cakephp 不验证密码字段
我有一个页面,用户可以在其中更改密码。该表单包含 3 个字段:当前密码 (old_pass)、新密码 (pass) 和新密码确认 (pass_confirm)。问题是,这些字段未经验证,并且允许空白字段,尽管在模型定义中是禁止的。我不知道为什么,我在注册中有一个类似的表单,但该表单工作正常并显示这些字段的验证错误。
当我显示 $this->User->validationErrors 时,数组为空。但是验证已完成,我有用户名验证,该验证仅在用户创建时才有效,当我为所有 User 表单(包括此更改密码表单)激活它时,验证错误会正确显示在此处。
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php __('Change password'); ?></legend>
<?php
echo $this->Form->input('User.old_pass', array('type' => 'password',
'label' => __('Current password', true)));
echo $this->Form->input('User.pass', array( 'type' => 'password',
'label' => __('New password', true)));
echo $this->Form->input('User.pass_confirm', array('type' => 'password',
'label' => __('Repeat password', true)));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
与这些输入有关的 validate 数组部分如下所示:
'pass' => array(
'required' => array(
'rule' => array('custom','/^.*[0-9].*$/i'),
'message'=>'Password must contain numbers',
'allowEmpty' => false
),
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long')
),
'pass_confirm' => array(
/*'required' => array(
'rule' => 'notempty',
'message' => 'You have to confirm the password',
'allowEmpty' => false
),*/
'validate' => array(
'rule' => 'validate_password',
'message'=>'Your passwords don\'t match!' )
),
'old_pass' => array(
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long'),
'allowEmpty' => false
)
function validate_password(){
//return false;
$passed=false;
if(isset($this->data['User']['pass_confirm']) && $this->data['User']['pass_confirm']!=''){
if ($this->data['User']['pass'] != $this->data['User']['pass_confirm']){
$this->invalidate('pass');
} else {
$passed=true;
}
}
return $passed;
}
顺便说一句,当我取消注释 validate_password 中的 return false; 行时函数,没有任何反应,因此根本没有调用该方法。
我使用 $this->User->save($data) 保存用户,$data 变量包含我想要以正确格式保存的数据,工作正常。唯一的问题是这些字段没有经过验证
编辑:
function change_password() {
$usr = $this->User->find('first', array(
'conditions'=> array(
'User.id' => $this->Auth->user('id')),
'recursive' => 0
));
if ($this->data) {
if ($this->Auth->password($this->data['User']['old_pass'])== $usr['User']['password']) {
$data = array(
'id' => $usr['User']['id'],
'password' => $this->Auth->password($this->data['User']['pass'])
);
if ($this->User->save($data)) {
$this->Session->setFlash(__('Password has been changed.', true));
} else {
debug($this->User->validationErrors);
$this->Session->setFlash(__('Password could not be saved, please try again later.', true));
}
} else {
$this->Session->setFlash(__('The password you entered as your current is not your current password.', true));
}
}
}
I have a page where user can change his password. The form contains 3 fields: current password (old_pass), new password (pass) and new password confirmation (pass_confirm). The problem is, that the fields are not validated and blank fields are allowed although it is forbidden in the model definition. I have no idea why, I have a similiar form in the registration but that one works fine and displays validation errors for these fields.
When I display $this->User->validationErrors the array is empty. But validation is done, I have username validation which is active only on user creation and when I activate it for all User forms (including thischange password form), the validation error is displayed here propperly.
<?php echo $this->Form->create('User');?>
<fieldset>
<legend><?php __('Change password'); ?></legend>
<?php
echo $this->Form->input('User.old_pass', array('type' => 'password',
'label' => __('Current password', true)));
echo $this->Form->input('User.pass', array( 'type' => 'password',
'label' => __('New password', true)));
echo $this->Form->input('User.pass_confirm', array('type' => 'password',
'label' => __('Repeat password', true)));
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
the validate array part that has something to do with these inputs looks like this:
'pass' => array(
'required' => array(
'rule' => array('custom','/^.*[0-9].*$/i'),
'message'=>'Password must contain numbers',
'allowEmpty' => false
),
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long')
),
'pass_confirm' => array(
/*'required' => array(
'rule' => 'notempty',
'message' => 'You have to confirm the password',
'allowEmpty' => false
),*/
'validate' => array(
'rule' => 'validate_password',
'message'=>'Your passwords don\'t match!' )
),
'old_pass' => array(
'length' => array(
'rule' => array('minLength',8),
'message' => 'Password must be at least 8 characters long'),
'allowEmpty' => false
)
function validate_password(){
//return false;
$passed=false;
if(isset($this->data['User']['pass_confirm']) && $this->data['User']['pass_confirm']!=''){
if ($this->data['User']['pass'] != $this->data['User']['pass_confirm']){
$this->invalidate('pass');
} else {
$passed=true;
}
}
return $passed;
}
Btw, when I uncomment the return false; line in the validate_password function, nothing happens so the method is not called at all.
I am saving the user with $this->User->save($data), the $data variable contains the data I want to save in propper format and works fine. The only problem is that the fields are not being validated
EDIT:
function change_password() {
$usr = $this->User->find('first', array(
'conditions'=> array(
'User.id' => $this->Auth->user('id')),
'recursive' => 0
));
if ($this->data) {
if ($this->Auth->password($this->data['User']['old_pass'])== $usr['User']['password']) {
$data = array(
'id' => $usr['User']['id'],
'password' => $this->Auth->password($this->data['User']['pass'])
);
if ($this->User->save($data)) {
$this->Session->setFlash(__('Password has been changed.', true));
} else {
debug($this->User->validationErrors);
$this->Session->setFlash(__('Password could not be saved, please try again later.', true));
}
} else {
$this->Session->setFlash(__('The password you entered as your current is not your current password.', true));
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试向 validate_password 方法添加参数:
Try adding a parameter to the validate_password method:
你使用 fields 参数吗?您需要向我们展示处理
我的猜测的控制器:
FIELDS 仅限于某些值(这将省略您的密码输入)
顺便说一句:
这里更短且绰绰有余
Do you use the fields param? You will need to show us the controller handling
my guess:
FIELDS is restricted to only some values (which will omit your password inputs)
by the way:
is shorter and more than enough here