field in case needed (send update command)

okay, i figured it,

thank you!

Just remove the value from the input :slight_smile:
Then in the update record step use the condition option to only update the data if there is data entered in the input:


so it is a good practice to add such condition to all fields?

i mean if there was no changes to the field, no need to perform any update, right?

You don’t need to add it to all the fields.
The issue is with the password input, as you first hash the password on save, then you put the hash in the input and on save it gets hashed again so another value is inserted.
The rest of the fields will be updated only on change.

is this the correct way:

Yes, this should to the job.
But also make sure to remove the dmx-bind:value from the input in the form.

Hi @Teodor.
i am having issue with this field (password)
all other fields updated and work, however password field updates are not saved, and no error displayed

i have removed dynamic attributes from it
and added the condition as on image on post above.
in database password field is set to char 64

please advice what am i missing\doing wrong

condition should be {{$_POST.user_password}}

1 Like