Caution: You are browsing the legacy Logo of the legacy symfony 1 version 1.x part of this website.
This version of symfony is not maintained anymore. If some of your projects still use this version, consider upgrading.

Master Symfony fundamentals

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).
training.sensiolabs.com

Discover SensioLabs' Professional Business Solutions

Peruse our complete Symfony & PHP solutions catalog for your web development needs.
sensiolabs.com
1.2

A classic login form is composed of two fields: a username and a password.

The validation rules are quite straightforward:

  • He wants each field to be required
  • He wants to check the correctness of the password

Here is the first implementation of the login form:

class loginForm extends sfForm
{
  public function configure()
  {
    $this->setWidgets(array(
      'username'  => new sfWidgetFormInput(),
      'password'  => new sfWidgetFormInputPassword(),
    ));
 
    $this->setValidators(array(
      'username' => new sfValidatorString(array('required' => true)),
      'password' => new sfValidatorString(array('required' => true)),
    ));
 
    $this->widgetSchema->setNameFormat('login[%s]');
  }
}

This form enforces the requirements on the username and password fields but does not check the correctness of the password.

First implementation of the login form

The password can only be validated if you also have access to the username value. But as you might know, a validator attached to a field does not have access to the other values of the form.

When a validator relies on another submitted value, you need to create a post validator. A post validator is executed after all other validators and is given the whole array of cleaned up values.

To check the password, we will implement a simple callback validator to ensure that the submitted password is equal to the username. Of course, for his real project, you will have to call the model layer to do the actual work.

Here is the modified login form with the added post validator:

class loginForm extends sfForm
{
  public function configure()
  {
    $this->setWidgets(array(
      'username'  => new sfWidgetFormInput(),
      'password'  => new sfWidgetFormInputPassword(),
    ));
 
    $this->setValidators(array(
      'username' => new sfValidatorString(array('required' => true)),
      'password' => new sfValidatorString(array('required' => true)),
    ));
 
    $this->widgetSchema->setNameFormat('login[%s]');
 
    // add a post validator
    $this->validatorSchema->setPostValidator(
      new sfValidatorCallback(array('callback' => array($this, 'checkPassword')))
    );
  }
 
  public function checkPassword($validator, $values)
  {
    if ($values['password'] != $values['username'])
    {
      // password is not correct, throw an error
      throw new sfValidatorError($validator, 'Invalid password');
    }
 
    // password is correct, return the clean values
    return $values;
  }
}

Now, the form works as expected, but there is still one small problem: if you submit a random password without entering a username, you will have two error messages: a required error for the username and a global error for the wrong password.

Two error messages

But wait a minute, if the username is empty, we don't need to validate the password. Let's change the form to only validate the password if there is a username submitted. This is quite simple, as we just need to ensure that $values['username'] is not empty in the post validator callback:

public function checkPassword($validator, $values)
{
  // before validating the password, check that the username is not empty
  if (!empty($values['username']) && $values['password'] != $values['username'])
  {
    throw new sfValidatorError($validator, 'Invalid password');
  }
 
  return $values;
}

Instead of having a global error, we would rather have the 'Invalid password' error message just above the password field.

That's quite easy to accomplish by throwing an error bound to the password field instead of throwing a global error:

public function checkPassword($validator, $values)
{
  if (!empty($values['username']) && $values['password'] != $values['username'])
  {
    $error = new sfValidatorError($validator, 'Invalid password');
 
    // throw an error bound to the password field
    throw new sfValidatorErrorSchema($validator, array('password' => $error));
  }
 
  return $values;
}

Error message bound to a field