@TheKeyboard

Simple User Registration in CakePHP 1.2, Part II

| Comments

I got a question in the comments about my previous post on simple user registration about how to do some of the necessary validation for registration in the model. I thought I’d show some code I did to do exactly that.

The key to all this stuff is using a second form field for doing the validation. Here’s some sample code for you, based on the latest straight-from-svn version of Cake PHP 1.2 (r6402)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php

/**
 * Class used for user authentication on the league website
 *
 */

class User extends AppModel
{
    var $name = 'User';

    var $validate = array(
      'id' => array('rule' => 'blank',
                      'on' => 'create'),
      'username' => array('rule' => 'alphanumeric',
                          'required' => true,
                            'message' => 'Please enter a username'),
        'password' => array('rule' => array('confirmPassword', 'password'),
                            'message' => 'Passwords do not match'),
      'password_confirm' => array('rule' => 'alphanumeric',
                                    'required' => true)
  );

    function confirmPassword($data) {
        $valid = false;

        if ($data['password'] == Security::hash(Configure::read('Security.salt') . $this->data['User']['password_confirm'])) {
            $valid = true;
        }

        return $valid;
    }

}
?>

So, let’s talk about what’s in there.

  • make sure that the username is alphanumeric and has been entered
  • make sure the password exists and run the custom validation function ‘confirmPassword’ on the data being posted in
  • make sure that our confirm password field exists and is alphanumeric

The only tricky thing when I made this was figuring out how to compare the two password fields, and where to get the proper hashing from. Initially I thought that I could somehow import the Auth component in there but a quick chat with gwoo showed me how stupid that was when I could just duplicate how the component itself is hashing the password field. That’s what is going in with the use of Security::hash(…).

Hope that helps.