Chapters
-
Course Code
Subscribe to download the code!Compatible PHP versions: >=5.3.3
Subscribe to download the code!Compatible PHP versions: >=5.3.3
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Cleaning up with a plainPassword Field
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Cleaning up with a plainPassword Field¶
We’re abusing our password field. It temporarily stores the plain text submitted password and then later stores the encoded version. This is a bad idea. What if we forget to encode a user’s password? The plain-text password would be saved to the database instead of throwing an error. And storing plain text passwords is definitely against the Jedi Code!
Instead, create a new property on the User entity called plainPassword. Let’s also add the getter and setter method for it:
private $plainPassword;
// ...
public function getPlainPassword()
{
return $this->plainPassword;
}
public function setPlainPassword($plainPassword)
{
$this->plainPassword = $plainPassword;
return $this;
}
This property is just like the others, except that it’s not actually persisted to the database. It exists just as a temporary place to store data.
Using eraseCredentials¶
Find the eraseCredentials method and clear out the plainPassword field:
public function eraseCredentials()
{
$this->plainPassword = null;
}
This method isn’t really important, but it’s called during the authentication process and its purpose is to make sure your User doesn’t have any sensitive data on it.
Using plainPassword¶
Now, update the form code - changing the field name from password to plainPassword:
// src/Yoda/UserBundle/Controller/RegisterController.php
// ...
public function registerAction(Request $request)
{
// ...
$form = $this->createFormBuilder(...)
// ...
->add('plainPassword', 'repeated', array(
'type' => 'password',
))
->getForm()
;
// ...
}
Also don’t forget to update the template:
{# src/Yoda/UserBundle/Resources/views/Register/register.html.twig #}
{# ... #}
{{ form_row(form.plainPassword.first, {
'label': 'Password'
}) }}
{{ form_row(form.plainPassword.second, {
'label': 'Repeat Password'
}) }}
Now, when the form submits, the plainPassword is populated on the User. Use it to set the real, encoded password property:
// inside registerAction()
$user->setPassword(
$this->encodePassword($user, $user->getPlainPassword())
);
Let’s try it out! I’ll register as a new user and then try to login. Once again, things work perfectly!
Comments
"Houston: no signs of life"
Start the conversation!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=5.3.3",
"symfony/symfony": "~2.4", // v2.4.2
"doctrine/orm": "~2.2,>=2.2.3", // v2.4.2
"doctrine/doctrine-bundle": "~1.2", // v1.2.0
"twig/extensions": "~1.0", // v1.0.1
"symfony/assetic-bundle": "~2.3", // v2.3.0
"symfony/swiftmailer-bundle": "~2.3", // v2.3.5
"symfony/monolog-bundle": "~2.4", // v2.5.0
"sensio/distribution-bundle": "~2.3", // v2.3.4
"sensio/framework-extra-bundle": "~3.0", // v3.0.0
"sensio/generator-bundle": "~2.3", // v2.3.4
"incenteev/composer-parameter-handler": "~2.0", // v2.1.0
"doctrine/doctrine-fixtures-bundle": "~2.2.0", // v2.2.0
"ircmaxell/password-compat": "~1.0.3", // 1.0.3
"phpunit/phpunit": "~4.1" // 4.1.0
}
}