User crud showing password

Hi, I’m having some issues to avoid the field contrasena (means p@ssw0rd in spanish) to be full when I’m upd@ting a record on my CRUD, because they could just inspect the element and know other users p@ssw0rd, I want it to be empty, any idea about how to fix it? my _form is attached, thanks!

One way you can do this:

Do not use contrasena in your _form. Create new propery in your Operador model that will hold the new user pass ( the one that users will enter in update form ).


In your Operador model create new public property, and create rules for it:

public $newPassword;

public function rules()


    return [

        // other rules

        ['newPassword', 'string', 'min' => 6],



I advise you not to make this field required, because user may not want to change password, maybe they only want to change username or email or whatever else u have.

Next inside your update action of your OperadorController you want to check did user changed his password, and in case he did, you want to hash and save it to database.

public function actionUpdate($id)


    $model = $this->findModel($id);

    // other code

    if ($model->load(Yii::$app->request->post())) 


        // only if user entered new password we want to hash and save it

        if ($model->newPassword) 





        // you may want to redirect them to some other view, just update this code

        if ($model->save()) 


            return $this->redirect('index');



    return $this->render('update', [

        'model' => $model,



And now inside your _form, use this $newPassword property instead of contrasena:

<?= $form->field($model, 'newPassword')->passwordInput(['placeholder' => 'New password.']) ?>

Amazing answer mate!, thank you very much! Works like a charm :D

No problem, I’m glad I helped :D