开发者

cakephp not validating password fields

开发者 https://www.devze.com 2023-02-11 18:01 出处:网络
I have a page where user can change his password. The form contains 3 fields: current password (old_pass), new password (pass) and new password confirmation (pass_confirm). The problem is, that the fi

I have a page where user can change his password. The form contains 3 fields: current password (old_pass), new password (pass) and new password confirmation (pass_confirm). The problem is, that the fields are not validated and blank fields are allowed although it is forbidden in the model definition. I have no idea why, I have a similiar form in the registration but that one works fine and displays validation errors for these fields.

When I display $this->User->validationErrors the array is empty. But validation is done, I have username validation which is active only on user creation and when I activate it for all User forms (including thischange password form), the validation error is displayed here propperly.

<?php echo $this->Form->create('User');?>
    <fieldset>
        <legend><?php __('Change password'); ?></legend>
    <?php
        echo $this->Form->input('User.old_pass', array('type' => 'password',
            'label' => __('Current password', true)));
        echo $this->Form->input('User.pass', array( 'type' => 'password',
            'label' => __('New password', true)));
        echo $this->Form->input('User.pass_confirm', array('type' => 'password',
            'label' => __('Repeat password', true)));           
    ?>
    </fieldset>
<?php echo $this->Form->end(__('Submit', true));?>

the validate array part that has something to do with these inputs looks like this:

'pass' => array(
        'required' => array(
            'rule' => array('custom','/^.*[0-9].*$/i'),
            'message'=>'Password must contain numbers',
            'allowEmpty' => false
        ),
        'length' => array(
            'rule' => array('minLength',8),
            'message' => 'Password must be at least 8 characters long')
    ),
    'pass_confirm' => array(
        /*'required' => array(
            'rule' => 'notempty',
            'message' => 'You have to confirm the password',
            'allowEmpty' => false
        ),*/
        'validate' => array( 
            'rule' => 'validate_password',
            '开发者_C百科message'=>'Your passwords don\'t match!' )
    ),
    'old_pass' => array(
        'length' => array(
            'rule' => array('minLength',8),
            'message' => 'Password must be at least 8 characters long'),
            'allowEmpty' => false
    )

function validate_password(){
    //return false;

    $passed=false;
    if(isset($this->data['User']['pass_confirm']) && $this->data['User']['pass_confirm']!=''){
        if ($this->data['User']['pass'] != $this->data['User']['pass_confirm']){
            $this->invalidate('pass');
        } else {
            $passed=true;
        }
    }
    return $passed;
}

Btw, when I uncomment the return false; line in the validate_password function, nothing happens so the method is not called at all.

I am saving the user with $this->User->save($data), the $data variable contains the data I want to save in propper format and works fine. The only problem is that the fields are not being validated

EDIT:

function change_password() {
    $usr = $this->User->find('first', array(
                'conditions'=> array(
                    'User.id' => $this->Auth->user('id')),
                'recursive' => 0
            ));

            if ($this->data) {
                if ($this->Auth->password($this->data['User']['old_pass'])== $usr['User']['password']) {
                    $data = array(
                        'id' => $usr['User']['id'],
                        'password' => $this->Auth->password($this->data['User']['pass'])
                    );
                    if ($this->User->save($data)) {
                        $this->Session->setFlash(__('Password has been changed.', true));
                    } else {
                        debug($this->User->validationErrors); 

                        $this->Session->setFlash(__('Password could not be saved, please try again later.', true));
                    }
                } else {
                    $this->Session->setFlash(__('The password you entered as your current is not your current password.', true));
                }
            }
}


Try adding a parameter to the validate_password method:

function validate_password($check){


Do you use the fields param? You will need to show us the controller handling

my guess:

$this->save($this->data, true, FIELDS);

FIELDS is restricted to only some values (which will omit your password inputs)

by the way:

if ( !empty($this->data['User']['pass_confirm']) ) { }

is shorter and more than enough here

0

精彩评论

暂无评论...
验证码 换一张
取 消