Search code examples
phpvalidationkohana-3kohana-orm

How to validate given data in ORM?

Kohana's ORM comes with built in Kohana's Validation.

As much as I understood, it validates fields that will be added to the database. It won't work for me because I need to validate fields that come from $_POST (in simple speaking).

Let me give you an example.

In controller:

$data = Arr::extract($this->request->post(), array('username', 'password', 'password_repeatedly', 'email'));

try {

   ORM::factory('User')->sign_up($data);

   $this->request->redirect('sign-in');

} catch(ORM_Validation_Exception $exception) {

   $errors = $exception->errors('error_messages');

   echo 'There were errors:<br />';
   echo Debug::dump($errors);

   exit;

}

Variable $data is array I need to validate. Method sign_up() is just custom method in my ORM model that will create user. Sorry about "echo'es" and "exit's" in controller - I'm just debugging...

My ORM model looks like this:

public function rules() {

   return array(
           'username' => array(
                   array('not_empty')
           ),
           'hashed_password' => array(
                   array('not_empty')
           ),
           'email' => array(
                   array('not_empty')
           )
   );

}

public function sign_up($post) {

   $salt            = $this->_hurricane->generate_salt();
   $hashed_password =
   $this->_hurricane->hash_password($post['password'], $salt);

   $this->username        = $post['username'];
   $this->hashed_password = $hashed_password;
   $this->salt            = $salt;
   $this->email           = $post['email'];

   $this->save();

}

I want to check that those three elements of variable $data are NOT empty! As I said, it checks elements before ORM::save() is called. And if ypu look closer at my code... in my custom method I have set hashed_password to be something. It will make it hashed. Problem is that if user haven't submitted any password (I call that field 'password' in my HTML form, but 'hashed_password' in database)... if no password is submitted - it will hash empty string that will lead to hash anyway. So hashed_password is set!

Then validation is turned on by ORM::save() and in conclusion - password never can be possibly empty! How to deal with this? Extra validation in controller? How would you deal with it? Maybe a little bit different logic?

P.S. Any other suggestions to my code will be appreciated. Thanks in advice!

Solution

  • I don't see what is 'wrong' with your current method.

    You can add a condition (Model_user::signup()) to check if the requested password is empty before hashing it (ofc, not setting it at all if it is), so it'll remain empty and make validation fail.

    One more thing I can notice here is that the signup method itself is ambiguous, it could easily be done using normal create() combined with a filter for password (so that hashed_password and salt are set when it's changed).

    Imho it's also a good practice to use conditional rules / filters, depending on the current objects' state.