This seemed to be working perfectly, I added a checkbox to my form so the user can decide whether to change the password or not. In the add user action the validation works fine and won't save the user if there are any errors, but with my edit user action it will still save them when both password fields are blank, but still validate them properly if there's any data in either password input. Here's my model:
class User extends AppModel {
var $name = 'User';
var $displayField = 'name';
var $validate = array(
'username' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'User must have a username to login with',
),
),
'password' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'User must have a password',
),
'alphanumeric' => array(
'rule' => array('alphanumeric'),
'required' => true,
'message' => 'User must have a password'
),
'minlength' => array(
'rule' => array('minlength', 6),
'message' => 'Password must be at least 6 characters',
),
'confirmPassword' => array(
'rule' => array('confirmPassword', 'password'),
'message' => 'Passwords do not match'
),
),
'password_confirm' => array(
'notempty' => array(
'rule' => array('notempty'),
'message' => 'User must have a password',
),
'alphanumeric' => array(
'rule' => array('alphanumeric'),
'required' => true,
'message' => 'User must have a password'
),
'minlength' => array(
'rule' => array('minlength', 6),
'message' => 'Password must be at least 6 characters',
),
),
);
function confirmPassword($data) {
return ($data['password'] === Security::hash(Configure::read('Security.salt').$this->data['User']['password_confirm']));
}
And here's my edit user action:
function admin_edit($id = null) {
$this->set('title_for_layout', 'Users / Editing User');
if (!$id && empty($this->data)) {
$this->Session->setFlash(__('Invalid user specified', true), 'flash_error');
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
$redirect = array('action' => 'index');
if ($this->data['User']['edit_password'] == 1) {
$fields = array('username', 'confirm_password', 'password', 'name');
if ($this->data['User']['id'] == $this->Auth->user('id')) {
$redirect['action'] = 'logout';
}
} else {
$fields = array('username', 'name');
}
if ($this->User->save($this->data, true, $fields)) {
$this->Session->setFlash(__(sprintf('The user <i>%s</i> was saved successfully.', $this->data['User']['username']), true), 'flash_success');
$this->redirect($redirect);
} else {
$this->Session->setFlash(__('There were errors when trying to save the user', true), 'flash_error');
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null, $id);
$this->data['User']['password'] = '';
$this->data['User']['edit_password'] = 0;
}
}
Sorry in advance as this is only a half-answer, but should get you moving in the right direction.
The Auth component will automatically hash the password field if the username field is also present in the submitted data
So you have set up your data to either anticipate this.. or avoid it.
This method will come in handy too.
http://book.cakephp.org/view/1259/hashPasswords
Related
I am trying to add validation on change password function but it doesn't work.
I have added
->add('repeat_password', [
'equalToPassword' => [
'rule' => function ($value, $context) {
return $value === $context['data']['new_password'];
},
'message' => __("Your password confirm must match with your password.")
]
]);
to Users model
and in my controller
$user = $this->Users->get($this->_User['user_id']);
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->createEntity($user, ['password' => $this->request->data['repeat_password']]);
// $verify = (new DefaultPasswordHasher)->check($this->request->data['old_password'], $user->password);
// debug($verify);
//if ($verify) {
if ($this->Users->save($user)) {
$this->Flash->success('The password has been changed');
$this->redirect(['action' => 'index']);
} else {
$this->Flash->error('Password could not be issued');
}
}
// else {
// $this->Flash->error('Password Do not match');
// }
// }
}
It saves data without validating. What is the solution ?
Without having checked your code thoroughly, my first thought is that CakePHP 3 already provides the built-in validator compareWith for this purpose.
Try setting the validation rules as follows:
$validator->add('repeat_password', [
'compareWith' => [
'rule' => ['compareWith', 'new_password'],
'message' => __("Your password confirm must match with your password.")
]
]);
Also, check that both new_password and repeat_password are set to true in the $_accessible array.
public $validate = array(
'password' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'A password is required'
),
'min_length' => array(
'rule' => array('minLength', '6'),
'message' => 'Password must have a mimimum of 6 characters'
)
),
'password_confirm' => array(
'required' => array(
'rule' => array('notEmpty'),
'message' => 'Please confirm your password'
),
'equaltofield' => array(
'rule' => array('equaltofield','password'),
'message' => 'Both passwords must match.'
)
),
)
please write code in your model more detail please check below link
http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
I try to make hashing while changing password correctly , but i cant, always after changing password, it's hashing twice or i don;t know. Please tell me what am i doing wrong.
class User extends AppModel
{
var $validate = array(
'name' => array(
'length' => array(
'rule' => array('minLength', 5),
'message' => 'Please enter your full name (more than 5 chars)',
'required' => true,
),
),
'username' => array(
'length' => array(
'rule' => array('minLength', 5),
'message' => 'Must be more than 5 characters',
'required' => true,
),
'alphanum' => array(
'rule' => 'alphanumeric',
'message' => 'May only contain letters and numbers',
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'Already taken',
),
),
'email' => array(
'email' => array(
'rule' => 'email',
'message' => 'Must be a valid email address',
),
'unique' => array(
'rule' => 'isUnique',
'message' => 'Already taken',
),
),
'password' => array(
'empty' => array(
'rule' => 'notEmpty',
'message' => 'Must not be blank',
'required' => true,
),
),
'password_confirm' => array(
'required' => array(
'rule' => array('equalToField', 'password', true),
'message' => 'The password you entered does not match',
),
'length' => array(
'rule' => array('between', 6, 20),
'message' => 'Use between 6 and 20 characters',
),
'empty' => array(
'rule' => 'notEmpty',
'message' => 'Must not be blank',
),
),
);
function equalToField($array, $field) {
return strcmp($this->data[$this->alias][key($array)], $this->data[$this->alias][$field]) == 0;
}
var $validateChangePassword = array(
'_import' => array('password', 'password_confirm'),
'password_old' => array(
'correct' => array(
'rule' => 'password_old',
'message' => 'Does not match',
'required' => true,
),
'empty' => array(
'rule' => 'notEmpty',
'message' => 'Must not be blank',
),
),
);
function useValidationRules($key)
{
$variable = 'validate' . $key;
$rules = $this->$variable;
if (isset($rules['_import'])) {
foreach ($rules['_import'] as $key) {
$rules[$key] = $this->validate[$key];
}
unset($rules['_import']);
}
$this->validate = $rules;
}
function password_old($data)
{
$password = $this->field('password',
array('User.id' => $this->id));
return $password ===
Security::hash($data['password_old'], null, true);
}
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this- >alias]['password']);
}
return true;
}
And then my controller:
class UsersController extends AppController
{
var $components = array('Email');
/**
* Account details page (change password)
*/
function account()
{
// Set User's ID in model which is needed for validation
$this->User->id = $this->Auth->user('id');
// Load the user (avoid populating $this->data)
$current_user = $this->User->findById($this->User->id);
$this->set('current_user', $current_user);
$this->User->useValidationRules('ChangePassword');
$this->User->validate['password_confirm']['compare']['rule'] =
array('equalToField', 'password', false);
$this->User->set($this->data);
if (!empty($this->data) && $this->User->validates()) {
$password = $this->Auth->password($this->data['User']['password']);
$this->User->saveField('password', $password);
$this->Session->setFlash('Your password has been updated');
$this->redirect(array('action' => 'account'));
}
}
/**
* Registration page for new users
*/
// function register()
// {
// if (!empty($this->data)) {
// $this->User->create();
// if ($this->User->save($this->data)) {
// $this->Session->setFlash(__('Your account has been created.', true));
// $this->redirect('/');
// } else {
// $this->Session->setFlash(__('Your account could not be created.', true));
// }
// }
// }
public function register(){
if($this->request->is('post')){
$this->User->create();
if($this->User->save($this->request->data)){
$this->Session->setFlash(__('Użytkownik został zapisany', 'success'));
$this->redirect(array('controller'=>'ads', 'action'=>'index'));
} else {
$this->Session->setFlash(__('Błąd zapisu'), 'error');
}
}
}
/**
* Log a user out
*/
function logout()
{
return $this->redirect($this->Auth->logout());
}
/**
* Ran directly after the Auth component has executed
*/
function login()
{
// Check for a successful login
if($this->request->is('post')){
if($this->Auth->login()){
$this->User->id = $this->Auth->user('id'); // zapisuje date logowania
$this->User->saveField('lastlogin', date(DATE_ATOM)); // zapisuje date logowania
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Nieprawidłowy login lub hasło'), 'error');
}
}
}
and the view:
echo $this->Form->create(array('action' => 'account'));
echo $this->Form->input('password_old', array('label' => 'Old password', 'type' => 'password', 'autocomplete' => 'off'));
echo $this->Form->input('password_confirm', array('label' => 'New password', 'type' => 'password', 'autocomplete' => 'off'));
echo $this->Form->input('password', array('label' => 'Re-enter new password', 'type' => 'password', 'autocomplete' => 'off'));
echo $this->Form->end('Update Password');
Change this line in account function in UsersController from
$password = $this->Auth->password($this->data['User']['password']);
to
$password = $this->data['User']['password'];
$this->Auth->password() do the same function as AuthComponent::password() in model.
So your password was hashing twice.
I have checked cakephp validation for a long time to validate my login form. My problem is when i enter username and password as blank the validation not showing.
Login function in UserController.php contains
if ($this->request->is('post')) {
$this->user->set($this->request->data);
$errors = $this->user->invalidFields();
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash($this->Auth->authError, 'default', array(), 'auth');
$this->redirect($this->Auth->loginAction);
}
} else {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
}
My User.php Model contains validator as
public $validate = array(
'username' => array(
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'The username has already been taken.',
),
'notEmpty' => array(
'rule' => 'notEmpty',
'message' => 'This field cannot be left blank.',
),
),
'email' => array(
'email' => array(
'rule' => 'email',
'message' => 'Please provide a valid email address.',
),
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'Email address already in use.',
),
),
'password' => array(
'rule' => array('minLength', 6),
'message' => 'Passwords must be at least 6 characters long.',
),
'current_password' => array(
'rule' => '_identical',
),
'name' => array(
'rule' => 'notEmpty',
'message' => 'This field cannot be left blank.',
),
);
Actually my login form contains only usgername and password. But i have set this validation for userregistration form. The validation worked correctly in registration form but in the case of login the validation not working. Yes io know there is lot of questions posted on this website itself regarding the same issue, but nothing solve my problem, i have tried all the stackoverflow questions. Please Help
Validation only occurs when saving, or when you directly call the validation method using:
$this->Model->validates();
You aren't getting validation errors because you aren't actually validating your data. To get validation errors showing you'll need to do the following:
if ($this->request->is('post')) {
$this->User->set($this->request->data);
if ($this->User->validates()) {
echo "This is valid!";
} else {
echo "This is invalid";
$errors = $this->User->validationErrors;
}
}
I have run into a bizarre issue with the username being validated (as the title says) in the edit view which renders me unable to save the form. I do not have an input in this view for the username, so why is this this being validated (and failing)?
Validation is as follows:
var $validate = array(
'username' => array(
'empty' => array(
'rule' => 'notEmpty',
'required' => true,
'allowEmpty' => false,
'message' => 'Username is required',
),
'isUnique' => array(
'rule' => 'isUnique',
'message' => 'This username has already been taken'
),
'pattern' => array(
'rule' => array('custom','/[a-zA-Z0-9\_\-]{6,}$/i'),
'message' => 'Must be 6 characters or longer with no spaces',
),
'length' => array(
'rule' => array('maxLength', 15),
'message' => 'Please keep username under 15 characters',
),
'notEmpty' => array(
'rule' => 'notEmpty',
'message' => 'Username cannot be empty',
)
);
the edit function below:
function edit($id = null) {
$this->set('title_for_layout', 'Edit Profile');
unset($this->User->validate['email']['email']);
unset($this->User->validate['username']);
if($this->Auth->user('id')==$id) {
$this->set('user', $this->User->read(null, $id));
} else {
$this->Session->setFlash(__('You are not authorised to edit other member profiles', true));
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->User->save($this->data)) {
$this->Session->setFlash(__('Your profile has been saved', true));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('Your profile could not be saved. Please, try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null, $id);
}
$groups = $this->User->Group->find('list');
$this->set(compact('groups'));
}
I have unset the username which then only allows me to save the form, but this cannot be the correct method for doing this. Could anyone shed some light on this?
Many thanks!
The required => true is making the 'username' key a required field, meaning if you just try to update settings or something without the username key, it will invalidate.
I've not done it myself, but try adding 'on' => 'create' to the empty rule so it only applies when the record is being created.
I'm working on the signup process and want to check if the two passwords (password + re-entered password) are equal. These are my validation rules in the User Model:
var $validate = array(
'username' => array(
'notEmpty' => array(
'rule' => array('minLength', 5),
'required' => true,
'allowEmpty' => false,
'message' => 'User name has to be at least 5 characters long'
),
array(
'rule' => 'isUnique',
'message' => 'User name taken. Use another'
)
),
'password' => array(
'notEmpty' => array(
'rule' => array('minLength', 6),
'required' => true,
'allowEmpty' => false,
'message' => 'Password has to be at least 6 characters long'
),
'password_similar' => array(
'rule' => 'checkPasswords',
'message' => 'Entered passwords does not match'
)
),
'email' => array(
'rule' => 'email',
'required' => true,
'allowEmpty' => false,
'message' => 'Please enter a valid email'
)
);
In the users_controller.php I have the checkPasswords function:
function checkPasswords($data) {
if($data['password'] == $this->data['User']['password2hashed'])
return true;
else
return false;
}
An my singup function looks like this:
function signup(){
if (!empty($this->data)) {
if(isset($this->data['User']['password2']))
$this->data['User']['password2hashed'] = $this->Auth->password($this->data['User']['password2']);
$this->User->create();
if ($this->User->save($this->data)) {
.
.
.
}
No matter what I do, the passwords do not match. Even if I change the checkPasswords function to this:
function checkPasswords($data) {
return true;
}
What could cause this behavior?
OMG I just realised that the checkPasswords Function is not supposed to be in the controller but in the model. Problem solved, I'm ashamed...