What If I have an input field for example:
UserEmail:
UserPhoneNumber:
UserOldPasword:
UserNewPassword:
UserRetypePassword:
And on my action update I will only require UserNewPassword if UserOldPassword is not empty else the only thing that needs to be updated is either UserEmail or UserPhoneNumber. How will I implement this rule?only on update? Or should I create a custom validator on my model?
so on my afterFind() I have this code to avoid the output of the hashed password:
public function afterFind()
{
//reset the password to null because we don't want the hash to be shown.
$this->old_password = $this->password;
$this->password = null;
parent::afterFind();
}
and I created a custom validation. it does validates, the problem is even if I submitted the form with empty UserNewPassword I still get an error and $this->password field is now returning a hashed value from my database
Please see my code and correct my mistakes:
public function checkForEmpty($attribute,$params){
if(!empty($this->$attribute)){
if(empty($params['oldPassword'])){
$this->addError('oldPassword','We require your old password to proceed changing password');
}
if(empty($params['retypePassword'])){
$this->addError('retype_password','To assure that you type the right password please retype your password');
}
if(!empty($params['oldPassword']) && !empty($params['retypePassword'])){
$this->compareOldPass($params['oldPassword'],$this->old_password);
}
}
}
Thanks in advance...
you can do a beforeSave() in your model. I think it's the best solution because of your complicated logic, and not being a global issue of your app.
UPDATE:
public function beforeSave()
{
if(parent::beforeSave())
{
//implement you logic here
//or check it is a new record
if($this->isNewRecord)
{
// do stuff here if new
}
//or you can return false if it doesn't meet your logic
return true;
}
else
return false;
}
Related
I'm trying to make a custom login function in Laravel 4 but I don't know how to compare password with hash password that has been stored.
This is my controller
public function login($email,$password)
{
$user=UserMobile::where('email','=',$email)->count();
if($user==0)
{
return Response::json("Invalid");
}
else
{
$user=UserMobile::where('email','=',$email)->first();
if(Hash::check($password,$user->password))
{
return Response::json($user);
}
else
{
return Response::json("Error");
}
}
}
When I try to check it in postman, it keeps returning the return Response::json("Error");. Can somebody help please? thanks in advance
How can I create a PHP function or class that checks if a user who is a half-admin (set from a MySQL database) has some rights such as creating a new page, editing, or deleting?
I need a function that checks the user permissions and then display the code like this:
if ($he_can_create_page){
//continue the script.....
}else{
//don`t continue
}
In present I use sessions like this:
If($_SESSION['user_type']=='Admin'||$_SESSION['user_type']=='premium'){
//do stuff
}else if()......... {
// ..............
}
but they become too many if statements, and I want a cleaner code :)
interface User {
public function canCreatePage();
public function canDeletePage();
public function canEditPage();
....
}
class Admin implements User {
public function canCreatePage(){
return true;
}
public function canEditPage(){
return true;
}
...
}
class Editor implements User {
public function canCreatePage() {
return false;
}
public function canEditPage(){
return true;
}
...
}
then from what you get in the data base
if ($row['user_type'] == 'Admin') {
$user = new Admin();
} else if $row['user_type'] == 'Editor') {
$user = new Editor();
} ....
in all your pages :
if ($user->canCreatePage()){
//continue the script.....
}else{
//don`t continue
}
If you want to store your user in session the first time you get it from the dataBase
$_SESSION['user'] = serialize($user);
in the next page
$user = unserialize($_SESSION['user']);
Or you can also just store the id of the user in session and get it back from de
DB on every page.
Create a generic function an put it in a file which is common for all files something like this
function pageCreatePermission() {
if($_SESSION['user_type']=='Admin'||$_SESSION['user_type']=='premium'){
return true;
} else {
return false;
}
then use this function something like this in your file
if (pageCreatePermission()) {
//do your stuff
} else {
//show error you want
}
Add columns in your users table like:
| canEdit | canDelete | canCreate |
with flags 1/0. 1 for true, 0 for false.
select the fields and make checks i.e.:
if($row['canEdit'] = 1) {
//continue (return true)
}
else {
//stop (return false)
}
You can make it a function with params, so you will give the param to the function i.e. $canDelete (which is your $row data) and it checks only that permission
function userPermissions($type)
if($type=1) {
return true;
}
else {
return false;
}
$canCreate = $row['canCreate'];
if(userPermissions($canCreate)) { ...
The answer is to use an access control system. There are many different types. The most used (in web development) are ACL (Access control list) and RBAC (Role based access control). The rules can be filled from database or hardcoded.
To give you an idea of how they work look at the examples from Zend Framework: ACL and RBAC.
In Zend Framework the ACL is not very different from a RBAC because it also has roles. But normally an ACL is user based and not role based. If you like you can integrate the ACL/RBAC from Zend or other frameworks into your own project.
Read about how yii do it: yii RBAC
Im carrying out some form validation with codeigniter using a custom validation callback.
$this->form_validation->set_rules('testPost', 'test', 'callback_myTest');
The callback runs in a model and works as expected if the return value is TRUE or FALSE. However the docs also say you can return a string of your choice.
For example if I have a date which is validated, but then in the same function the format of the date is changed how would I return and retrieve this new formatted value back in my controller?
Thanks for reading and appreiate the help.
I'm not entirely sure I got what you were asking, but here's an attempt.
You could define a function within the constructor that serves as the callback, and from within that function use your model. Something like this:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Controllername extends CI_Controller {
private $processedValue;
public function index()
{
$this->form_validation->set_rules('testpost','test','callback');
if ($this->form_validation->run()) {
//validation successful
echo $this->processedValue; //outputs the value returned by the model
} else {
//validation failed
}
}
private function callback($input)
{
$this->load->model('yourmodel');
$return = $this->yourmodel->doStuff($input);
//now you have the user's input in $input
// and the returned value in $return
//do some checks and return true/false
$this->processedValue = $return;
}
}
public function myTest($data){ // as the callback made by "callback_myTest"
// Do your stuff here
if(condition failed)
{
$this->form_validation->set_message('myTest', "Your string message");
return false;
}
else
{
return true;
}
}
Please try this one.
I looked at function _execute in file Form_validation of codeigniter. It sets var $_field_data to the result of callback gets(If the result is not boolean). There is another function "set_value". Use it with the parameter which is name of your field e.g. set_value('testPost') and see if you can get the result.
The way Tank_Auth does this in a controller is like so
$this->form_validation->set_rules('login', 'Login', 'trim|required|xss_clean');
if ($this->form_validation->run()) {
// validation ok
$this->form_validation->set_value('login')
}
Using the set_value method of form_validation is undocumented however I believe this is how they get the processed value of login after it has been trimmed and cleaned.
I don't really like the idea of having to setup a new variable to store this value directly from the custom validation function.
edit: sorry, misunderstood the question. Use a custom callback, perhaps. Or use the php $_POST collection (skipping codeigniter)...apologies haven't tested, but I hope someone can build on this...
eg:
function _is_startdate_first($str)
{
$str= do something to $str;
or
$_POST['myinput'} = do something to $str;
}
================
This is how I rename my custom callbacks:
$this->form_validation->set_message('_is_startdate_first', 'The start date must be first');
.....
Separately, here's the callback function:
function _is_startdate_first($str)
{
$startdate = new DateTime($this->input->post('startdate'), new DateTimeZone($this->tank_auth->timezone()));
$enddate = new DateTime($this->input->post('enddate'), new DateTimeZone($this->tank_auth->timezone()));
if ($startdate>$enddate) {
return false;
} else {
return true;
}
}
My form contains a model object that contains five child objects that are related using hasMany. When I save the form, I notice that all fields, regardless if they are empty, are saved into the database. Is it possible to set a condition in the beforeSave() callback method to prevent child items that have no values from being saved? I have tried to unset the key in the array containing empty values but the row is still being added into the database.
Here is the code for my 'Mtd' model. The Mtd model contains many Flowratereatments. On my form, I have a checkbox that says 'This is a Flow Rate Based Treatment'. So, if a user clicks on that, then the user can fill it in the fields. However, if the user does not fill it in, I want to prevent a new row from being added with just the foreign key of the Mtd table.
<?php
class Mtd extends AppModel {
public $name = 'Mtd';
public $hasOne = array('Treatmentdesign', 'Volumetreatment');
public $hasMany = 'Flowratetreatment';
function beforeSave() {
if($this->data['Mtd']['is_settling'] != 1){
unset($this->data['Flowratetreatment'][0]);
}
return true;
}
}
?>
Did you tried something like:
class User extends AppModel {
function validates() {
$this->setAction();
#always validate presence of username
$this->validates_presence_of('username');
#validate uniqueness of username when creating a new user
$this->validates_uniqueness_of('username',array('on'=>'create'));
#validate length of username (minimum)
$this->validates_length_of('username',array('min'=>3));
#validate length of username (maximum)
$this->validates_length_of('username',array('max'=>50));
#validate presence of password
$this->validates_presence_of('password');
#validate presence of email
$this->validates_presence_of('email');
#validate uniqueness of email when creating a new user
$this->validates_uniqueness_of('email',array('on'=>'create'));
#validate format of email
$this->validates_format_of('email',VALID_EMAIL);
#if there were errors, return false
$errors = $this->invalidFields();
return (count($errors) == 0);
}
}
?>
in your model
I have used this code:
public function beforeSave() {
if(isset($this->data[$this->alias]['profile_picture'])) {
if($this->data[$this->alias]['profile_picture']['error']==4) {
unset($this->data[$this->alias]['profile_picture']);
}
}
return true;
}
in a previous app, to remove a key from $this->data if the user had not uploaded a file, to prevent the old value being overwritten.
this should work for you (you'll need to adapt it; based on what $this->data contains at this point.
public function beforeSave() {
if(empty($this->data[$this->alias]['the_key'])) {
unset($this->data[$this->alias]['the_key']);
}
//debug($this->data); exit; // this is what will be saved
return true;
}
you mention you tried this already? post your code in your original post.
I did register form in with zend form
$password = new Zend_Form_Element_Password('password');
$password->setLabel($this->_translate->_("Password:"))
->setRequired(true)
->addValidator('stringLength', true, array(4, 32));
$confirmPassword = new Zend_Form_Element_Password('confirmpassword');
$confirmPassword->setLabel($this->_translate->_("Confirm Password:"))
->setRequired(true);
I control password and confirmpassword in controller. if password and confirmpassword don't match then add error message under confirmpassword textbox. how i do?
Override isValid in your form
/**
* Validate the form, check passwords.
*
* #param array $data
* #return boolean
*/
public function isValid($data) {
$valid = parent::isValid($data);
if ($this->getValue('password') !== $this->getValue('password2')) {
$valid = false;
$this->password2->addError('Passwords don\'t match.');
}
return $valid;
}
The concept basically boils down to adding a Zend_Validate_Identical validator to the 'confirmpassword' field, using the data from the $this->_request->getParam('password') to test against. I use a custom method on an extended Zend_Form to process the post data from all my forms, it isn't an exact solution for you, but perhaps my code from my "EditUser" form can point you in the right direction.
From the controller:
// $form is a MW_Form_EditUser.
if ($this->_request->isPost() && $form->process($this->_request->getPost()))
{
// successful form - redirect or whatever here
}
From the MW_Form_EditUser class:
public function process(array $data)
{
// gets a copy of the user we are editing
$user = $this->getEditable();
// checks to see if the user we are editing is ourself
$isSelf = ($user->id == MW_Auth::getInstance()->getUser()->id);
// if the new_pass field is non-empty, add validators for confirmation of password
if (!empty($data['new_pass']))
{
$this->new_pass2->setAllowEmpty(false)->addValidator(
new Zend_Validate_Identical($data['new_pass'])
);
if ($curpass = $this->current_password) $curpass->setAllowEmpty(false);
}
if ($this->delete && !empty($data["delete"])) {
$this->delete->setValue(true);
$user->delete();
return true;
}
if ($this->isValid($data))
{
/// saves the data to the user
$user->email = $this->email->getValue();
$user->name = $this->name->getValue();
if ($password = $this->new_pass->getValue()) $user->password = $password;
if (!$isSelf)
{
if ($this->super->getValue()) {
$user->setGroups(array(MW_Auth_Group_Super::getInstance()));
} else {
$user->setGroups(array(MW_Auth_Group_User::getInstance()));
}
}
$user->save();
return true;
}
return false;
}
//inside form
public function isValidPSW($data) {
$valid = parent::isValid($data);
if ($data['pswd'] !== $data['pswd2']) {
$valid = false;
$this->pswd->addError('Passwords don\'t match.');
}
return $valid;
}
Using Zend_Validate_Identical is a good solution for you by Zend. I will give you another choice. jQuery. When you are using Zend_Validate_Identical form will go to the server and server will validate it. If passwords are not same it will return an error message. If you use jQuery form will not go to the server unless passwords are same.