Comments on: Simple User Registration in CakePHP 1.2, Part II http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/?utm_source=rss&utm_medium=rss&utm_campaign=rss Facebook should've be written in unicornSchemaLang, because everyone *knows* that PHP is no good for anything, right? Mon, 15 Mar 2010 08:47:33 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Matt Alexander http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-11676 Matt Alexander Tue, 24 Mar 2009 23:00:35 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-11676 I'm totally splitting hairs here, but you could shorten the confirmPassword method into one line: function confirmPassword($data) { return ($data['password'] === Security::hash(Configure::read('Security.salt').$this->data['User']['password_confirm']); } I’m totally splitting hairs here, but you could shorten the confirmPassword method into one line:

function confirmPassword($data) {
return ($data['password'] === Security::hash(Configure::read(‘Security.salt’).$this->data['User']['password_confirm']);
}

]]> By: Chris Hartjes http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10853 Chris Hartjes Sun, 19 Oct 2008 19:03:35 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10853 @Rob The easiest way I've found to do that is to use James Snook's Multiple Validatable behavior http://snook.ca/archives/cakephp/multiple_validatable_behavior/ I've used that in project where I had two different views manipulating the same data but needed different validation rules. Hope it helps. @Rob

The easiest way I’ve found to do that is to use James Snook’s Multiple Validatable behavior http://snook.ca/archives/cakephp/multiple_validatable_behavior/

I’ve used that in project where I had two different views manipulating the same data but needed different validation rules. Hope it helps.

]]> By: Rob http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10852 Rob Sun, 19 Oct 2008 18:55:20 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10852 Thanks, that helps. Now I've run into another newbie issue with the code as discussed above. Since the password_confirm field validation says that it is required, if I create another view to update the users table, I get a validation failure on update. Is there a way to register the validation so that the password_confirm field is only required for the register action of the controller ? Thanks, that helps. Now I’ve run into another newbie issue with the code as discussed above.

Since the password_confirm field validation says that it is required, if I create another view to update the users table, I get a validation failure on update.

Is there a way to register the validation so that the password_confirm field is only required for the register action of the controller ?

]]> By: Chris Hartjes http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10851 Chris Hartjes Sun, 19 Oct 2008 18:48:13 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10851 @Rob Sorry, it was a typo on my part. What I *meant* to say was this: if validation fails, but the password validation was okay, you replace what is in the *password* field with what was in the *password_confirm* field. Sorry for the mixup. I haven't tried that, but it seems to me that it should work just fine. @Rob

Sorry, it was a typo on my part. What I *meant* to say was this: if validation fails, but the password validation was okay, you replace what is in the *password* field with what was in the *password_confirm* field. Sorry for the mixup. I haven’t tried that, but it seems to me that it should work just fine.

]]> By: Rob http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10850 Rob Sun, 19 Oct 2008 17:54:34 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10850 OK, not sure I understand that. From what I've seen, the data gets hashed before it is saved, so I don't follow what you mean by 'replace the contents of the password field with what is in the password field'. If I type in 'thisIsMyPassword', it gets turned into a hash. Then if the validation fails, how do I reset it to 'thisIsMyPassword' instead of ending up hashing the hash? Or are you saying that this is a one way hash where the hash will yield the same value as the original password? I'm definitely a newbie to this framework, so I apologize for my confusion. OK, not sure I understand that. From what I’ve seen, the data gets hashed before it is saved, so I don’t follow what you mean by ‘replace the contents of the password field with what is in the password field’.

If I type in ‘thisIsMyPassword’, it gets turned into a hash. Then if the validation fails, how do I reset it to ‘thisIsMyPassword’ instead of ending up hashing the hash? Or are you saying that this is a one way hash where the hash will yield the same value as the original password?

I’m definitely a newbie to this framework, so I apologize for my confusion.

]]> By: Chris Hartjes http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10849 Chris Hartjes Sun, 19 Oct 2008 15:21:59 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10849 @Rob What you're suggesting is actually very easy to fix: if validation fails overall but the password validation passed then simply replace the contents of the password field with what is in the password field. Not a Cake problem, a developer problem. ;) @Rob

What you’re suggesting is actually very easy to fix: if validation fails overall but the password validation passed then simply replace the contents of the password field with what is in the password field. Not a Cake problem, a developer problem. ;)

]]> By: Rob http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10848 Rob Sat, 18 Oct 2008 20:06:24 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10848 I think you miss the point with not needing to reenter the password when doing validation. If I'm registering for a site, and I successfully entered my password twice, but didn't pass some other validation (e.g. - fat fingered the email address), then I shouldn't need to reconfirm my password again. The problem I've been seeing with the Cake Auth module is that it replaces the value of the password with the hash, so that on a subsequent resubmit, the two fields will never match. IMHO, if I have a registration form, and the form errors out for some reason besides the passwords not matching, the data in the form shouldn't get changed so that the user can address that error. Instead we end up frustrating the user by allowing them to correct the error and then failing again due to a password mismatch. I think you miss the point with not needing to reenter the password when doing validation. If I’m registering for a site, and I successfully entered my password twice, but didn’t pass some other validation (e.g. – fat fingered the email address), then I shouldn’t need to reconfirm my password again.

The problem I’ve been seeing with the Cake Auth module is that it replaces the value of the password with the hash, so that on a subsequent resubmit, the two fields will never match.

IMHO, if I have a registration form, and the form errors out for some reason besides the passwords not matching, the data in the form shouldn’t get changed so that the user can address that error. Instead we end up frustrating the user by allowing them to correct the error and then failing again due to a password mismatch.

]]> By: Mike Gregoire http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10573 Mike Gregoire Tue, 01 Jul 2008 15:39:03 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10573 @Derek IMO, you should NEVER reload the password. The user should always have to re-enter the password, regardless of the reason why the form was forced to reload. Password entry should never be about convenience, only about security. @Derek

IMO, you should NEVER reload the password. The user should always have to re-enter the password, regardless of the reason why the form was forced to reload. Password entry should never be about convenience, only about security.

]]> By: Erik Gyepes http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10567 Erik Gyepes Mon, 30 Jun 2008 10:06:55 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10567 I wonder why that validation doesn't work if I define the password field first and check if it has a minLength of 6 chars and then I check the confirm_password. It doesn't display the minLength errer, however if I write it vice versa - like you above it works great. It doesn't make much sense to me. I wonder why that validation doesn’t work if I define the password field first and check if it has a minLength of 6 chars and then I check the confirm_password. It doesn’t display the minLength errer, however if I write it vice versa – like you above it works great. It doesn’t make much sense to me.

]]> By: Derek Scruggs http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/comment-page-1/#comment-10021 Derek Scruggs Mon, 05 May 2008 22:42:57 +0000 http://www.littlehart.net/atthekeyboard/2008/01/22/simple-user-registration-in-cakephp-12-part-ii/#comment-10021 ...and I've confirmed that it works to override save(). Here's what class User looks like. Not that I use password_match instead of password_confirm for the field name, and that the first argument to save is passed by reference. <code> function save(&$data,$validate=true,$fieldlist=array()){ if(parent::save($data,$validate,$fieldlist)){ return true; } //if save fails, reset passwords $password_error = array_key_exists('password_match',$this->invalidFields()) || array_key_exists('password',$this->invalidFields()); if($password_error){ unset($data['password']); unset($data['password_match']); } else { $data['password'] = $_POST['data']['User']['password']; $data['password_match'] = $_POST['data']['User']['password_match']; } } </code> …and I’ve confirmed that it works to override save(). Here’s what class User looks like. Not that I use password_match instead of password_confirm for the field name, and that the first argument to save is passed by reference.

function save(&$data,$validate=true,$fieldlist=array()){
if(parent::save($data,$validate,$fieldlist)){
return true;
}
//if save fails, reset passwords
$password_error = array_key_exists('password_match',$this->invalidFields()) || array_key_exists('password',$this->invalidFields());
if($password_error){
unset($data['password']);
unset($data['password_match']);
} else {
$data['password'] = $_POST['data']['User']['password'];
$data['password_match'] = $_POST['data']['User']['password_match'];
}

}

]]>