OpenWGA 7.6 - WebTML reference

WebTML tags » input

<tml:input type="hashedpassword" >

Purpose:

Defines an input field for a password. Instead of the original value this field stores only the hashed value in the content document. The original value is not recoverable from these hash.

Description:

This input type can be used to provide a password input which should not store the cleartext value in the database. Instead of the cleartext password information only the hash value will be stored. Too use such a password for a user authentication the value entered during login should be hashed with the same algorithm and compared to the stored hashed value.

The validation rules of this field type have the following special behavior:
  • If a validation rule exists on the input field this rule is only executed if the field value has been changed by the user. In this case the variable $E_VALUE contains the user entered not hashed value. This is useful to perform validations for e.g. on the password length.
  • In all other cases $E_VALUE contains the hashed value of the password.
  • $P_VALUE contains always the hashed value.

Examples:

An example for a "set password" dialog:
<tml:form id="setPassword" source="profile">
    Password: <tml:input type="hashedpassword" name="pwd"/>
    Password Confirmation: <tml:input type="hashedpassword" name="pwdConfirm"/>

    <tml:validate condition="tmlform.enteredValue('pwd') == tmlform.enteredValue('pwdConfirm')">
        The passwords did not match!
    </tml:validate>
    <tml:button clickaction="$store">Save</tml:button>
</tml:form>


An example for a login dialog using the hashed password:
<tml:action id="login">
    if (tmlform.parsedValue("pwd") == profile.pwd) {
       setSessionVar("loggedin", true);
    }
</tml:action>

<tml:form id="login" source="none">
    Password: <tml:input type="hashedpassword" name="pwd"/>
    <tml:button clickaction="login">Login</tml:button>
</tml:form>