I'm using cakephp 2.1, where I'm trying to change the password of an user through a link which the user will receive when a forgot password request is make.
The link looks something like this
../myApp/users/change_password/1
I'm passing the user id in the link. i.e, 1 as in above.
The view i.e, change_password.ctp is as below
<?php echo $this->Form->create('User', array('controller' => 'users', 'action' => 'change_password', 'class' => 'well')); ?>
<?php echo $this->Form->input('User.id',array('value' => $this->params['pass'][0],'type'=>'hidden')); ?>
<?php echo $this->Form->label('password', 'Password', array('class' => 'control-label')); ?>
<?php echo $this->Form->password('password', array('class' => 'span3', 'type' => 'password')); ?>
<?php echo $this->Form->error('password', null , array('wrap' => 'span', 'class' => 'help-inline')); ?>
<?php echo $this->Form->submit('Change Password', array('class' => 'btn')); ?>
<?php echo $this->Form->end(); ?>
And the controller is as follows
public function change_password() {
if($this->request->is('post')) {
if ($this->User->save($this->request->data)) {
$this->Session->setFlash('Password has been changed.', 'default/flash_success');
$this->redirect(array('controller' => 'movies', 'action' => 'index'));
} else {
$this->Session->setFlash('Password could not be changed.', 'default/flash_error');
$this->redirect(array('controller' => 'movies', 'action' => 'index'));
}
}
}
But I'm not able to save the password.
So if i just change the user id in the url, i can change the password of an other user?
/myApp/users/change_password/2
That is not secure at all. You should reconsider an other approach.
However, the answer for your question is:
You are probably not able to change the password because the data is not validated.
Do you have setup validation rules in the User.php model? If yes, you must unset the validation rules before saving the User.
Example: unset($this->User->validate['username']);
For more information about model validation, read the documentation
Related
I'm working with Yii2 to develop an intranet portal.
I have to put multiple widget in same page but it doesn't work.
Give me this error
Dropzone already attached.
And my code is
...
<?= \kato\DropZone::widget([
'id' => 'dzImages',
'dropzoneContainer' => 'dzImages',
'options' => [
'url' => 'index.php?r=orders/upload&uid='.$model->ref,
'maxFilesize' => '10',
'acceptedFiles' => "image/*",
],
]); ?>
</p>
<p>
<?php echo \kato\DropZone::widget([
'id' => 'dzPDF',
'dropzoneContainer' => 'dzPDF',
'options' => [
'url' => 'index.php?r=orders/uploadpdf&uid='.$model->ref,
'maxFilesize' => '10',
'acceptedFiles' => ".pdf",
],
]);
?>
</p>
...
How can i resolve it?
Looking at the code of the widget, the 'id' parameter seems to be used differently than one would expect, instead you should probably set previewsContainer property too.
The ID parameter seems to be used as a JavaScript variable here:
https://github.com/perminder-klair/yii2-dropzone/blob/41e8145d940cc9955011138a9f16ad80e9831423/DropZone.php#L75
I'm using the yii-user extension version 0.3, while trying to customize my registration form, i get this error
Property "RegistrationForm.firstname" is not defined.
below is my code. any idea why?
<?php echo $form->textField($model,'email', array('class' => 'input-block-level', 'placeholder' => 'Email')); ?>
<?php echo $form->passwordField($model,'password', array('class' => 'input-block-level', 'placeholder' => 'Password')); ?>
<?php echo $form->passwordField($model,'verifyPassword', array('class' => 'input-block-level', 'placeholder' => 'Retype Password')); ?>
<?php echo $form->textField($model,'firstname', array('class' => 'input-block-level', 'placeholder' => 'First Name')); ?>
<?php echo $form->textField($model,'lastname', array('class' => 'input-block-level', 'placeholder' => 'Last Name')); ?>
also how would i use the yii language to populate this? so i don't have to hard code it?
'placeholder' => 'E-mail'
basically email would be output as E-mail
From what I see, the $model you've used in your code is an object of "RegistrationForm" Model and the error says that there is no property firstname defined in your RegistrationForm Model.
See if you have spelled it correctly.
To use the the attribute label as Placeholder, I think you need to Extend the CInputWidget
and customize it according to your requirements.
Reference
How do I use errorSummary in my view, if the form is built using formBuilder?
I tried
echo $form -> errorSummary();
but it doesn't work.
Can it actually be used with formBuilder?
EDIT:
The form:
return array(
'activeForm' => array(
'class' => 'CActiveForm',
'id' => 'nameserver-form',
'enableClientValidation' => true,
'clientOptions'=>array(
'validateOnSubmit'=>true,
),
),
'showErrorSummary'=>true,
'showErrors'=>true,
'elements'=>array(
'ip1_address'=>array(
'type'=>'dropdownlist',
'empty'=>''
),
'ns1_nameserver'=>array(
'type'=>'text',
'maxlength'=>255,
'size'=>25
)
)
);
this function required a parameter that is not provided in your code.like :
<?php $form = $this->beginWidget('CActiveForm', array(
'id'=>'user-form',
'enableAjaxValidation'=>true,
'enableClientValidation'=>true,
'focus'=>array($model,'firstName'),
)); ?>
<?php echo $form->errorSummary($model); ?>
http://www.yiiframework.com/doc/api/1.1/CActiveForm#errorSummary-detail
So, the answer was:
<?= $form->renderBegin(); ?>
...
<?= $form->activeFormWidget->errorSummary($form->getModel(false)); ?>
...
<?= $form->renderEnd(); ?>
Hello everybody and thansk for reading .
Iam making a website just for fun and to learn yii. The website is a app that can be used for reporting pirated links.
I have an input filed in which i provide a link and than i have a dropdown menu from where you can select the type of link you are submitting. Depending on the value you select i want different validation rules to perform on the link submitted. If i was not clear in my explenation feel free to visit www.youtubetv.it , on the main page you will see a input field and a dropdown.
The code is as follows ;
<div class="span4">
<div class="input-prepend"><span class="add-on" style="height: 50px;">
<i class="icon-4x icon-globe" style="line-height: 54px;"></i></span>
<?php
echo $form->textField($model, 'link', array(
'prepend' => '<i class="icon-4x icon-globe" style="line-height: 54px;"></i>',
'class' => 'span12', 'maxlength' => 999,
'style' => 'height:60px;font-size: 22px;width: 400px;',
));
?>
</div>
</div>
<div class="span4 offset1">
<?php
echo $form->dropDownList($model, 'category', CHtml::listData(Lookup::model()->findAll('type="kind"'), 'code', 'name'), array(
'prompt' => 'Select Type',
'class' => 'span12',
'style' => 'height:60px;font-size: 22px;',
));
?>
</div>
Current validation rules in the model
public function rules() {
// NOTE: you should only define rules for those attributes that
// will receive user inputs.
return array(
array('category, link', 'required'),
array('id_user', 'numerical', 'integerOnly' => true),
array('link', 'length', 'max' => 999),
array('link', 'url',
'allowEmpty' => false,
'defaultScheme' => null,
//'pattern' => 'esspressione regolare',
'message' => 'The specified model does not exist.',
'validSchemes' => (array('http', 'https'))
),
array('category, web_page', 'length', 'max' => 255),
array('creation_date', 'default',
'value' => new CDbExpression('NOW()'),
'setOnEmpty' => false,
'on' => 'insert'),
array('id_public_link, category, id_user, link, creation_date', 'safe', 'on' => 'search'),
);
}
I would be grateful if someone could show me an example of how i could validate the "url" if someone selects Movie from the dropdown list.
please feel free to ask for clarification if i was not clear
Yii has so called scenario for validation rules, what you need is to add 'on' key with any scenario name you like as a value in a rule you want. And then set scenario for your model as $model->scenario = 'Your scenario';
e.g.
public function rules() {
// NOTE: you should only define rules for those attributes that
// will receive user inputs.
return array(
array('category, link', 'required'),
array('id_user', 'numerical', 'integerOnly' => true),
array('link', 'length', 'max' => 999),
array('link', 'url',
'allowEmpty' => false,
'defaultScheme' => null,
//'pattern' => 'esspressione regolare',
'message' => 'The specified model does not exist.',
'validSchemes' => (array('http', 'https')),
'on'=>'urlcheck'
),
array('category, web_page', 'length', 'max' => 255),
array('creation_date', 'default',
'value' => new CDbExpression('NOW()'),
'setOnEmpty' => false,
'on' => 'insert'),
array('id_public_link, category, id_user, link, creation_date', 'safe', 'on' => 'search'),
);
}
And then in your action use:
...
$type = isset($_POST['Lookup']['type'])?$_POST['Lookup']['type']:false;
if($type === '1') //as I assume from your website '1' is a Movie
$model->scenario = 'urlcheck';
...
Btw, as you can see you already have a scenario in your rule on a 'creation_date' attribute. Scenation 'insert' is default scenarion for a new records. There more default scenarions in Yii you can learn at here
Have some validating problems which seem to appear only when using the Auth component.
I have 4 fields in my register form: username, password, password_confirm and email.
I also have the multivalidatable behaviour attached to my User model. Here are the rules which apply to the register form:
var $validationSets=array(
"register" => array(
"username" => array(
"usernameFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not enter the username!"
),
"usernameValid" => array(
"rule" => "__alphaNumericDashUnderscore",
"message" => "The username you entered is not valid!"
),
"usernameExistsInDatabase" => array(
"rule" => array("__existingRecord", false),
"message" => "The username you entered has been already registered in our database!"
)
),
"password" => array(
"passwordFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not enter your password!"
)
),
"password_confirm" => array(
"passwordConfirmFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not confirm your password!"
),
"passwordsMatch" => array(
"rule" => array("__fieldMatch", "password"),
"message" => "The passwords you entered don't match!"
)
),
"email" => array(
"emailFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not enter the e-mail!"
),
"emailValid" => array(
"rule" => "email",
"message" => "The e-mail you entered is not valid!"
),
"emailExistsInDatabase" => array(
"rule" => array("__existingRecord", false),
"message" => "The e-mail you entered has been already registered in our database!"
)
)
/*"language" => array(
)*/
)
Here is my register form:
<?php echo $this->Form->create('User', array('url' => array('controller' => 'users', 'action' => 'register')));?>
<fieldset>
<legend><?php __('Add User'); ?></legend>
<?php
echo $this->Form->input('username');
echo $this->Form->input('password', array('type' => 'password', 'value' => ''));//value='' - resets the password input on any error on the page
echo $this->Form->input('password_confirm', array('type' => 'password', 'value' => ''));
echo $this->Form->input('email');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
Now, everytime I submit the form EMPTY, the password field, although empty, passes all validation tests (I tried putting value => '' in the code, but it's useless).
Also, the email input seems to pass the 'notEmpty' test and the error shown is that The email is not valid
I've looked over all my code but couldn't find any solution.
http://pastebin.com/xnQ02BCW
this is what i would use.
About the Password problem: what version of CakePHP are you using?
The Auth component in 1.2 automatically hash your password, so that it will result not empty even if it is. In 1.3 it should be OK but I don't know from what version.
I've managed to do a couple of "hacks" so the problem is solved for now.
Don't think this is the most appropriate way of doing it, but it might get in handy for other users having my problem:
Firstly, in my UsersController, I wrote this snippet, so if the password field is left empty by the user, reset it to '' before validation:
if($this->data['User']['password'] == $this->Auth->password('')){
$this->data['User']['password'] = '';
}
$this->User->set($this->data);
if($this->User->validates()){ //post validation login }
The second problem was the e-mail validation. Oddly, I got this problem fixed by changing the order of the rules in the Multivalidatable Behaviour. So, from:
"email" => array(
"emailFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not enter the e-mail!"
),
"emailValid" => array(
"rule" => "email",
"message" => "The e-mail you entered is not valid!"
),
"emailExistsInDatabase" => array(
"rule" => array("__existingRecord", false),
"message" => "The e-mail you entered has been already registered in our database!"
)
)
I now have:
"email" => array(
"emailExistsInDatabase" => array(
"rule" => array("__existingRecord", false),
"message" => "The e-mail you entered has been already registered in our database!"
),
"emailValid" => array(
"rule" => "email",
"message" => "The e-mail you entered is not valid!"
),
"emailFieldNotEmpty" => array(
"rule" => "notEmpty",
"message" => "You did not enter the e-mail!"
)
)
I don't know whether this was intended or not, but it seems like the last rule which isn't fulfilled is the one displayed. To my logic, the rules would have been arranged in their order of appearance, so if the first one doesn't apply, stop checking and display it.
I repeat, I don't know if this is the right approach, but I seem to have worked out these problems.
If you have anything to add up, please do so!
EDIT
Found the 'official' explanation in the Cake 1.3 Book. It says:
By default CakePHP tries to validate a field using all the validation rules declared for it and returns the error message for the last failing rule. But if the key last is set to true for a rule and it fails, then the error message for that rule is returned and further rules are not validated. So if you prefer to show the error message for the first failing rule then set 'last' => true for each rule.
So, another approach to my problem is to set the validation rules in their order of appearance and add a last key to the rule array.