Log message #4115628

# At Username Text
# Feb 8th 2018, 15:28 neon1024 Why does the routing docs use `[0-9]+` instead of `[\d]+` ?
# Feb 8th 2018, 15:28 kevin weird. my name in IRC shows up as kevin when slackebot moves the message over
# Feb 8th 2018, 15:27 kevin ah much easier
# Feb 8th 2018, 15:06 neon1024 I was a dedicated IRC user, but I quite like the emojii and code highlighting in Slack
# Feb 8th 2018, 15:06 slackebot !slack
# Feb 8th 2018, 15:06 slackebot Command sent from Slack by neon1024:
# Feb 8th 2018, 15:06 neon1024 Yep
# Feb 8th 2018, 15:05 sugitime is there a slack channel that everyone is sitting in? is that what slackebot is here for?
# Feb 8th 2018, 15:05 sayed Thanks once again !
# Feb 8th 2018, 15:05 sayed @neon1024 Thanks for the explanation, i assumed that the issue might come due to the protocols, anyways the reason i was trying to look for a fix is that i am currently not forcing the domain to a https env. I guess i should just force the domain to a https env.
# Feb 8th 2018, 15:02 neon1024 Use something like LetsEncrypt to get a cert automatically
# Feb 8th 2018, 15:02 neon1024 On top of which Google is giving higher ranking to sites which are on HTTPS anyway
# Feb 8th 2018, 15:02 neon1024 Besides which, you should be logging in on HTTPS anyway
# Feb 8th 2018, 15:02 neon1024 Which if you’re using them for login, would be a security risk and potential attack vector
# Feb 8th 2018, 15:01 neon1024 So anyone could read your cookies with JS
# Feb 8th 2018, 15:01 neon1024 You’d use `$this->Cookie->config(['secure' => false, 'httpOnly' => false]);`
# Feb 8th 2018, 15:00 neon1024 @sayed I believe you can use an insecure cookie. However I’d recommend just using HTTPS if it’s available.
# Feb 8th 2018, 14:59 sugitime is there a decent example of how to validate that an email address has not been used prior to allowing signup?
# Feb 8th 2018, 14:59 sayed hmm ok, is there way to make them work together ?
# Feb 8th 2018, 14:58 saeideng cookie for HTTP and HTTPs is different
# Feb 8th 2018, 14:58 sayed so when logging in through the https domain, somehow removes the CAKEPHP cookie and can’t log in through the http domian, while the https domain works perfectly.
# Feb 8th 2018, 14:57 sayed However when i switch this, it doesnt works anymore
# Feb 8th 2018, 14:57 sayed Hi guys, i have once again a wierd error. This time it is with the sessions/cookie(CAKEPHP), when e.g. when logging in with a HTTP domain, the session and the default cookie is set. So when i switch over the https domain and refresh it catches the session and logs through.
# Feb 8th 2018, 14:38 sugitime thanks for your help hmic
# Feb 8th 2018, 14:34 sugitime but I know why that is now actually. man its way too early and I havent had coffee yet lol
# Feb 8th 2018, 14:33 sugitime ugh. except now I get the success and error message again. the record is written to the db, but I get both messages.
# Feb 8th 2018, 14:33 sugitime nevermind. the messages work now.
# Feb 8th 2018, 14:32 sugitime im just getting the generic failure message
# Feb 8th 2018, 14:31 sugitime ok so I moved the rules to ->add and now I cant sign up with fail conditions (bad passwords, not matching passwords, etc.) except I am not getting the error message I expect
# Feb 8th 2018, 14:24 sugitime hmic: yeah I do hve the min length and compare to in the notEmpty. should I put those in an add option instead
# Feb 8th 2018, 14:23 sugitime ok so I got a step further… in the view, I changed Form->create() to Form->create($user), hoping that it was a context issue. Now I get the error error message when I dont meet password requirements, but the record still saves, and I get the success message as well.
# Feb 8th 2018, 14:23 hmic thats not gonna do
# Feb 8th 2018, 14:23 hmic wait, i just notice. you are nesting the additional rules in the notEmpty options array
# Feb 8th 2018, 14:21 dereuromark I recommend using the Passwordable behavior, it has the cleanest approach on it (no injection vector) and also probably safer than what you try to do now, it also includes all the requirements you seem to have.
# Feb 8th 2018, 14:20 dereuromark you shouldnt, those checks are done prior to hashing
# Feb 8th 2018, 14:19 sugitime yeah I just wish I knew how to get the password hash to also encrypt the verify-password field too
# Feb 8th 2018, 14:17 sugitime I put that right before the ->notEmpty calls
# Feb 8th 2018, 14:17 sugitime like this?: $validator->requirePresence('username', 'email', 'password', 'verify-password')
# Feb 8th 2018, 14:16 hmic but you get your password hashed, which is good ;-)
# Feb 8th 2018, 14:16 sugitime yes one moment
# Feb 8th 2018, 14:15 hmic can you add the notEmpty and requried calls to your validator please?