Tag Archives: Yii

Yii captcha fails mid-action

As the title suggests, along Sitecore I’ve done some Yii (PHP) development lately.

On one of these Yii projects I noticed a rather strange behavior with the default captcha action. The weirdness is related to a registration form, a standard registration form where a controller is validating and saving an AR model, nothing fancy. Here’s some pseudo:

if($model->validate())
{
    $model->verifyPassword=$model->password=Bcrypt->password_hash($model->password);
    $model->status=User::STATUS_NOTACTIVE;
    $model->randomizeActivationKey();
    if ($model->save())
    {
        etc...
    }
}

Right, so from time to time I get a client-side error saying the captcha text is incorrect, when I know for a fact it’s not. Additionally, and this is what caught my eye, I also get the hashed password appearing in the password field. Instead of 8 dots, I see 60. This led me to believe that the save() method is the one setting the error, and of course that’s what’s actually happening. I knew that save() will call validate() but I did not know that captcha gets refreshed on validate() after a number of calls, three as is the default.
Continue reading