I'm new to Cake and building an application to learn it. I'm having a few troubles with my user registration system. So far this is my registration code in my Users controller:
public function register() {
$this->set('title_for_layout', 'Register');
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash('The user has been saved');
$this->redirect(array('action' => 'register'));
} else {
$this->Session->setFlash('The user could not be saved. Please, try again.');
}
}
}
And within my User model I have this method where I hash the passwords:
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
This works, the user is added to my users table in my database with their username, email and hashed password. However, there are no checks done to make sure the username and email are unique.
From my limited understanding, I would need to add some validation rules to my User model to make sure the username and email fields are unique before they're entered into the table? At the moment I just have these validation rules:
public $validate = array(
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required'
)
),
'email' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'An email is required'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
)
)
);
Also, my registration form has a Password (confirm) field called passwordConf. I would like to check if the user entered his passwords correctly before they're entered into the users table, but I'm not sure how to do that. I'm guessing that somewhere in my register method I need to check if the two passwords are the same.
Thanks for any help.
The isUnique rule will work with your username and email fields. Here is a sample of code that shows how to use multiple rules per field:
public $validate = array(
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'You must enter a username.'
),
'length' => array(
'rule' => array('between', 3, 15),
'message' => 'Your username must be between 3 and 15 characters long.'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'This username has already been taken.'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'You must enter a password.'
),
'length' => array(
'rule' => array('minLength', '6'),
'message' => 'Your password must be at least 6 characters long.'
)
),
'email' => array(
'email' => array(
'rule' => array('email'),
'message' => 'Please enter a valid email address.'
)
)
);
As for comparing the passwords just edit your beforeSave callback and check the passwords against each other, returning true if they match and false if they do not. Something like this:
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
if($this->data[$this->alias]['password'] === $this->data[$this->alias]['passwordConf']) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
return true;
} else {
return false;
}
}
return true;
}
CakePHP actually has a validation rule called isUnique, which you can use to check the username and e-mail. A list of built in rules can be found here. You can use this and the Data Validation Tutorial to check the user name and e-mail. As to checking if the passwords are the same, you MAY be able to use the EqualTo rule shown in the rules list, assuming you can make your validation rules on the fly every request.
Related
I have a register form where when a user registers it asks for their Username, Password and email. For the username, I have a few rules such as:
Must be 5-12 characters
Must be unique
Must use only alpha, numbers, and dashes
With that being said, I can't seem to get my form to catch duplicate usernames, I was hoping someone could help me solve this!
Here is my User.php Model's Validate:
public $validate = array(
'username' => array(
'nonEmpty' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required',
'allowEmpty' => false
),
'between' => array(
'rule' => array('between', 5, 15),
'required' => true,
'message' => 'Usernames must be between 5 to 15 characters'
),
'unique' => array(
'rule' => array('isUniqueUsername'),
'message' => 'This username is already in use'
)
)
);
I removed the 3rd rule (alpha/number/dash) for the sake of the example
Followed by my function to check my DB for the username:
function isUniqueUsername($check) {
$username = $this->find(
'all',
array(
'fields' => array(
'User.id',
'User.username'
),
'conditions' => array(
'User.username' => $check['username']
)
)
);
if(!empty($username)){
if($this->data[$this->alias]['id'] == $username['']['id']){
return true;
}else{
return false;
}
}else{
return true;
}
}
here is the Controller function for "Register"
public function register() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been created'));
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('The user could not be created. Please, try again.'));
}
}
}
Change
'unique' => array(
'rule' => array('isUniqueUsername'),
'message' => 'This username is already in use'
)
To
'unique' => array(
'rule' => 'isUnique',
'message' => 'This username is already in use'
)
You do not need that function to check for uniqueness, Cake does it for you with magic.
I'm using CakePHP 2.3.8 and I'm trying to figure out if there's a way to set certain validation rules to required on the fly.
For example, my User model has phone_number, username, email, and password validation. If a user wants to change their username, their phone number isn't required to do so. That means I can't set it to required, because then when changing a username, the phone_number will be expected to be present in the data.
public $validate = array(
'username' => array(
'minLength' => array(
'rule' => array('minLength', '3'),
'message' => 'A username with a minimum length of 3 characters is required'
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'This username has already been taken.'
)
),
'email' => array(
'email' => array(
'rule' => array('email'),
'message' => 'Please enter a valid email address.',
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'This email address is already in use'
)
),
'password' => array(
'rule' => array('minLength', '8'),
'message' => 'A password with a minimum length of 8 characters is required'
),
'phone_number' => array(
'rule' => array('valid_phone'),
'message' => 'Invalid phone number',
)
);
To get around this problem, in my controller for the corresponding action what I've been doing is checking to make sure the expected inputs have been posted. If not, set that index to null so that it is validated...such as
public function change_username(){
if(!isset($this->request->data['username'])){
$this->request->data['username'] = null;
}
$this->ExampleModel->set($this->request->data);
//if it wasn't posted, the username index will be created but set to null. This is my workaround for setting something to "required"
if($this->ExampleModel->validates() == true){
//do something
}
else{
//do something
}
}
While this works, I feel like it makes for a lot of extra coding, especially if I have a form that has a lot of inputs.
I've also tried to validate only the inputs that I need, but unless the data was posted, it ignores them. For example
if($this->ExampleModel->validates(array('fieldList' => array('phone')) == true){
.....
}
If "phone" wasn't posted, it doesn't validate it.
Is there any way to set required for a given input's validation to true on the fly? I found this article on using multiple validation rulesets and while it would accomplish what I want, there would be a lot of re-coding involved.
Before validation, can I set an input to required?
Firstly, in your Model validation rules you have phone_number but yet trying to validate phone, there aren't validation rules for phone.
It would be ideal request->data[] to match model fields, you can rebuild an array etc.
From book.cakephp:
This will add a single rule to the password field in the model. You can chain multiple calls to add to create as many rules as you like:
$this->validator()
->add('password', 'required', array(
'rule' => 'notEmpty',
'required' => 'create'
))
->add('password', 'size', array(
'rule' => array('between', 8, 20),
'message' => 'Password should be at least 8 chars long'
));
I have built a simple CakePHP app with a users login system and have hooked up the Cake Form plugin by Milesj.me (not sure if that's causing the problems).
However my validation seems to have applied itself to the login form as well as the signup form. So when I try and login, I am getting errors like 'Username already in use'.
Any ideas what would cause this? Has something changed in CakePHP that adds the validation to authentication forms as well?
Also why am I having to hash the password in the model? I was under the impression that CakePHP hashed passwords automatically? And I've not needed to do it before. However If I don't do it, then it was saving the password in the DB as in and not hashed...
Here is my view, controller and model:
<?php echo $this->Form->create(); ?>
<?php echo $this->Form->input('User.username',
array('tabindex'=>1, 'autofocus',
'label'=>array('class'=>'placeholder','text'=>'Username'))); ?>
<?php echo $this->Form->input('User.password',
array('tabindex'=>2, 'type'=>'password',
'label'=>array('class'=>'placeholder','text' =>'Password' ))); ?>
<div class="input button">
<button class="orangeButton" tabindex="3" type="submit"><span class="icon login">Log in</span></button>
</div>
<?php echo $this->Form->end(); ?>
controller:
public function login() {
if ($this->request->data) {
$this->User->set($this->request->data);
if ($this->User->validates() && $this->Auth->login()) {
if ($user = $this->Auth->user()) {
$this->User->Profile->login($user['id']);
$this->Session->delete('Forum');
$this->redirect($this->referer());
}
}
}
}
Note: the calls to Profile model for login just saves some data for when last logged in and other stuff and doesn't actually do anything regarding authentication!
and the model:
class User extends AppModel {
public $name = 'User';
public $hasOne = array(
'Profile' => array('className' => 'Forum.Profile')
);
public $hasMany = array(
'Access' => array('className' => 'Forum.Access'),
'Moderator' => array('className' => 'Forum.Moderator')
);
public $validate = array(
'email' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A valid email address is required'
),
'email' => array(
'rule' => array('email'),
'message' => 'This is not a valid email address'
),
'unique' => array(
'rule' => array('isUnique'),
'message' => 'This email is already in use'
)
),
'username' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A username is required'
),
'unique' => array(
'rule' => array('isUnique'),
'message' => 'This username is already in use'
),
'alphaNumeric' => array(
'rule' => array('alphaNumeric'),
'message' => 'Usernames must only contain letters and numbers'
),
'between' => array(
'rule' => array('between', 4, 20),
'message' => 'Usernames must be between 4 and 20 characters long'
)
),
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
)
)
);
public function beforeSave()
{
if (isset($this->data[$this->alias]['password']))
{
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
Just add to your validation rules 'on' => 'create'
http://book.cakephp.org/2.0/en/models/data-validation.html#on
As per cakephp
In case of multiple rules per field by default if a particular rule
fails error message for that rule is returned and the following rules
for that field are not processed.
But if first rule doesn't fail, then it continue to evaluate second
rule.
You can remove particular validation by following way
$this->validator()->remove('username', 'unique');
For some reason, I can't get this validation to work as I'd like it to, specifically with the password minLength field.
Everything else is fine (even the minLength for Username works). For some reason, when I add the same minLength rule into the password field, it just ignores it and when I actually do enter in a password, it tells me that I need to enter a password:
var $validate = array(
'email' => array(
'email' => array(
'rule' => array('email', true),
'required' => true,
'allowEmpty' => false,
'message' => 'Please enter a valid email address'
),
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'This email is already in use'
)
),
'username' => array(
'notEmpty' => array(
'rule' => 'notEmpty',
'required' => true,
'message' => 'Please enter a valid username'
),
'allowedCharacters' => array(
'rule' => '/^[a-zA-Z]+[0-9]*$/',
'message' => 'Please enter a valid username'
),
'minLength' => array(
'rule' => array('minLength', 3),
'message' => 'Please enter a longer username'
),
'maxLength' => array(
'rule' => array('maxLength', 23),
'message' => 'Please enter a shorter username'
),
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'That username is already taken'
)
),
'password' => array(
'notEmpty' => array(
'required' => true,
'allowEmpty' => false,
'message' => 'Please enter a password'
),
'minLength' => array(
'rule' => array('minLength', 4),
'message' => 'Please enter a longer password'
),
'passwordConfirm' => array(
'rule' => array('checkPasswords'),
'message' => 'Passwords must match'
)
),
);
Am I overlooking something minor? It's driving me nuts.
This happens because in Cake, the password field is automatically hashed as soon as you submit it; which will break your validation rules (a 5 character password suddenly becomes a 40+ digit hash). There are various proposed fixes for this problem.
One that sounds the most promising:
Create two fields e.g pw and pw_confirm as opposed to password and confirm_password. Use these values for your password validation (so, max length etc)
Then something like:
$this->User->set($this->data);
if ($this->User->validates()) {
// all your data validates, so hash the password submitted,
// ready for storage as normal.
$password_hash = $this->Auth->password($this->data['User']['pw'];
$this->data['User']['password'] = $password_hash;
}
This way, Cake won't automatically hash the passed that's entered - allowing your validation to function as you intended.
To visualise this, add this to your register/add user method:
function admin_add() {
if (!empty($this->data)) {
debug($this->data);
exit;
You'll get:
Array
(
[User] => Array
(
[username] => somename
[password] => 25ae3c1689d26b20e03abc049982349482faa64e
)
)
before validation takes place.
It looks like you have a small mistake in your validation array.
Every validation for a field must have a 'rule' key, and you don't have that in your 'notEmpty' validation.
Try updating the password validation like this:
<?php
array(
'password' => array(
'notEmpty' => array(
'rule' => 'notEmpty',
'required' => true,
'allowEmpty' => false,
'message' => 'Please enter a password'
),
'minLength' => array(
'rule' => array('minLength', 4),
'message' => 'Please enter a longer password'
),
'passwordConfirm' => array(
'rule' => array('checkPasswords'),
'message' => 'Passwords must match'
)
))
?>
Also, note that if you're using the Auth component your password will be hashed BEFORE it is validated. This means that even if you enter a 3-character password you'll end up with a 40-character hash, which obviously will validate as being longer than the minLength.
use my change password behavior. it takes care of all those things at a single and clean place:
http://www.dereuromark.de/2011/08/25/working-with-passwords-in-cakephp/
you will most certainly have more problems later on otherwise
because you need a lost password and change password functionality as well.
and maybe a backend for the admin to simply change passwords as well
and to your problem i already commented:
"you should also use last=>true here! otherwise it doesnt make much sense"
i believe this is also part of your problem. all your rules need this param to make it work properly. the error messages will be off otherwise.
var $validate = array(
'password' => array(
'passwordlength' => array('rule' => array('between', 8, 50),'message' => 'Enter 8-50 chars'),
'passwordequal' => array('checkpasswords','message' => 'Passwords dont match')
)
);
function checkpasswords()
{
return strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm password']);
}
This code is not working and always gives the error message even if they match. Also when i do a edit i get the followoing error as there is no password field. is there any fix
Undefined index: password [APP/models/airline.php, line 25]
Are you using the AuthComponent? Be aware that it hashes all incoming password fields (but not "password confirm" fields, check with debug($this->data)), so the fields will never be the same. Read the manual and use AuthComponent::password to do the check.
Having said that, here's something I use:
public $validate = array(
'password' => array(
'confirm' => array(
'rule' => array('password', 'password_control', 'confirm'),
'message' => 'Repeat password',
'last' => true
),
'length' => array(
'rule' => array('password', 'password_control', 'length'),
'message' => 'At least 6 characters'
)
),
'password_control' => array(
'notempty' => array(
'rule' => array('notEmpty'),
'allowEmpty' => false,
'message' => 'Repeat password'
)
)
);
public function password($data, $controlField, $test) {
if (!isset($this->data[$this->alias][$controlField])) {
trigger_error('Password control field not set.');
return false;
}
$field = key($data);
$password = current($data);
$controlPassword = $this->data[$this->alias][$controlField];
switch ($test) {
case 'confirm' :
if ($password !== Security::hash($controlPassword, null, true)) {
$this->invalidate($controlField, 'Repeat password');
return false;
}
return true;
case 'length' :
return strlen($controlPassword) >= 6;
default :
trigger_error("Unknown password test '$test'.");
}
}
This is bad for the following reasons:
Has tight coupling to the form, always expects a field password_control to be present. You need to use field whitelisting or disable validation if you don't have one in your data, i.e.: $this->User->save($this->data, true, array('field1', 'field2')).
Manually hashes the password the way the AuthComponent does (since there's no clean access to components from the model). If you change the algorithm used in the AuthComponent, you need to change it here as well.
Having said that, it transparently validates and produces proper error messages for both the password and password control fields without requiring any additional code in the controller.
here is the mistake
'passwordequal' => array('checkpasswords','message' => 'Passwords dont match')
I changed it to
'passwordequal' => array('rule' =>'checkpasswords','message' => 'Passwords dont match')
also strcmp function also had mistakes as it would return 0 (i.e False) all the time in the above code
if(strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm_password']) ==0 )
{
return true;
}
return false;
For Validate Password,old password and confirm Password
class Adminpassword extends AppModel
{
public $name = 'Admin';
public $primaryKey = 'id';
public $validate = array(
'oldpassword' => array(
array(
'rule' => 'notEmpty',
'required' => true,
'message' => 'Please Enter Current password'
),
array(
'rule' =>'checkcurrentpasswords',
'message' => 'Current Password does not match'
)
),
'password' => array(
array(
'rule' => 'notEmpty',
'required' => true,
'message' => 'Please Enter password'
),
array(
'rule' => array('minLength', 6),
'message' => 'Passwords must be at least 6 characters long.',
)
),
'cpassword' => array(
array(
'rule' => 'notEmpty',
'required' => true,
'message' => 'Please Enter Confirm password'
),
array(
'rule' => 'checkpasswords',
'required' => true,
'message' => 'Password & Confirm Password must be match.'
)
)
);
function checkpasswords() // to check pasword and confirm password
{
if(strcmp($this->data['Adminpassword']['password'],$this->data['Adminpassword']['cpassword']) == 0 )
{
return true;
}
return false;
}
function checkcurrentpasswords() // to check current password
{
$this->id = $this->data['Adminpassword']['id'];
$user_data = $this->field('password');
//print_r(Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true));
if ($user_data == (Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true)))
{
return true;
}
else
{
return false;
}
}
}
For CakePHP 2.x users using Authentication you may note that "AuthComponent no longer automatically hashes every password it can find." I.e. the solutions above may not be the correct way of solving the problem for 2.x.
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords
Heres is my solution:
You must to make a method named match (You can name it what you like):
public function match($check, $with) {
// Getting the keys of the parent field
foreach ($check as $k => $v) {
$$k = $v;
}
// Removing blank fields
$check = trim($$k);
$with = trim($this->data[$this->name][$with]);
// If both arent empty we compare and return true or false
if (!empty($check) && !empty($with)) {
return $check == $with;
}
// Return false, some fields is empty
return false;
}
And the $validate method must be like this:
public $validate = array(
'password' => array(
'match' => array(
'rule' => array('match', 'password2'),
'message' => 'Passwords doesnt match',
),
),
);
Where password2 is the field to compare your first password field
I'm Glad to share it! :D
Would this help: http://sumanrs.wordpress.com/2011/10/01/cakephp-user-password-manager-authentication-missing-guide/ ? That should take care of password validation.