
Re: [fw-mvc] Prepopulating a password field with Zend_Form

Zend_Form is removing the value completely from the input field when the form is rendered.

// Try to pre-populate the password field <?php   $form->password->setValue('test'); echo $form;  ?>  // Snippet of output: <input type="password" name="password" id="password" value="" />  // Expected output: <input type="password" name="password" id="password" value="test" /> 

I'm not entirely convinced that showing an empty field is the best way to go in this case, but I can try to make it work without causing confusion. Thanks for all your help :)


Jeremy Brown wrote:


If anything I'd like to fill the password field with "xxxxxx" just to give the appearance of a filled-out password field, but that doesn't seem possible with Zend_Form as it keeps hiding the value.



Actually, it's the browser that keeps hiding the password, not Zend_Form.  The field type of 'password' means something special to each browser, but most agree that they should display any value provided as asterisks, bullets or some other mechanism of obscuring the contents.


In the sense that Zend_Form is outputting a password field I suppose you could say it is hiding it, but in reality, it is the browser.




Jeremy Brown
Senior Web Developer

Spear One


From: Hector Virgen [mailto:djvirgen@gmail.com]
Sent: Monday, August 04, 2008 4:22 PM
To: Bill Karwin
Cc: fw-mvc@lists.zend.com
Subject: Re: [fw-mvc] Prepopulating a password field with Zend_Form


Thanks for your input, Bill. This field is not going to be used for a login form. It's for a password manager, and the password will have to be stored in plain text (or reversible encryption) so it can be forwarded to the correct application.

It's making sense to me now that the password should never be placed back into the form, but I am considering the user's perspective. If the form is loaded with an empty password field, the user may think it didn't get saved.

If anything I'd like to fill the password field with "xxxxxx" just to give the appearance of a filled-out password field, but that doesn't seem possible with Zend_Form as it keeps hiding the value.

For now I have added a description decorator that reads "enter the password only if you need to change it" and on the server side I'm ignoring empty posted passwords. It doesn't seem user friendly but I'll try to make it work for our users. Thanks again for the help :)


Bill Karwin wrote:

Hector Virgen wrote:
I have a password field in one of my forms. How can I pre-populate that
field with a value? I have tried setting the value with
$form->password->setValue() but when the form is rendered the password
shows up blank. I know this is the intended behavior for login forms, but
the form I am working with now is not a login form. Thanks for the help!
It doesn't matter if it's a login form.  You should never pre-populate a
password field.
You shouldn't even store a password in plaintext; instead you should store a
one-way hash of the salted password.  So therefore you should never be able
to retrieve the value with which you would pre-populate the password field.
Bill Karwin
