Data validation with custom route issue (default url when errors occur)

开发者_JS百科I'm building a user panel, and having some problems with data validation. As an example, the page where you change your password (custom validation rule comparing string from two fields (password, confirm password)):

Route:

Router::connect('/profile/password', array('controller' => 'users', 'action' => 'profile_password'));

Controller:

function profile_password()
    {
    $this->User->setValidation('password'); // using the Multivalidatable behaviour
    $this->User->id = $this->Session->read('Auth.User.id');
    if (empty($this->data))
      {
      $this->data = $this->User->read();
      } else {
      $this->data['User']['password'] = $this->Auth->password($this->data['User']['password_change']);
      if ($this->User->save($this->data))
        {
        $this->Session->setFlash('Edytowano hasło.', 'default', array('class' => 'success'));
        $this->redirect(array('action' => 'profile'));
        }
      }
    }

The problem is, that when I get to http://website.com/profile/password and mistype in one of the fields, the script goes back to http://website.com/users/profile_password/5 (5 being current logged users' id). When I type it correctly then it works, but I don't really want the address to change.

It seems that routes aren't supported by validation... (?) I'm using Cake 1.3 by the way.

Any help would be appreciated, Paul

EDIT 1:

Changing the view from:

echo $form->create(
  'User',
  array(
    'url' => array('controller' => 'users', 'action' => 'profile_password'),
    'inputDefaults' => array('autocomplete' => 'off')
    )
  );

to:

echo $form->create(
  'User',
  array(
    'url' => '/profile/password',
    'inputDefaults' => array('autocomplete' => 'off')
    )
  );

does seem to do the trick, but that's not ideal.

Check the URL of the form in the profile_password.ctp view file.

Try the following code:

echo $this->Form->create('User', array('url' => array('controller' => 'users', 'action' => 'profile_password')));

Also, I think your form might be a little vulnerable. Try using Firebug or something similar to POST a data[User][id] to your action. If I'm right, you should be setting:

$this->data['User']['id'] = $this->Auth->user('id');

instead of:

$this->User->id = $this->Session->read('Auth.User.id');

because your id field is set in $this->data.

HTH.