cakephp not validating password fields
I have a page where user can change his password. The form contains 3 fields: current password (old_pass), new password (pass) and new password confirmation (pass_confirm). The problem is, that the fields are not validated and blank fields are allowed although it is forbidden in the model definition. I have no idea why, I have a similiar form in the registration but that one works fine and displays validation errors for these fields.
When I display $this->User->validationErrors
the array is empty. But validation is done, I have username validation which is active only on user creation and when I activate it for all User
forms (including thischange password form), the validation error is displayed here propperly.
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php __('Change password'); ?></legend>
<?php
echo $this->Form->input('User.old_pass', array('type' => 'password',
'label' => __('Current password', true)));
echo $this->Form->input('User.pass', array( 'type' => 'password',
'label' => __('New password', true)));
echo $this->Form->input('User.pass_confirm', array('type' => 'password',
'label' => __('Repeat password', true)));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
the validate
array part that has something to do with these inputs looks like this:
'pass' => array(
'required' => array(
'rule' => array('custom','/^.*[0-9].*$/i'),
'message'=>'Password must contain numbers',
'allowEmpty' => false
),
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long')
),
'pass_confirm' => array(
/*'required' => array(
'rule' => 'notempty',
'message' => 'You have to confirm the password',
'allowEmpty' => false
),*/
'validate' => array(
'rule' => 'validate_password',
'开发者_C百科message'=>'Your passwords don\'t match!' )
),
'old_pass' => array(
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long'),
'allowEmpty' => false
)
function validate_password(){
//return false;
$passed=false;
if(isset($this->data['User']['pass_confirm']) && $this->data['User']['pass_confirm']!=''){
if ($this->data['User']['pass'] != $this->data['User']['pass_confirm']){
$this->invalidate('pass');
} else {
$passed=true;
}
}
return $passed;
}
Btw, when I uncomment the return false;
line in the validate_password
function, nothing happens so the method is not called at all.
I am saving the user with $this->User->save($data)
, the $data
variable contains the data I want to save in propper format and works fine. The only problem is that the fields are not being validated
EDIT:
function change_password() {
$usr = $this->User->find('first', array(
'conditions'=> array(
'User.id' => $this->Auth->user('id')),
'recursive' => 0
));
if ($this->data) {
if ($this->Auth->password($this->data['User']['old_pass'])== $usr['User']['password']) {
$data = array(
'id' => $usr['User']['id'],
'password' => $this->Auth->password($this->data['User']['pass'])
);
if ($this->User->save($data)) {
$this->Session->setFlash(__('Password has been changed.', true));
} else {
debug($this->User->validationErrors);
$this->Session->setFlash(__('Password could not be saved, please try again later.', true));
}
} else {
$this->Session->setFlash(__('The password you entered as your current is not your current password.', true));
}
}
}
Try adding a parameter to the validate_password method:
function validate_password($check){
Do you use the fields param? You will need to show us the controller handling
my guess:
$this->save($this->data, true, FIELDS);
FIELDS is restricted to only some values (which will omit your password inputs)
by the way:
if ( !empty($this->data['User']['pass_confirm']) ) { }
is shorter and more than enough here
精彩评论