# |
Feb 8th 2018, 15:38 |
kevin |
has anyone implemented recaptcha on their cakephp site before? |
# |
Feb 8th 2018, 15:35 |
amit |
I am uploading images but the problem is the file is upload and when I save the file name in the db I am getting validation error So I want to upload the image only after validation successfully |
# |
Feb 8th 2018, 15:35 |
neon1024 |
Ah well, if you spotted the missing `s` you win a prize. |
# |
Feb 8th 2018, 15:34 |
neon1024 |
More to the point, why doesn’t my route match? https://gist.github.com/davidyell/bb392b553e7e466fd2317bf6996cc12f |
# |
Feb 8th 2018, 15:32 |
amit |
Hi All |
# |
Feb 8th 2018, 15:28 |
neon1024 |
Why does the routing docs use `[0-9]+` instead of `[\d]+` ? |
# |
Feb 8th 2018, 15:28 |
kevin |
weird. my name in IRC shows up as kevin when slackebot moves the message over |
# |
Feb 8th 2018, 15:27 |
kevin |
ah much easier |
# |
Feb 8th 2018, 15:06 |
neon1024 |
I was a dedicated IRC user, but I quite like the emojii and code highlighting in Slack |
# |
Feb 8th 2018, 15:06 |
slackebot |
!slack |
# |
Feb 8th 2018, 15:06 |
slackebot |
Command sent from Slack by neon1024: |
# |
Feb 8th 2018, 15:06 |
neon1024 |
Yep |
# |
Feb 8th 2018, 15:05 |
sugitime |
is there a slack channel that everyone is sitting in? is that what slackebot is here for? |
# |
Feb 8th 2018, 15:05 |
sayed |
Thanks once again ! |
# |
Feb 8th 2018, 15:05 |
sayed |
@neon1024 Thanks for the explanation, i assumed that the issue might come due to the protocols, anyways the reason i was trying to look for a fix is that i am currently not forcing the domain to a https env. I guess i should just force the domain to a https env. |
# |
Feb 8th 2018, 15:02 |
neon1024 |
Use something like LetsEncrypt to get a cert automatically |
# |
Feb 8th 2018, 15:02 |
neon1024 |
On top of which Google is giving higher ranking to sites which are on HTTPS anyway |
# |
Feb 8th 2018, 15:02 |
neon1024 |
Besides which, you should be logging in on HTTPS anyway |
# |
Feb 8th 2018, 15:02 |
neon1024 |
Which if you’re using them for login, would be a security risk and potential attack vector |
# |
Feb 8th 2018, 15:01 |
neon1024 |
So anyone could read your cookies with JS |
# |
Feb 8th 2018, 15:01 |
neon1024 |
You’d use `$this->Cookie->config(['secure' => false, 'httpOnly' => false]);` |
# |
Feb 8th 2018, 15:00 |
neon1024 |
@sayed I believe you can use an insecure cookie. However I’d recommend just using HTTPS if it’s available. |
# |
Feb 8th 2018, 14:59 |
sugitime |
is there a decent example of how to validate that an email address has not been used prior to allowing signup? |
# |
Feb 8th 2018, 14:59 |
sayed |
hmm ok, is there way to make them work together ? |
# |
Feb 8th 2018, 14:58 |
saeideng |
cookie for HTTP and HTTPs is different |
# |
Feb 8th 2018, 14:58 |
sayed |
so when logging in through the https domain, somehow removes the CAKEPHP cookie and can’t log in through the http domian, while the https domain works perfectly. |
# |
Feb 8th 2018, 14:57 |
sayed |
However when i switch this, it doesnt works anymore |
# |
Feb 8th 2018, 14:57 |
sayed |
Hi guys, i have once again a wierd error. This time it is with the sessions/cookie(CAKEPHP), when e.g. when logging in with a HTTP domain, the session and the default cookie is set. So when i switch over the https domain and refresh it catches the session and logs through. |
# |
Feb 8th 2018, 14:38 |
sugitime |
thanks for your help hmic |
# |
Feb 8th 2018, 14:34 |
sugitime |
but I know why that is now actually. man its way too early and I havent had coffee yet lol |
# |
Feb 8th 2018, 14:33 |
sugitime |
ugh. except now I get the success and error message again. the record is written to the db, but I get both messages. |
# |
Feb 8th 2018, 14:33 |
sugitime |
nevermind. the messages work now. |
# |
Feb 8th 2018, 14:32 |
sugitime |
im just getting the generic failure message |
# |
Feb 8th 2018, 14:31 |
sugitime |
ok so I moved the rules to ->add and now I cant sign up with fail conditions (bad passwords, not matching passwords, etc.) except I am not getting the error message I expect |
# |
Feb 8th 2018, 14:24 |
sugitime |
hmic: yeah I do hve the min length and compare to in the notEmpty. should I put those in an add option instead |
# |
Feb 8th 2018, 14:23 |
sugitime |
ok so I got a step further… in the view, I changed Form->create() to Form->create($user), hoping that it was a context issue. Now I get the error error message when I dont meet password requirements, but the record still saves, and I get the success message as well. |
# |
Feb 8th 2018, 14:23 |
hmic |
thats not gonna do |
# |
Feb 8th 2018, 14:23 |
hmic |
wait, i just notice. you are nesting the additional rules in the notEmpty options array |
# |
Feb 8th 2018, 14:21 |
dereuromark |
I recommend using the Passwordable behavior, it has the cleanest approach on it (no injection vector) and also probably safer than what you try to do now, it also includes all the requirements you seem to have. |
# |
Feb 8th 2018, 14:20 |
dereuromark |
you shouldnt, those checks are done prior to hashing |
# |
Feb 8th 2018, 14:19 |
sugitime |
yeah I just wish I knew how to get the password hash to also encrypt the verify-password field too |