Cakephp’s Auth Component – validation

The registration form for new users follows validation rules. All the inputs are required. The username should be unique and the username length should be between 3 and 15 characters.

If user or admin choose username that has already been taken, the user account will not be created and the following error will be displayed:

If user or admin type username that is shorter than 3 or longer than 15 characters, the user account will not be created and the following error will be displayed:

The password field and confirmed password field should matched. The rule ‘matchPassword’ is not cakePHP rule, since cakePHP does not have rule to compare fields.
The public function ‘matchPassword’ takes one argument – data. The function compares if password field value matches the confirmed password field value. If fields are equal than function returns true. If fields are not equal than the password confirmation field is invalidate, the error message is displayed and the function returns false.


If user or admin type password and confirmed password that do not match, the user account will not be created and the following errors will be displayed:

Check the previous screens – password and password confirmation fields are hashed. The public function beforeSave() hashed passwords before stored in database:

Cakephp’s Auth Component – edit/delete user’s profile

Users can edit or delete only his/her own profile. Admin can edit/delete others users profiles. Public function isAuthorized compares logged-in user’s id with user’s id from the URL. If the ids match, edit and delete buttons work, otherwise do not work. It also checks if user’s role is ‘admin’.

Moreover the edit/delete buttons associated with others users in users view are hidden:

The users view with hidden edit/delete buttons:

If the user wants to bypass the isAuthorized function and hidden edit/delete buttons by typing edit user URL with someone’s else id e.g.: (user fred id=14 is typing wilma’s id=13)
the error message ‘You can’t access that page’ appears:

Drop Down List for ENUM – Revision

To create FormEnum the first file that has to be modified is the UsesController.php :

After that user add.ctp file was altered:

Unfortunately refreshing the user add page returns error:

In order to fix this error FormEnumHelper.php helper has to be added to app/View/Helper.
Once this file has been added to the appropriate folder on the server admin can see drop-down menu for user roles:

To display drop-down disabled list for non-admin users, the following else statement was added to the already existing if statement (in add.ctp and edit.ctp files):

Right now new users can see disabled role during registration process:


And an existing non-admin users can also see disabled role on edit user profile page: