Edit user page - password overwrite

Wappler General How To
#1

I have a user`s edit page, where admin should be able to modify any of the avalible fields.

the data is passed from mysql as it should.
password filed is marked as password, so it is hidden symbols.

image
image1351×660 15.9 KB

the problem is, if admin wants to modify only lets say status or tel number.
Without any changes to password field.

what happens is, the hash value from the db which is hidden on page, is passed again to update server action, and sha256 encryption happens again.

image
image763×552 27.2 KB

so every time admin goes and modifies any field, password is modified as well…

please advice how to avoid it.

thanks

#2

Well, it’s not a good idea to return the hashed value back to the page. Just remove the dynamic value from the password field.

#3

Hi Teodor, please advice how do i do it, without loosing the ability to modify the password field in case needed (send update command)

#4

okay, i figured it,

thank you!

#5

Just remove the value from the input :slight_smile:
Then in the update record step use the condition option to only update the data if there is data entered in the input:

Screenshot_53
Screenshot_531003×338 56.6 KB

2 Likes
#6

so it is a good practice to add such condition to all fields?

i mean if there was no changes to the field, no need to perform any update, right?

#7

You don’t need to add it to all the fields.
The issue is with the password input, as you first hash the password on save, then you put the hash in the input and on save it gets hashed again so another value is inserted.
The rest of the fields will be updated only on change.

#8

is this the correct way:

image
image908×128 4.59 KB

#9

Yes, this should to the job.
But also make sure to remove the dmx-bind:value from the input in the form.

#10

Hi @Teodor.
i am having issue with this field (password)
all other fields updated and work, however password field updates are not saved, and no error displayed
example:
http://dino.serviceclientele.net/admin/edituser.php?id=4

i have removed dynamic attributes from it
and added the condition as on image on post above.
in database password field is set to char 64

image
image1142×653 63.2 KB

image
image926×358 20 KB

image
image759×521 17.4 KB

please advice what am i missing\doing wrong

Login error serverconnectForm.js:249
#11

condition should be {{$_POST.user_password}}

1 Like