I've searched all over drupal.org for this - Sorry if this is a dupe, I can't believe I'm the first to spot it. it's cosmetic, so not really a big deal.

When asking for a password confirmation (such as when and admin is creating a new user), the password boxes are not marked with a "*" on screen, but are correctly validated by the Forms API as required fields. (Ordinary password fields (such as shown during logon) are correctly marked).

The code that follows demonstrates the problem. You can see it in action by visiting admin/user/user/create as the site admin on your own site (note how username, email etc are marked with a "*" yet password/confirm is not)

$form['account']['pass'] = array(
      '#type' => 'password_confirm',
      '#description' => t('Provide a password for the new account in both fields.'),
      '#required' => TRUE,
      '#size' => 25,
    );

Incidentally, all validation by Forms API seems to work correctly, it's just not marked correctly in HTML output.

CommentFileSizeAuthor
#2 form_pw_patch.txt639 bytescoofercat
#1 form.inc__0.patch569 bytestostinni

Comments

tostinni’s picture

tostinni commented
Status: Active » Needs review
StatusFileSize
new form.inc__0.patch569 bytes

What's happening there is that in this case, the password field is rewritten to be expanded and to display 2 textfield to put both password and confirmation.
Looking at expand_password_confirm function, I think it should also take care of the #required attribute which it doesn't.

So I added this part and I think it solves the problem.

  if (isset($element['#required])) {
    $element['pass1']['#required] = $element['pass2']['#required] = $element['#required];
  }
coofercat’s picture

coofercat commented
StatusFileSize
new form_pw_patch.txt639 bytes

Looks good to me - both boxes marked with a "*". However, there are typos in your patch. It should be:

  if (isset($element['#required'])) {
    $element['pass1']['#required'] = $element['pass2']['#required'] = $element['#required'];
  }

(You're missing some single quotes after each #required). Otherwise, all good. Updated patch attached.

tostinni’s picture

tostinni commented

Ups... my editor eat the quotes... thanks for the review.
Note that the "*" only appears when password is really needed (ie when creating new user), if you're just updating a user, it's optional.

dries’s picture

dries commented

Coding style: we'll want to write that in two lines, rather than on one line with two assignments.

Why do we assign $element['#required'] rather than TRUE?

Also, what code is currently checking that the password field is required? Can it be simplified when we was in the required attribute? With the required attribute, the form API should take care of this, rather than any _validate callbacks.

tostinni’s picture

tostinni commented

Coding style: we'll want to write that in two lines, rather than on one line with two assignments.

Why do we assign $element['#required'] rather than TRUE?

I just copy/modify the same code used to set the #size attribute.

Also, what code is currently checking that the password field is required? Can it be simplified when we was in the required attribute? With the required attribute, the form API should take care of this, rather than any _validate callbacks.

The validation is done by password_confirm_validate 

  if (!empty($pass1)) {
    //...
  }
  elseif ($form['#required'] && !empty($form['#post'])) {
    form_error($form, t('Password field is required.'));
  }

But I'm not very sure how to take care of this without any _validate callbacks, my knowledge of form API is very very limited...

drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Needs review » Closed (duplicate)

This has already been fixed:

http://drupal.org/node/136067