CakePHP password validation in edit form

Question

I'm using a simple registration form for CakePHP.

This is my edit view:

<h2>Add User</h2>
<?php echo $form->create('User');
echo $form->input('first_name');
echo $form->input('last_name');
echo $form->input('email');
echo $form->input('address');
echo $form->input('phone');
echo $form->end('Edit');?>

These are my validation rules in User.php

class User extends AppModel {

    var $name = 'User';
    var $validate = array(

         (... more rules here ...)

        'password' => array('rule' => array('confirmPassword', 'password'),
                            'message' => 'Passwords do not match'),
        'password_confirm' => array('rule' => 'alphanumeric',
                                    'required' => true)
    );

It's a stupid question, but when I use the edit form, the saving of the data fails, because I require a password input in the last rule. That rule was added for the register page, of course.

I've found billions of ways to bypass this problem (disable validation on saving, selecting which fields to save, ...), but I wonder what the "correct" CakePHP way of doing this is? Seems like such a simple problem, but I can't find any documentation on how it has to be done the clean way.

To make my question more clear: I don't want an edit user page where passwords can be changed.

Answer 1

I use multiple validation sets:

In your model, or app_model, override the validates function with this:

function validates($options = array()) {
// copy the data over from a custom var, otherwise
$actionSet = 'validate' . Inflector::camelize(Router::getParam('action'));
if (isset($this->validationSet)) {
    $temp = $this->validate;
    $param = 'validate' . $this->validationSet;
    $this->validate = $this->{$param};
} elseif (isset($this->{$actionSet})) {
    $temp = $this->validate;
    $param = $actionSet;
    $this->validate = $this->{$param};
} 

$errors = $this->invalidFields($options);

// copy it back
if (isset($temp)) {
    $this->validate = $temp;
    unset($this->validationSet);
}

if (is_array($errors)) {
    return count($errors) === 0;
}
return $errors;

}

In your controller:

class UsersController extends AppController {
   function forgot() {
      $this->User->set($this->data);
      $this->User->validationSet = 'forgotpassword';
      if ($this->User->validates()) {
         // send email to reset password and show success message
      }
   }
}

And finally back in your model, build a validation array, you can have your default validation array, then add a supplemental array such as

class User extends AppModel {
   var $validate = array( ... );
   var $validateForgotpassword = array( ... );
}

More details here:

http://snook.ca/archives/cakephp/multiple_validation_sets_cakephp

(note the code sample in the article has a bug in it, so be sure to change $param = 'validate' . $validationSet; to $param = 'validate' . $this->validationSet;)

Answer 2

remove your 'required' => true, it is not doing what you think its doing.

'required' => true means that the field should be present in any data that is saved. you are not passing it.

Answer 3

the Cake way is to simply set the validation rule to apply only on create, allowing you to freely edit your data without having to validate the field again.

var $validate = array(
  'fieldName' => array(
    'rule' => 'ruleName'
    'required' => true,
    'allowEmpty' => false,
    'on' => 'create', // or update   <-- here
    'message' => 'Your Error Message'
    )
  );

And of course, if you don't want the password field edited here, just remove the appropriate input