CODEWITHSUNDEEP
phpvalidationcakephp
mauzilla
mauzilla

Reputation: 3592

cakePHP validation bypassed on update

I have a profile page, when a user attempts to update their page profile, and the input does not validate according to the validation rules, it still continues with the save (or atleast outputs the success message) but none of the data is then stored, it reverts back to the original values. Only when the validation rule is passed does it store the values.

I am not sure how to fix this as my validation rules looks correct. Any ideas?

VALIDATION RULES

 public $validate = array(
    "username" => array(
        "email" => array(
            "rule" => "email",
            "message" => "The username must be a valid email address."
        ),
        "unique" => array(
            "rule" => "isUnique",
            "message" => "This username has already been registered."
        )
    ),
    "password" => array(
        "alphaNumeric" => array(
            "rule" => "alphaNumeric",
            "message" => "The password can only contain alpha-numeric characters"
        ),
        "between" => array(
            "rule" => array("between",8,12),
            "message" => "The password must contain between 8 - 12 characters."
        )
    ),
    "company" => array(
        "rule" => "notEmpty",
        "message" => "Please provide a company name"
    ),
    "first_name" => array(
        "rule" => "notEmpty",
        "message" => "Please provide the contact person's first name"
    ),
    "last_name" => array(
        "rule" => "notEmpty",
        "message" => "Please provide the contact person's last name"
    ),
    "telephone" => array(
        "numeric" => array(
            "rule" => "numeric",
            "message" => "The telephone number must be numeric"
        ),
        "maxLength" => array(
            "rule" => array("maxLength",10),
            "message" => "Your telephone umber must be 10 numbers."
        ) 
    ),
    "fax" => array(
        "numeric" => array(
            "rule" => "numeric",
            "message" => "The fax number must be numeric"
        ),
        "maxLength" => array(
            "rule" => array("maxLength",10),
            "message" => "Your fax umber must be 10 numbers."
        )
    ),
    "user_type_id" => array(
        "rule" => "numeric",
        "message" => "Please select a user type"
    ),
    "user_status_id" => array(
        "rule" => "numeric",
        "message" => "Please select the users status."
    )
);

CONTROLLER METHOD:

 public function profile() {
    if($this->request->is('post') || $this->request->is('put')) {
        if($this->Auth->user("id") == $this->request->data['User']['id']) {
            $this->User->save($this->request->data);
            $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success'));
        } else {
            $this->Session->setFlash("An error has occured updating your profile.");
        }
    }
    $this->request->data = $this->User->read(null,$this->Auth->user("id"));
}

Upvotes: 1

Views: 271

Answers (2)

penguin egg
penguin egg

Reputation: 1194

Your validation is probably working correctly. I believe the problem is due to the following logic:

if($this->Auth->user("id") == $this->request->data['User']['id']) {
    $this->User->save($this->request->data);
    $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success'));
} else {
    $this->Session->setFlash("An error has occured updating your profile.");
}

The if statement is only checking if the currently logged in user id matches the one submitted in the form. If the ids match, it attempts to save the record. It will then execute the line after that.

So, regardless of whether the call to save validates or not, it will still move to the next line, $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success'));. That is why it is saying the profile has been updated every time.

You probably want something similar to:

if($this->Auth->user("id") == $this->request->data['User']['id']) {
    if ($this->User->save($this->request->data)) {
        $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success'));
    } else {
        $this->Session->setFlash("An error has occured updating your profile.");
    }
} else {
    this->Session->setFlash("This is not your profile.");
}

Upvotes: 1

tigrang
tigrang

Reputation: 6767

The issue is with your if blocks. You don't have one around $this->User->save($this->request->data);

so you need

if ($this->User->save($this->request->data)) {
    // set good flash
} else {
    // else set bad flash
}

And then you would need one for when Auth->user('id') isn't equal to the post data (or combine the two into 1 if statement if you're going to just be giving a generic message).

Upvotes: 1

Related Questions