it's not validating my form data - php

i have form like this
my form
<?php
$error = $model->getErrors();
print_r($error);
<form method="post" action="<?php echo Yii::app()->getBaseUrl(true).'/index.php/admin/user/resetpassword'?>" enctype="multipart/form-data">
<div class="row">
<label>Old Password</label><input type="password" name="oldpassword" value="<?php echo $model->email; ?>"/><span><?php if(isset($error['email'])) echo $error['email'][0]; ?></span>
</div>
<div class="row">
<label>New Password</label><input type="password" name="newpassword"/><span><?php if(isset($error['password'])) echo $error['password'][0]; ?></span>
</div>
<div class="row">
<label>Repeat Password</label><input type="password" name="repeatpassword" value="<?php echo $model->employeeid; ?>"/><span><?php if(isset($error['employeeid'])) echo $error['employeeid'][0]; ?></span>
</div>
<?php echo CHtml::submitButton($model->isNewRecord ? 'Reset Password' : 'Save'); ?>
</form>
my model class is
class User extends CActiveRecord
{
public $oldpassword;
public $newpassword;
public $repeatpassword;
/**
* #return string the associated database table name
*/
public function tableName()
{
return 'user';
}
/**
* #return array validation rules for model attributes.
*/
public function rules()
{
// NOTE: you should only define rules for those attributes that
// will receive user inputs.
return array(
array('email, password, employeeid, designation, manager, profilepic', 'required','except'=>'resetpassword'),
array('email','email'), array('profilepic','file','types'=>'jpg,jpeg,png','allowEmpty'=>true,'on'=>'update'),
array('email,employeeid','unique'),
array('newpassword, repeatpassword, oldpassword','required','on'=>'resetpassword'),
array('repeatpassword','compare','compareAttribute'=>'newpassword','on'=>'resetpassword'),
array('email, password, employeeid, designation, manager, profilepic', 'safe', 'on'=>'search'),
);
}
my controller function
public function actionResetPassword()
{
$model = new User('resetpassword');
if(Yii::app()->request->isPostRequest)
{
if($model->validate())
$this->redirect(array('resetpassword','msg'=>'Password successfully changed..'));
}
$this->render('resetpassword',array('model'=>$model));
}
it always giving error say "oldpassword,repeatpassword,newpassword required" even though have entered value..
can anybody help me pls
Thanks in advance


it's because you are not assigning form value to model variable...
try this in your controller
if(Yii::app()->request->isPostRequest)
{
$model->oldpassword=$_POST['oldpassword']; //will set to model variable
$model->newpassword=$_POST['newpassword'];
$model->repeatpassword=$_POST['repeatpassword'];
if($model->validate())
$this->redirect(array('resetpassword','msg'=>'Password successfully changed..'));
}
hope it may solve your problem


As mentioned by Kalpit above, you are not assigning form inputs to your model instance.
You may also solve this problem like this..
$model = new User;
if(isset($_POST['resetpassword']))
{
$model->attributes=$_POST['resetpassword'];
if($model->save())
// successfully saved, do something here
}

Related

check the array if it is empty or not that is received from the FORM that has CSRF generate token

Since I am using csrf in the form, the array $data that is passed in request function is never empty.
How to resolve this so that when i submit the form without any input fields filled, I get "data is empty"?
view.blade.php
<form action="{{url('/userdata')}}" method="POST">
#csrf
<div class="form-group">
<label for="name">Name:</label>
<input type="text" class="form-control" name="name">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
Controller.php
public function userdata(Request $request)
{
$data=$request ->all();
if(!empty($data)){
echo "data is filled";
}else{
echo "data is empty";
}
}

You can use required in the input fields if you don't want the form to submit empty.
<form action="{{url('/userdata')}}" method="POST">
#csrf
<div class="form-group">
<label for="name">Name:</label>
<input type="text" class="form-control" name="name" required>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
Otherwise if name is your only field you can do this:
public function userdata(Request $request){
$data = $request->except(["_token"]);
if($data['name'] != ""){
echo "data is filled";
} else {
echo "data is empty";
}
}

You can use the get() method:
public function userdata(Request $request){
$data = $request->get("_token");
if(!empty($data)){
echo "data is filled";
} else {
echo "data is empty";
}
}

Sorry I misunderstood your question on my first answer. A value will always be submitted for input elements on the page, even if they're empty. The proper way to do this is to create a request validation.
Create something like this class, though much neater I'm sure ;)
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class StoreUserdata extends FormRequest {
public function authorize() {return true;}
public function rules() {
return ["name" => ["required", "max:64"]];
}
}
And then edit the signature of your controller method so instead of expecting a Request it looks for your validation class (don't forget a use statement above):
public function userdata(StoreUserdata $request){
// ....
}
Now, your requests will fail if the name input is empty, or is too long. There are a lot of possible validation rules.

Laravel Auth::attempt failing each time

I have created a test user on my laravel app. The details are
user: joe#gmail.com pass: 123456
When I go through the registration process everything works as expected and an entry is made into the users table of the database
Once this is finished I redirect the user to the dashboard.
public function postCreate(){
//Rules
$rules = array(
'fname'=>'required|alpha|min:2',
'lname'=>'required|alpha|min:2',
'email'=>'required|email|unique:users',
'password'=>'required|alpha_num|between:6,12|confirmed',
'password_confirmation'=>'required|alpha_num|between:6,12'
);
$validator = Validator::make(Input::all(), $rules);
if($validator->passes()){
//Save in DB - Success
$user = new User;
$user->fname = Input::get('fname'); //Get the details of form
$user->lname = Input::get('lname');
$user->email = Input::get('email');
$user->password = Hash::make(Input::get('password'));//Encrypt the password
$user->save();
return Redirect::to('/books')->with('Thank you for Registering!');
}else{
//Display error - Failed
return Redirect::to('/')->with('message', 'The Following Errors occurred')->withErrors($validator)->withInput();
}
}
I then navigate back to the landing page and attempt to log in using the credentials above and I keep getting told that Auth::attempt() is failing hence my user cannot log into the application.
public function login(){
if(Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password')))){
//Login Success
echo "Success"; die();
return Redirect::to('/books');
}else{
//Login failed
echo "Fail"; die();
return Redirect::to('/')->with('message', 'Your username/password combination was incorrect')->withInput();
}
}
Does anyone know why this is happening? This is the Schema for my users table:
Schema::create('users', function($table){
$table->increments('id');
$table->integer('type')->unsigned();
$table->string('fname', 255);
$table->string('lname', 255);
$table->string('email')->unique();
$table->string('password', 60);
$table->string('school', 255);
$table->string('address_1', 255);
$table->string('address_2', 255);
$table->string('address_3', 255);
$table->string('address_4', 255);
$table->string('remember_token', 100);
$table->timestamps();
});
Any help is much appreciated.
'View for Login':
<div class="page-header">
<h1>Home page</h1>
</div>
<!-- Register Form -->
<form action="{{ action('UsersController#postCreate') }}" method="post" role="form">
<h2 class="form-signup-heading">Register</h2>
<!-- Display Errors -->
<ul>
#foreach($errors->all() as $error)
<li>{{ $error }}</li>
#endforeach
</ul>
<!-- First Name -->
<div class="form-group">
<label>First Name</label>
<input type="text" class="form-control" name="fname" />
</div>
<!-- Last Name -->
<div class="form-group">
<label>Last Name</label>
<input type="text" class="form-control" name="lname" />
</div>
<!-- Email -->
<div class="form-group">
<label>Email</label>
<input type="text" class="form-control" name="email" />
</div>
<!-- Password-->
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" name="password" />
</div>
<!-- Confirm Password -->
<div class="form-group">
<label>Confirm Password</label>
<input type="password" class="form-control" name="password_confirmation" />
</div>
<input type="submit" value="Register" class="btn btn-primary"/>
</form>
<!-- Login Form -->
<form action="{{ action('UsersController#login') }}" method="post" role="form">
<h2 class="form-signup-heading">Login</h2>
<!-- Email -->
<div class="form-group">
<label>Email</label>
<input type="text" class="form-control" name="email" />
</div>
<!-- Password-->
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" name="password" />
</div>
<input type="submit" value="Login" class="btn btn-primary"/>
</form>

Can you run this function below - and tell me where the error occurs? It will diagnose the problem:
public function testLogin()
{
$user = new User;
$user->fname = 'joe';
$user->lname = 'joe';
$user->email = 'joe#gmail.com';
$user->password = Hash::make('123456');
if ( ! ($user->save()))
{
dd('user is not being saved to database properly - this is the problem');
}
if ( ! (Hash::check('123456', Hash::make('123456'))))
{
dd('hashing of password is not working correctly - this is the problem');
}
if ( ! (Auth::attempt(array('email' => 'joe#gmail.com', 'password' => '123456'))))
{
dd('storage of user password is not working correctly - this is the problem');
}
else
{
dd('everything is working when the correct data is supplied - so the problem is related to your forms and the data being passed to the function');
}
}
Edit: one thought - are you sure the user is being correctly saved in the database? Have you tried to 'empty/delete' your database and try your code again? In your current code, it will fail if you keep registering with joe#gmail.com - because it is unique. But you dont catch the error anywhere. So empty the database and try again...
Edit 2: I found another question you posted with the same problem - and in there you mentioned that the following code is your user model?
use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;
class User extends Eloquent implements UserInterface, RemindableInterface {
use UserTrait, RemindableTrait;
/**
* The database table used by the model.
*
* #var string
*/
protected $table = 'users';
/**
* The attributes excluded from the model's JSON form.
*
* #var array
*/
protected $hidden = array('password');
public function getAuthIdentifier() {
}
public function getAuthPassword() {
}
public function getRememberToken() {
}
public function getRememberTokenName() {
}
public function getReminderEmail() {
}
public function setRememberToken($value) {
}
}
Is that EXACTLY your current user model? Because if so - it is wrong - none of those functions should be blank.
This is what a CORRECT user model should look like for Laravel 4.2
use Illuminate\Auth\UserTrait;
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableTrait;
use Illuminate\Auth\Reminders\RemindableInterface;
class User extends Eloquent implements UserInterface, RemindableInterface {
use UserTrait, RemindableTrait;
/**
* The database table used by the model.
*
* #var string
*/
protected $table = 'users';
/**
* The attributes excluded from the model's JSON form.
*
* #var array
*/
protected $hidden = array('password', 'remember_token');
}

You would make sure about:
your model:
mine looks like:
use Illuminate\Auth\UserInterface;
use Illuminate\Auth\Reminders\RemindableInterface;
class User extends Eloquent implements UserInterface, RemindableInterface {
protected $table = 'users';
protected $hidden = array('password');
public function getAuthIdentifier()
{
Return $this->getKey ();
}
public function getAuthPassword()
{
return $this->password;
}
}
make sure your app/config/auth.php is configured correctly
make sure app/config/app.php has service provider
'Illuminate\Auth\AuthServiceProvider',
Make sure your controller class has auth. before writing class you have used Auth (I mean include Auth class)
That all could make Auth doesn't work well

With password hashing enabled, the User model must override these methods:
public function getAuthIdentifierName()
{
return 'email';
}
public function getAuthIdentifier()
{
return request()->get('email');
}
public function getAuthPassword()
{
return Hash::make(request()->get('password'));
}

What is the value for strlen(Hash::make(Input::get('password')))? If it is greater than 60, then this would cause the authentication to fail each time, as the stored password is not the full hash.

Good day, here is what I discovered when I encountered the same error: A simple string compare will reveal that the two hashing methods produce two different hashed values.
echo strcmp(Hash::make('password'),bcrypt('password'));
My assumption is that Auth::attempt([]) uses bcrypt() to hash out passwords which produces a different value to what you used Hash:make().

validate unique username from a different model

in a form i'm working on, it will check if username was empty on registration and prompt to input a username before a user ads a comment.
i tired adding unique in my rules in my comment class, but it doesn't validate on ajax post
class Comment extends CActiveRecord
{
/**
* #return array validation rules for model attributes.
*/
public function rules()
{
return array(
array('username', 'unique','className'=>'User','attributeName'=>'username','message'=>"Username already exists"),
);
}
in my view
echo '<div class="form-group">
'.$form->labelEx($user,'username', array('class'=>'col-md-3 control-label')).'
<div class="col-md-9">
'.$form->textField($user,'username',array('class'=>'form-control input-md')).'
'.$form->error($user,'username').'
</div>
</div>';
//the output looks like this
/*<label class="col-md-3 control-label" for="User_username">Username</label>
<div class="col-md-9">
<input class="form-control input-md" name="User[username]" id="User_username" type="text" value="" />
<div class="errorMessage" id="User_username_em_" style="display:none"></div>
</div>*/
in my controller
public function actionCreate()
{
/** #var Comment $comment */
$comment = Yii::createComponent($this->module->commentModelClass);
// Uncomment the following line if AJAX validation is needed
$a=new User;
$b=new Comment;
$this->performAjaxValidation(array($a,$b));
//end of Ajax validation
.....
.....
.....
}
/**
* Performs the AJAX validation.
* #param CModel the model to be validated
*/
protected function performAjaxValidation($model)
{
if(isset($_POST['ajax']) && $_POST['ajax']==='ext-comment-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
}
the return Json is
{"Comment_username":["Nick Name cannot be blank."],"Comment_title":["Review Title cannot be blank."]}
any idea what i'm doing wrong?

problem solved.
had to add
array('username', 'unique'),
in my User class and NOT in my comment class

display form error messages underneath the input fields Phalcon php

Is there a way to display error messages underneath the input fields of a form if a field didn't pass validation? Can I somehow process form in the same action (User/index in my case) that the form is displayed and then send those error messages to view? What I have is : index.volt:
<div class="loginForm">
<form action=<?= $form->getAction(); ?> method="POST">
<label for="username">Username: </label>
<?= $form->render('username'); ?>
<br/>
<label for="password">Password: </label>
<?= $form->render('password'); ?>
<br>
<?= $form->render('login'); ?>
</form>
</div>
LoginForm.php:
<?php
use Phalcon\Forms\Form,
Phalcon\Forms\Element\Text,
Phalcon\Forms\Element\Password,
Phalcon\Forms\Element\Submit,
Phalcon\Validation\Validator\PresenceOf,
Phalcon\Validation\Validator\StringLength;
class LoginForm extends Form {
public function initialize()
{
$this->setAction('login');
$username = new Text('username');
$username->addValidator(new PresenceOf(array (
'message' => 'Can\'t be empty'
)));
$password = new Password('password');
$password->addValidator(new PresenceOf(array (
'message' => 'Can\'t be empty'
)));
$submit = new Submit('login', array('value' => 'Login'));
$this->add($username);
$this->add($password);
$this->add($submit);
}
}
And UserController.php:
<?php
class UserController extends \Phalcon\Mvc\Controller
{
/**
* login form
* #var LoginForm
*/
private $_loginForm;
public function initialize()
{
$this->_loginForm = new LoginForm();
}
public function indexAction()
{
$this->view->setVar('form', $this->_loginForm);
}
public function loginAction()
{
if($this->request->isPost()) {
if (!$this->_loginForm->isValid($this->request->getPost())) {
foreach ($this->_loginForm->getMessages() as $message) {
echo $message. '<br />';
// redirect to User/index and pass error messages to view to display them to a user
}
}
}
}
}
EDIT:
Or it would be even better to process this form on the same action that it is displayed. How can I do this?

First, what you have provided in your index.volt isn't volt content. See here how to configure Volt and use the Volt language in your views.
What you're asking for is called flashing messages in Phalcon.
Unfortunately, in the current version you can just flash messages based on type(success, error, warning, etc.) but you can create your own type, so let's fake that the type means the input name.
UserController.php
...
public function loginAction()
{
if($this->request->isPost()) {
if (!$this->_loginForm->isValid($this->request->getPost())) {
$messages = $this->_loginForm->getMessages();
$userMessage = $messages->filter('username');
if(count($userMessage))
$this->flash->message('username', $userMessage[0]);
$passMessage = $messages->filter('password');
if(count($passMessage))
$this->flash->message('username', $passMessage[0]);
return $this->dispatcher->forward(["action" => "index"]);
} else {
//Login
}
}
index.volt
<div class="loginForm">
<form action="{{form.getAction()}}" method="POST">
<label for="username">Username: </label>
{{form.render('username')}}<br/>
{{ flash.has('username') ? flash.output('username') : '' }}
<label for="password">Password: </label>
{{form.render('password')}}<br>
{{ flash.has('password') ? flash.output('password') : '' }}
{{form.render('login')}}
</form>
</div>

User registration with CodeIgniter

I'm trying to build a registration system with CodeIgniter. I have a controller called Register with the following code:
class Register extends CI_Controller {
public function index()
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<span class="error">', '</span>');
$this->form_validation->set_rules('username', 'username', 'required|min_length[3]|max_length[12]|trim');
$this->form_validation->set_rules('password', 'password', 'required|min_length[2]|md5');
$this->form_validation->set_rules('email', 'email', 'required|valid_email|trim');
$this->form_validation->set_rules('artist', 'artist', 'max_length[32]|trim');
$this->form_validation->set_rules('captcha', 'CAPTCHA', 'required|trim');
$this->load->view('header');
if(!$this->form_validation->run())
{
$this->load->view('register_form');
}
else
{
$this->load->view('register_done');
}
$this->load->view('footer');
}
}
So far so good. If I go to the register page I get the registration form displayed. If I send the form and it passes the form validation checks, I get the success page, if the form has errors, I get the form back with some error messages.
Now what I want to do is the database stuff. I have some idea of how I can get the POST values from the registration form into my database, but no clue how I can check if a username or email already exists, and if so, display that error on the registration form. Here's my registration form view:
<?php $this->load->helper('form'); ?>
<?php echo form_open('register'); ?>
<ul id="register">
<ul>
<h3>Account information</h3>
<li>
<label for="username">Choose a username</label>
<input type="text" name="username" value="<?php echo set_value('username'); ?>" />
<span class="desc">The name you'd like to be known by</span>
<?php echo form_error('username'); ?>
</li>
<li>
<label for="password">Pick a password</label>
<input type="password" name="password" />
<span class="desc">The best passwords are random and more than 6 characters long</span>
<?php echo form_error('password'); ?>
</li>
<li>
<label for="email">Enter your valid email address</label>
<input type="text" name="email" value="<?php echo set_value('email'); ?>" />
<span class="desc">We'll send you an activation email</span>
<?php echo form_error('email'); ?>
</li>
</ul>
<ul>
<h3>About you</h3>
<li>
<label for="band">Who's your favorite artist?</label>
<input type="text" name="artist" value="<?php echo set_value('artist'); ?>" />
<span class="desc">Don't put Lady GaGa.</span>
<?php echo form_error('artist'); ?>
</li>
</ul>
<ul>
<h3>Security question</h3>
<li>
<label for="captcha">Enter the letters you see in the image</label>
<?php $this->load->helper('captcha');
$cap = create_captcha(array('img_path' => './captcha/', 'img_url' => 'http://localhost/captcha/', 'img_width' => 200, 'img_height' => 30));
$data = array('captcha_time' => $cap['time'], 'ip_address' => $this->input->ip_address(), 'word' => $cap['word']);
$query = $this->db->insert_string('captcha', $data);
$this->db->query($query);
echo $cap['image']; ?>
<input type="text" name="captcha" />
<?php echo form_error('captcha'); ?>
</li>
</ul>
<ul>
<h3 class="submit">
<input type="submit" value="Register" />
</h3>
</ul>
</ul>
<?php echo form_close(); ?>
As you can see, I'm taking advantage of the form_error() function of CI to display form errors right under the field, and I would like the "username already exists" error to also be displayed under the username field.
Can anyone provide some help? Even a nudge in the right direction?
Thanks!

I would strongly urge you to think about using another library that already does this very well: TankAuth. TankAuth is easily modifiable and offers email confirmation, very secure password hashing, a solid database schema, and very clean code.
There's no reason to reinvent the wheel, especially when it comes to something that's very hard to get right like user authentication.
EDIT:
For example, here's everything TankAuth provides security-wise that you'd have to code yourself (if you cared about security) - how much time would that take?
Using phpass library for password hashing (instead of unsafe md5).
Counting login attempt for bruteforce preventing (optional). Failed login attempts determined by IP and by username.
Logging last login IP-address and time (optional).
CAPTCHA for registration and repetitive login attempt (optional).
Unactivated accounts and forgotten password requests auto-expire.

You need to create a model for your controller.
Your model would look like this:
class Register_model extends CI_Model {
function register_user()
{
$data['username'] = $this->input->post('username');
$data['password'] = sha1($this->input->post('password'));
... (your other post data) ...
$this->db->insert('users', $data);
}
}
In your controller you will call the model this way:
$this->load->model('Register_model');
and the method goes here:
else
{
$this->Register_model->register_user();
$this->load->view('register_done');
}
If you want to check if the username is available, you simply put SELECT query on the first lines of the register_user() method (function).

To do the check you should have functions in your model that can look up those types of things for you:
class Model{
function getUserByEmail($email);
function getUserByUsername($username);
...
}
Then in your controller you can call these methods
...
$result = $model->getUserByEmail($_POST['email']); // You'll need to sanitize your POST
if(count($result) > 0){
// Sent error about email already existing and flag to not insert/update user
}
...

The easiest solution in CodeIgniter is to use a callback function as one of the rules in your form validation.
I've used this method myself to check the username and e-mail.
Here's the docs for it.

defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->helper('form');
// Load session library
$this->load->library('session');
// Load database
$this->load->model('User_model');
}
public function index()
{
$this->load->view('index');
}
public function project()
{
$this->data['posts'] = $this->User_model->getPosts(); // calling Post model method getPosts()
$this->load->view('tables', $this->data);
// $this->load->aview('project');
}
public function get_project()
{
$this->User_model->get_project($data);
}
public function signin()
{
$data = array(
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);
$this->User_model->signin($data);
}
public function logout()
{
$this->session->unset_userdata($_SESSION['email']);
// $this->session->sess_destroy();
redirect('User');
}
public function signup()
{
$data = array(
'name' => $this->input->post('name'),
'phone' => $this->input->post('phone'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);
if($this->User_model->signup($data))
{
echo "no insert";
}
else
{
$this->load->view('index', $data);
}
}
}

<?php
Class User_model extends CI_Model {
function __construct() {
parent::__construct();
$this->load->library('session');
}
public function signup($data)
{
$this->db->insert('user_signup',$data);
}
public function getPosts()
{
$this->db->select("*");
$this->db->from('user_data');
$query = $this->db->get();
return $query->result();
}
public function signin($data)
{
$this->db->where('email',$data['email']);
$this->db->where('password',$data['password']);
$query=$this->db->get('user_signup');
if($query->num_rows()==1){
$_SESSION['email'] = $data['email'];
$this->load->view('popup',$data);
return true;
}
else{
echo "no";
return false;
}
}
}

Categories