Friday, August 5, 2011

Sending Email

Sending email in CakePHP is quite simple, however, it can be simpler, especially if you want to follow the DRY methodology. In the controller you want to send email from simply add the following function: 
    function __sendEmail($to, $subject, $data, $template, $cc = false){
        $this->Email->reset();
        $this->Email->from = 'Your Name Here<your@email.here>';
        $this->Email->replyTo = 'your@email.here';
        $this->Email->additionalParams = '-fyour@email.here';
        $this->Email->sendAs = 'both';
        $this->Email->template = $template;
        $this->Email->subject = $subject;
        $this->Email->to = $to;
        if($cc) $this->Email->cc = array($cc);
        $this->set('data', $data);
        if ($this->Email->send()) {
            return true;
        } else {
            return false;
        }    
    }
Now you can call it with a single line: 
$this->__sendEmail('to@email.here', 'Subject', $data, 'templateName', 'cc@email.here'));
Posted by Charles Patterson at 5:31 PM 0 comments
Labels:

Wednesday, August 3, 2011

More Validation Tips and Tricks

A good shortcut when creating Validation rules is to use the desired message as the key name. CakePHP will automatically use the key name as the error message in the absence of an explicit message. 
    var $validate = array(
        'username' => array(
            'Username must contain only letters and numbers' => array(
                'rule' => '/^[a-z0-9]{3,}$/i',
                'required' => true
            ),
            'This username is already taken' => array(
                'rule' => 'isUnique'
            ),
            'Username must be at least 5 characters' => array(
                'rule' => array('minlength', 5),
            ) 
        )
    );
Posted by Charles Patterson at 10:47 AM 0 comments
Labels:

Tuesday, August 2, 2011

Authentication and Passwords

One issue that will pop up is trying to add or edit users with Authentication enabled. Validation won't work properly on the password field because Authentication will hash the password BEFORE it attempts to validate. For example checking for a minimum length will always succeed regardless of the actual password because SHA1 hashed passwords will always be 40 characters.

One method around this is performing the hashing manually. To do this you have to tell your users controller you want to perform your own hashing. Edit /app/controllers/users_controller.php and add the following function: 
    function beforeFilter(){
        parent::beforeFilter();
        if($this->action == 'add' || $this->action == 'edit' || $this->action == 'password'){
            $this->Auth->authenticate = $this->User;
        }
    }
Now when you are using the add or edit actions authentication is done manually. You'll see why the action password is in there later.
Next edit the users model /app/model/users.php and add the following functions: 
    function hashPasswords($data, $enforce=false) {
        if($enforce && isset($this->data[$this->alias]['password'])) {
            if(!empty($this->data[$this->alias]['password'])) {
                $this->data[$this->alias]['password'] = Security::hash($this->data[$this->alias]['password'], null, true);
            }
        }
        return $data;
    }

    function beforeSave() {
        $this->hashPasswords(null, true);
        return true;
    }
Now your users model will hash the passwords before save, allowing validation to take place first.

Another problem, however, is when editing a user, the hashed password is used in the password field of the form and becomes hashed again on save, actually changing the password! I'm surprised this issue isn't addressed in the core of CakePHP.

One way around this is to modify your edit view to clear the password field of the hashed password. Edit /app/views/users/edit.ctp and change this 
    echo $this->Form->input('password');
to this 
    echo $this->Form->input('password', array('value' => ''));
This will require you to enter a password every time you edit the user because your validation is set to require 5 characters in the password field.

So to get around that simply remove the password field from your edit form. You can also remove the edit action from your beforeFilter function in the users controller. Now you can edit the user without worrying about the password.

Then, to edit the password create a password function in your controller and a separate view. Edit /app/controllers/users_controller.php and add this function: 
    function password($id = null){
        /* Only edit own account unless admin */
        if(!$this->Auth->user('admin')){
            $id = $this->Auth->user('id');
        }    
        if (!$id && empty($this->data)) {
            $this->Session->setFlash(__('Invalid user', true));
            $this->redirect(array('action' => 'index'));
        }
        if (!empty($this->data)) {
            if ($this->User->save($this->data, array('fieldList' => array('password')))) {
                $this->Session->setFlash(__('The password has been saved', true));
                $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash(__('The password could not be saved. Please, try again.', true));
            }
        }
        if (empty($this->data)) {
            $this->data = $this->User->read(null, $id);
            /* Don't display current hashed password */
            $this->data['User']['password'] = '';
        }
Now create /app/views/users/password.ctp 
<div class="users form"> 
<?php echo $this->Form->create('User'); ?>
    <fieldset><legend>Change Password</legend>
    <?php
        echo $this->Form->hidden('id');
        echo $this->Form->input('password', array('label' => 'New Password'));
        echo $this->Form->input('confirm_password', array('type' => 'password'));
    ?>
    </fieldset>
    <?php echo $this->Form->end('Save Password'); ?>
</div>
Then modify your users model /app/models/user.php and add the following validation rules and functions: 
        'password' => array(
            'Your password must be at least 5 characters' => array(
                'rule' => array('minlength', 5)
            ),
            'You must enter the same password twice' => array(
                'rule' => array('matchPasswords', 'confirm_password'),
                'on' => 'update'
            )
        ),
        'confirm_password' => array(
            'rule' => 'notEmpty'
        )

    function matchPasswords($data, $confirm_password){
        if ($data['password'] != $this->data[$this->alias][$confirm_password]) {
            $this->invalidate($confirm_password, 'You must enter the same password twice');
            return false;
        }
        return true;
    }
Set appropriate authentication as desired, upload the files and you should be all set.
Posted by Charles Patterson at 5:50 PM 0 comments
Labels: , ,
Subscribe to: Posts (Atom)