I am pretty new in PHP and moreover in Laravel. At this time I am working on a Laravel 5.4 project and I have the following doubt related to a complex custom validation.
I try to explain my situation.
The user can register on the portal using a registration form. After that the form is submitted the record related to the nes user is written into this pm_user table of my database having this strucure:
�����¿����¿����������������
� # � Field � Null� Key� Extra �
�--------------------------------------------�
� 1� id � NO � PRI� auto_increment�
� 2� firstname� YES � � �
� 3� lastname � YES � � �
� 4� email � YES � � �
� 5� login � YES � � �
� 6� pass � YES � � �
� 7� type � YES � � �
� 8� add_date � YES � � �
� 9� edit_date� YES � � �
� 10� checked � YES � � �
� 11� fb_id � YES � � �
� 12� address � YES � � �
� 13� postcode � YES � � �
� 14� city � YES � � �
� 15� company � YES � � �
� 16� country � YES � � �
� 17� mobile � YES � � �
� 18� phone � YES � � �
� 19� token � YES � � �
��������������������������
For example this is an inserted record:
4 Andrea Nobili my-email@gmail.com AndreaNobili e2aea7ce7eb227fed4f8e9b80959c327 hotel <null> <null> 0 <null> <null> <null> <null> <null> <null> <null> <null> f63776d15f76dcdc9f3ac8702d12db89
As you can see this record contains these 3 informations:
- The registration e-mail address: my-email@gmail.com
- A token automatically generated by the system: e2aea7ce7eb227fed4f8e9b80959c327
- The checked field: automatically setted to 0 after the user registration.
In particular this checked* field setted to 0 means that the user have compiled the registration form and that has been inserted in the database but that he have yet not confirmed his registration.
So the process is that: after that the user has been registered on the system he receive an e-mail containing an activation link like this:
http://laravel.dev/activate?email=my-email@gmail.com&token=cce0452d95c358b5b3b97fec5662e12e
This link contains 2 request parameters (the previous registration e-mail address and the token).
So the system could check if exist an unactived user into the pm_user table) having this e-mail and this token. If a user having this e-mail and this token is found it will be actived (changing the checked field value to 1).
And now there is my doubt.
I have created this ActivateRequest class extending the Laravel FormRequest class:
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
/**
* Class ActivateRequest
* @package App\Http\Requests
*
* Rappresenta una richiesta per l'attivazione di un utente albergatore.
* La richiestra proviene dal link inviato nella mail e deve contenere come parametri:
* - Mail con il quale si รจ registrato l'utente.
* - Il token generato.
*/
class ActivateRequest extends FormRequest
{
protected $redirect = 'errors';
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules() {
return [
'email' => 'required|email|exists:pm_user,email',
'token' => 'required',
];
}
}
As you can see this class implement this set of validation rules:
public function rules() {
return [
'email' => 'required|email|exists:pm_user,email',
'token' => 'required',
];
}
In particular the firs rule check if exist a record with this email value into the pm_user table. It works fine.
Now I am asking if I perform a more complex rule and check also if for this specific record (the one having this e-mail value) if the token value (on the token field of this specific row) is the same of the related http request parameter.
Can I perform this kind of complex validation? (it is complex because I am not simply checking if exist a row into the pm_user table having this token but I want check if the eventually founded row having the request e-mail have the same token value).
Or have I to perform this check into my controller\service (after that the previous yet implemented validation is passed)?
via Andrea Nobili
