I am starting to really dislike the PHP function isset().  Today, I was working on a registration system in CakePHP and my password validation was not working.  If I left the password field blank and clicked submit, it would come back with other errors, but then the password would come back populated with a long string - a hashed version of an empty string!

After some investigation, I discovered that the AuthComponent in CakePHP was doing an isset() check on the username and password fields.  If isset() returned true for both, it would hash the password.