7 
var $validate = array(
  'password' => array(
      'passwordlength' => array('rule' => array('between', 8, 50),'message' => 'Enter 8-50 chars'),
      'passwordequal' => array('checkpasswords','message' => 'Passwords dont match') 
  )
);

function checkpasswords()
{
   return strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm password']);
}

This code is not working and always gives the error message even if they match. Also when i do a edit i get the followoing error as there is no password field. is there any fix

Undefined index:  password [APP/models/airline.php, line 25]
Improve this question
5
  • 1
    is $this->datadata intended? If not, there's your problem. Commented Sep 21, 2010 at 13:24
  • i fixed the above code to remove the extra data still i get the error Commented Sep 21, 2010 at 13:28
  • Could I see the html form that posts the data? Commented Sep 21, 2010 at 13:33
  • 1
    Are you missing an underscore in 'confirm password' in your checkpassword-function? Commented Sep 21, 2010 at 13:40
  • 2
    strcmp returns 0 if the strings are equal. 0 will be understood as false, so it'll do the exact opposite of what you expect it to do. Commented Sep 24, 2010 at 2:51

6 Answers 6

Reset to default
12

Are you using the AuthComponent? Be aware that it hashes all incoming password fields (but not "password confirm" fields, check with debug($this->data)), so the fields will never be the same. Read the manual and use AuthComponent::password to do the check.

Having said that, here's something I use:

public $validate = array(
    'password' => array(
        'confirm' => array(
            'rule' => array('password', 'password_control', 'confirm'),
            'message' => 'Repeat password',
            'last' => true
        ),
        'length' => array(
            'rule' => array('password', 'password_control', 'length'),
            'message' => 'At least 6 characters'
        )
    ),
    'password_control' => array(
        'notempty' => array(
            'rule' => array('notEmpty'),
            'allowEmpty' => false,
            'message' => 'Repeat password'
        )
    )
);

public function password($data, $controlField, $test) {
    if (!isset($this->data[$this->alias][$controlField])) {
        trigger_error('Password control field not set.');
        return false;
    }

    $field = key($data);
    $password = current($data);
    $controlPassword = $this->data[$this->alias][$controlField];

    switch ($test) {
        case 'confirm' :
            if ($password !== Security::hash($controlPassword, null, true)) {
                $this->invalidate($controlField, 'Repeat password');
                return false;
            }
            return true;

        case 'length' :
            return strlen($controlPassword) >= 6;

        default :
            trigger_error("Unknown password test '$test'.");
    }
}

This is bad for the following reasons:

  • Has tight coupling to the form, always expects a field password_control to be present. You need to use field whitelisting or disable validation if you don't have one in your data, i.e.: $this->User->save($this->data, true, array('field1', 'field2')).
  • Manually hashes the password the way the AuthComponent does (since there's no clean access to components from the model). If you change the algorithm used in the AuthComponent, you need to change it here as well.

Having said that, it transparently validates and produces proper error messages for both the password and password control fields without requiring any additional code in the controller.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

5

here is the mistake 

'passwordequal' => array('checkpasswords','message' => 'Passwords dont match')

I changed it to 

'passwordequal'  => array('rule' =>'checkpasswords','message' => 'Passwords dont match')

also strcmp function also had mistakes as it would return 0 (i.e False) all the time in the above code

if(strcmp($this->data['Airline']['password'],$this->data['Airline']['confirm_password']) ==0 )
{
    return true;
}
return false;
Improve this answer

1 Comment

Oh, the horrible redundancy! In a case like this you're supposed to use return strcmp(...) == 0.
3

For Validate Password,old password and confirm Password 

class Adminpassword extends AppModel
{


    public $name          =  'Admin';
            public $primaryKey    =  'id';
            public $validate = array(
                'oldpassword' => array(
                        array(
                        'rule' => 'notEmpty',
                        'required' => true,
                        'message' => 'Please Enter Current password'
                        ),
                        array(
                        'rule' =>'checkcurrentpasswords',
                        'message' => 'Current Password does not match'
                        )
                ),
                'password' => array(
                        array(
                                'rule' => 'notEmpty',
                                'required' => true,
                                'message' => 'Please Enter password'
                        ),
                        array(                              
                         'rule' => array('minLength', 6),
                         'message' => 'Passwords must be at least 6 characters long.',
                        )
                ),
                'cpassword' => array(
                        array(
                        'rule' => 'notEmpty',
                        'required' => true,
                        'message' => 'Please Enter Confirm password'
                        ),
                        array(
                                'rule' => 'checkpasswords',
                                'required' => true,
                                'message' => 'Password & Confirm Password must be match.'
                        )
                )
            );

   function checkpasswords()     // to check pasword and confirm password
    {  
        if(strcmp($this->data['Adminpassword']['password'],$this->data['Adminpassword']['cpassword']) == 0 ) 
        {
            return true;
        }
        return false;
    }
    function checkcurrentpasswords()   // to check current password 
    {
        $this->id = $this->data['Adminpassword']['id'];
        $user_data = $this->field('password');       
        //print_r(Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true));
        if ($user_data == (Security::hash($this->data['Adminpassword']['oldpassword'], 'sha1', true)))
        { 
             return true;
        }
        else
        {
         return false;
        }
    } 

}
Improve this answer

Comments

2

For CakePHP 2.x users using Authentication you may note that "AuthComponent no longer automatically hashes every password it can find." I.e. the solutions above may not be the correct way of solving the problem for 2.x. http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords

Improve this answer

Comments

1

Heres is my solution:

You must to make a method named match (You can name it what you like):

public function match($check, $with) {
    // Getting the keys of the parent field
    foreach ($check as $k => $v) {
        $$k = $v;
    }

    // Removing blank fields
    $check = trim($$k);
    $with = trim($this->data[$this->name][$with]);

    // If both arent empty we compare and return true or false
    if (!empty($check) && !empty($with)) {
        return $check == $with;
    }

    // Return false, some fields is empty
    return false;
}

And the $validate method must be like this:

public $validate = array(
    'password' => array(
        'match' => array(
            'rule' => array('match', 'password2'),
            'message' => 'Passwords doesnt match',
        ),
    ),
);

Where password2 is the field to compare your first password field

I'm Glad to share it! :D

Improve this answer

Comments

0

Would this help: http://sumanrs.wordpress.com/2011/10/01/cakephp-user-password-manager-authentication-missing-guide/ ? That should take care of password validation.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.