| # |
Feb 8th 2018, 15:02 |
 neon1024 |
Which if you’re using them for login, would be a security risk and potential attack vector |
| # |
Feb 8th 2018, 15:01 |
neon1024 |
So anyone could read your cookies with JS |
| # |
Feb 8th 2018, 15:01 |
neon1024 |
You’d use `$this->Cookie->config(['secure' => false, 'httpOnly' => false]);` |
| # |
Feb 8th 2018, 15:00 |
neon1024 |
@sayed I believe you can use an insecure cookie. However I’d recommend just using HTTPS if it’s available. |
| # |
Feb 8th 2018, 14:59 |
sugitime |
is there a decent example of how to validate that an email address has not been used prior to allowing signup? |
| # |
Feb 8th 2018, 14:59 |
sayed |
hmm ok, is there way to make them work together ? |
| # |
Feb 8th 2018, 14:58 |
saeideng |
cookie for HTTP and HTTPs is different |
| # |
Feb 8th 2018, 14:58 |
sayed |
so when logging in through the https domain, somehow removes the CAKEPHP cookie and can’t log in through the http domian, while the https domain works perfectly. |
| # |
Feb 8th 2018, 14:57 |
sayed |
However when i switch this, it doesnt works anymore |
| # |
Feb 8th 2018, 14:57 |
sayed |
Hi guys, i have once again a wierd error. This time it is with the sessions/cookie(CAKEPHP), when e.g. when logging in with a HTTP domain, the session and the default cookie is set. So when i switch over the https domain and refresh it catches the session and logs through. |
| # |
Feb 8th 2018, 14:38 |
sugitime |
thanks for your help hmic |
| # |
Feb 8th 2018, 14:34 |
sugitime |
but I know why that is now actually. man its way too early and I havent had coffee yet lol |
| # |
Feb 8th 2018, 14:33 |
sugitime |
ugh. except now I get the success and error message again. the record is written to the db, but I get both messages. |
| # |
Feb 8th 2018, 14:33 |
sugitime |
nevermind. the messages work now. |
| # |
Feb 8th 2018, 14:32 |
sugitime |
im just getting the generic failure message |
| # |
Feb 8th 2018, 14:31 |
sugitime |
ok so I moved the rules to ->add and now I cant sign up with fail conditions (bad passwords, not matching passwords, etc.) except I am not getting the error message I expect |
| # |
Feb 8th 2018, 14:24 |
sugitime |
hmic: yeah I do hve the min length and compare to in the notEmpty. should I put those in an add option instead |
| # |
Feb 8th 2018, 14:23 |
sugitime |
ok so I got a step further… in the view, I changed Form->create() to Form->create($user), hoping that it was a context issue. Now I get the error error message when I dont meet password requirements, but the record still saves, and I get the success message as well. |
| # |
Feb 8th 2018, 14:23 |
hmic |
thats not gonna do |
| # |
Feb 8th 2018, 14:23 |
hmic |
wait, i just notice. you are nesting the additional rules in the notEmpty options array |
| # |
Feb 8th 2018, 14:21 |
dereuromark |
I recommend using the Passwordable behavior, it has the cleanest approach on it (no injection vector) and also probably safer than what you try to do now, it also includes all the requirements you seem to have. |
| # |
Feb 8th 2018, 14:20 |
dereuromark |
you shouldnt, those checks are done prior to hashing |
| # |
Feb 8th 2018, 14:19 |
sugitime |
yeah I just wish I knew how to get the password hash to also encrypt the verify-password field too |
| # |
Feb 8th 2018, 14:17 |
sugitime |
I put that right before the ->notEmpty calls |
| # |
Feb 8th 2018, 14:17 |
sugitime |
like this?: $validator->requirePresence('username', 'email', 'password', 'verify-password') |
| # |
Feb 8th 2018, 14:16 |
hmic |
but you get your password hashed, which is good ;-) |
| # |
Feb 8th 2018, 14:16 |
sugitime |
yes one moment |
| # |
Feb 8th 2018, 14:15 |
hmic |
can you add the notEmpty and requried calls to your validator please? |
| # |
Feb 8th 2018, 14:15 |
sugitime |
nope I dont get errors |
| # |
Feb 8th 2018, 14:15 |
hmic |
no errors |
| # |
Feb 8th 2018, 14:15 |
sugitime |
thats the Debugger::dump($user), added after the patchEntity call, but before the save call |
| # |
Feb 8th 2018, 14:15 |
sugitime |
https://pastebin.com/6qWKzTDB |
| # |
Feb 8th 2018, 14:13 |
hmic |
debug the user after the patchentity call |
| # |
Feb 8th 2018, 14:13 |
hmic |
sugitime: add: required and notEmpty to the fields?! |
| # |
Feb 8th 2018, 14:12 |
sugitime |
tutorial blogs, I mean |
| # |
Feb 8th 2018, 14:12 |
sugitime |
the data validation and saving the record is code pulled directly from the cakephp 3.5 blogs. |
| # |
Feb 8th 2018, 14:11 |
sugitime |
that is my UsersTable.php and UsersController.php |
| # |
Feb 8th 2018, 14:11 |
sugitime |
https://pastebin.com/MyJM5H0y |
| # |
Feb 8th 2018, 14:10 |
k4t |
can I nest contain inside of matching? Is it valid? |
| # |
Feb 8th 2018, 14:10 |
sugitime |
or… let me double check... |
| # |
Feb 8th 2018, 14:10 |
sugitime |
oh my mistake, sorry, I am using patchEntity |