cakePHP验证绕过更新

Question

我有一个配置文件页面，当用户尝试更新其页面配置文件，并且输入不根据验证规则验证，它仍然继续保存（或至少输出成功消息）但没有数据被存储，它将恢复到原始值。只有在通过验证规则时，它才会存储这些值。

我不知道如何解决这个问题，因为我的验证规则看起来正确。有任何想法吗？

验证规则

public $validate = array(
    "username" => array(
     "email" => array(
      "rule" => "email", 
      "message" => "The username must be a valid email address." 
     ), 
     "unique" => array(
      "rule" => "isUnique", 
      "message" => "This username has already been registered." 
     ) 
    ), 
    "password" => array(
     "alphaNumeric" => array(
      "rule" => "alphaNumeric", 
      "message" => "The password can only contain alpha-numeric characters" 
     ), 
     "between" => array(
      "rule" => array("between",8,12), 
      "message" => "The password must contain between 8 - 12 characters." 
     ) 
    ), 
    "company" => array(
     "rule" => "notEmpty", 
     "message" => "Please provide a company name" 
    ), 
    "first_name" => array(
     "rule" => "notEmpty", 
     "message" => "Please provide the contact person's first name" 
    ), 
    "last_name" => array(
     "rule" => "notEmpty", 
     "message" => "Please provide the contact person's last name" 
    ), 
    "telephone" => array(
     "numeric" => array(
      "rule" => "numeric", 
      "message" => "The telephone number must be numeric" 
     ), 
     "maxLength" => array(
      "rule" => array("maxLength",10), 
      "message" => "Your telephone umber must be 10 numbers." 
     ) 
    ), 
    "fax" => array(
     "numeric" => array(
      "rule" => "numeric", 
      "message" => "The fax number must be numeric" 
     ), 
     "maxLength" => array(
      "rule" => array("maxLength",10), 
      "message" => "Your fax umber must be 10 numbers." 
     ) 
    ), 
    "user_type_id" => array(
     "rule" => "numeric", 
     "message" => "Please select a user type" 
    ), 
    "user_status_id" => array(
     "rule" => "numeric", 
     "message" => "Please select the users status." 
    ) 
); 

控制器的方法：

public function profile() { 
    if($this->request->is('post') || $this->request->is('put')) { 
     if($this->Auth->user("id") == $this->request->data['User']['id']) { 
      $this->User->save($this->request->data); 
      $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success')); 
     } else { 
      $this->Session->setFlash("An error has occured updating your profile."); 
     } 
    } 
    $this->request->data = $this->User->read(null,$this->Auth->user("id")); 
} 

Answer 1

您的验证可能正常工作。我认为问题是由于以下逻辑：

if($this->Auth->user("id") == $this->request->data['User']['id']) { 
    $this->User->save($this->request->data); 
    $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success')); 
} else { 
    $this->Session->setFlash("An error has occured updating your profile."); 
} 

if语句仅检查当前登录的用户标识是否与表单中提交的用户标识匹配。如果ID匹配，它会尝试保存该记录。然后它会执行该行。

因此，无论保存的调用是否生效，它仍将移动到下一行$this->Session->setFlash('Your profile has been updated','default',array('class'=>'success'));。这就是为什么它说每次都更新配置文件。

你可能想类似的东西：

if($this->Auth->user("id") == $this->request->data['User']['id']) { 
    if ($this->User->save($this->request->data)) { 
     $this->Session->setFlash('Your profile has been updated','default',array('class'=>'success')); 
    } else { 
     $this->Session->setFlash("An error has occured updating your profile."); 
    } 
} else { 
    this->Session->setFlash("This is not your profile."); 
} 

Answer 2

问题是你如果块。你没有一个周围$this->User->save($this->request->data);

，所以你需要

if ($this->User->save($this->request->data)) { 
    // set good flash 
} else { 
    // else set bad flash 
} 

然后你就需要一个针对Auth->用户（“身份证”）不等于后的数据（或合并如果你只是给出一个通用的消息，那么这两个变成1 if语句）。