PDA

View Full Version : [Solved] Exclude value by submitting form



nicobarten
19 Aug 2009, 3:28 AM
Hi,

I'm using a login component somebody here made. When the username and password fields have been filled, the user clicks on the 'Login' button. On that moment, the code uses the sha1 encryption on the password textfield, and then submit's the form to a php file (which connects with db, etc).

The problem is that the new sha1 encoded password also appears in the password textfield (in black circles, but still..).

This was the code:



if(this.encrypt) {
Ext.getCmp(this._passwordId).setRawValue(
Ext.ux.Crypto.SHA1.hash(this.salt + Ext.getCmp(this._passwordId).getValue())
);
}

if(this.fireEvent('submit', this, form.getValues()))
{
this.setMessage (this.message);
form.submit ({
url : this.url,
method : this.method,
waitMsg : this.waitMessage,
success : this.onSuccess,
failure : this.onFailure,
scope : this
});
}Now i edited this way:



if(this.encrypt) {
this.password = Ext.ux.Crypto.SHA1.hash(this.salt + Ext.getCmp(this._passwordId).getValue());
}

if(this.fireEvent('submit', this, form.getValues()))
{
this.setMessage (this.message);
form.submit ({
url : this.url,
method : this.method,
params : {password: this.password},
waitMsg : this.waitMessage,
success : this.onSuccess,
failure : this.onFailure,
scope : this
});
}So instead of changing the password textfield's value, i set the new sha1 encoded password in a variable and added it to the params at the submit.

However, when it submits now, it still sends the password textfield's value, which is the unencrypted password (together with the encrypted password which i added at params).

Like this:

password: afad13cf1941af4ad3101bdf30f087f7dfe27c99
password: blub
username: william

So how can i set it so that the password textfield's isn't send automatically at the form's submit?

Condor
19 Aug 2009, 3:34 AM
You could disable the password field before submitting the form.

benny
19 Aug 2009, 3:37 AM
Perhaps just use the original code - but add variable to hold the password before it's hashed, then once the form has been submitted, use your tem vriable to update the password field back to the original....

copy the original password to a temp variable
let the code hash the password field
submit the form
reset the password field back to the original using the temp variable

nicobarten
19 Aug 2009, 3:50 AM
@condor: that won't work...

@benny: I tried that first too, but i think the process is asynchronous, because when i change the textfield's value to the old value right after the form.submit() code, it sends the unencrypted value. After that i tried in the success event, but then the user still sees the encrypted value in the textfield while they are waiting on the response from the server....

Isn't it really possible to 'exclude' a textfield from a form, without having to kill the whole code (so a property or something like that...)?

steffenk
19 Aug 2009, 3:54 AM
use a hidden field for the encrypted password called password, rename the visible one

nicobarten
19 Aug 2009, 3:59 AM
But then it would send the hidden one (encrypted password) and the visible one (unencrypted password)! The meaning of encrypting it would dissappear...

steffenk
19 Aug 2009, 4:12 AM
then set password field to '' before submitting

nicobarten
19 Aug 2009, 4:33 AM
When i do that the value is set to nothing (''), and because my vtype doesn't allow it to be empty, it doesn't send the request to the server.

If i just had a method or parameter to exclude the password field from the submit request... (:|

Condor
19 Aug 2009, 4:45 AM
As I already said:
- Disable the password field (so it isn't submitted).
- Send the encrypted password in the params of the submit().

nicobarten
19 Aug 2009, 4:59 AM
As I already said:
- Disable the password field (so it isn't submitted).
- Send the encrypted password in the params of the submit().

Seems i didn't try too well with your method the previous time, this time it worked :D Thanks!

Still i vote for a component (like a textfield) parameter to be able to exclude it from the form's submit... would be useful sometimes i think.

Animal
19 Aug 2009, 5:01 AM
Omitting the name means that a field won't be submitted.

nicobarten
19 Aug 2009, 5:06 AM
@Animal: I tried that too, but somehow the script didn't work too well when i did that. And i don't have the time to rewrite it completely... anyway, Condor's method worked.

Condor
19 Aug 2009, 5:07 AM
Omitting the name means that a field won't be submitted.

Should work, but Ext.form.Field will use the id as name if no name is specified.