Tutorial: How to create a password dialog

Tutorial: How to create a password dialog

Hi all,

I like Zoho Creator so much, that I thought I will post some of the insights i got of working with it. This tutorial will show you, how to password protect the editing of records - on the example of a simple forum.

Imagine a forum dialog with two text fields, the title of the post and the post itself. Usually you would want people to be able to edit their own posts, but not the posts of the others. On a public forum (application access = public) you probably want to password protect the editing of the post. Lets do it.

1. Add three single line text fields to the dialog called:

password
password_change
stored_password

2. Hide the stored_password field from the other users. Edit the stored_password field, go to "Options" and check "Hide this field from other users".

3. Now we need a little Deluge for making the magic happen. Open the "Script" tab, Select your form and add the following code for form actions (left side).
Hint: replace "myform" by the name of your form in the code.

On Add / On Load:
hide password_change
because we dont need a change password field, when creating a post.

On Add / On Success:

d = myform [ID == input.ID];
d.stored_password = input.password;
d.passwd = "";


. This will copy the password entered in the password field to the hidden stored_password field and clear the password field itself.

On Edit / On Validate:

d = myform [ID == input.ID];
if (input.password != d.stored_password)
{
alert "Password is wrong. Please try again.";
cancel submit;
}





This is the password check. The post can only be edited, when the password entered is equal to the hidden stored password.

On Edit / On Success:

d = myform [ID == input.ID];
if (input.change_password != "") {
d.stored_password = input.change_password;
}
d.password = "";
d.change_password = "";





This code allows the user to change the password of the post using the "change password" field. Remember that we already checked if the old password was entered correctly. We clear out the password and the change_password, because if we did not, the input would be saved to the database and the next user would see it when trying to edit or view the post.

And thats it. You should now have a password protected dialog with the possiblity to change the password, and edit the post only if you know the password. You might ask now: why do I need a stored_password field? Why can't I just have a password field, clear it out on "Edit / On Load" and then compare it to the database value. I tried it - the problem with this approach is, when clicking on "edit" the user will be able to see the password for a split second, before it is cleared out by the event. Thats why you need a real hidden field for the password.

Well, thats it! I hope you enjoyed the post and may transfer this approach to many other applications. You can even create a complete user database with that approach, letting them signup on some form choosing a password, and then check for the credentials before they do other actions in your application.

Greetings, Mathias