Build Your Own PHP Framework
This episode is for members only

Sign up to access "Build Your Own PHP Framework" right now.

Get started
Already a member? Sign in to continue
Playing
39. Validating the login form

Episodes

0%
Your progress
  • Total: 4h 45m
  • Played: 0m
  • Remaining: 4h 45m
Join or sign in to track your progress
01. Setting up
01. Introduction
2m 23s
0%
02. Composer and PSR-4 Autoloading
6m 17s
0%
03. Bootstrapping and structure
3m 18s
0%
04. Error reporting with Ignition
3m 49s
0%
02. Container
05. Using a container
3m 21s
0%
06. Adding service providers
5m 23s
0%
07. Autowiring with reflection
5m 5s
0%
08. Refactoring to a singleton
4m 17s
0%
03. Application config
09. Building the Config class
6m 19s
0%
10. Reading and merging config files
6m 21s
0%
11. Registering service providers through config
2m 13s
0%
12. Using env files
6m 26s
0%
04. Routing and controllers
13. Everything starts with requests
6m 52s
0%
14. Adding routing
5m 27s
0%
15. Responding in routes
4m 13s
0%
16. Cleaning up responding
7m 12s
0%
17. Defining routes in a separate file
3m 10s
0%
18. Creating a controller
5m 17s
0%
19. Using services inside controllers
2m 3s
0%
05. Views
20. Installing Twig
6m 22s
0%
21. Rendering a view
3m 36s
0%
22. Debugging in Twig
4m 45s
0%
23. Creating a base layout
3m 38s
0%
24. Page titles in Twig
4m 31s
0%
25. Creating a Twig config helper
8m 57s
0%
06. Database
26. Setting up and querying the database
13m 29s
0%
27. Working with models
4m 32s
0%
28. Creating an example user profile page
5m 49s
0%
07. Authentication
29. Setting up Sentinel
8m 36s
0%
30. Creating the registration flow
5m 44s
0%
31. Registering and authenticating a user
5m
0%
32. Showing authenticated state
5m 40s
0%
33. Logging in
3m 59s
0%
34. Logging out
3m 2s
0%
08. CSRF Protection
35. Protecting routes with CSRF
7m 51s
0%
36. Adding tokens to forms
6m 5s
0%
09. Flashing messages
37. Basic session flashing
5m 46s
0%
38. Creating a Twig helper and flashing globally
1m 39s
0%
10. Validation
39. Validating the login form
6m 40s
0%
40. Manually adding validation errors
1m 24s
0%
41. Validating the registration form
4m 5s
0%
42. Custom validation rules
9m 39s
0%
11. Middleware
43. How middleware works
5m 41s
0%
44. Adding auth middleware and grouping routes
7m 37s
0%
45. Persisting old form data
6m 53s
0%
12. Exception handling
46. Creating an exception handler
3m 38s
0%
47. Custom 404 (and other error) views
7m 27s
0%
48. Rendering views for CSRF errors
5m 18s
0%
13. Pagination
49. Paginating with Eloquent
7m 48s
0%
50. Building a pagination view with Twig
7m 38s
0%
14. Global helpers
51. Registering functions with PSR-4
1m 50s
0%
52. Container resolution helper
2m 24s
0%
53. View and config helpers
4m 12s
0%
54. Route generator helper
4m 34s
0%

Transcript

00:00
OK, let's talk about an incredibly important part of any app that we're building, and that is validation. Now, we couldn't really do this up until now. Now that we have session flashing enabled, what it means is once we implement validation,
00:13
if this validation fails, we can flash a message and then we can redirect the user back. And that message will be an array of the validation fields that have failed. So if email and password both failed, we'll flash an array of all of the errors. And then we can pick them up in our template really easily.
00:32
You can use any validation library here that you want to. But we're going to go ahead and use respect validation. Feel free to switch this out a little bit later if you don't like it, if you prefer something else. OK, let's go ahead and just pull this in and just start to try and validate.
00:48
So if we head over to the documentation, let's go to the installation section and we'll grab the composer command to pull this in. OK, so let's pull this into our project. OK, let's head straight over to our login controller under our store method.
01:01
And let's start the validation process up here. Before we do this, let's figure out how we are going to pull this validator in. Now, we're actually going to go ahead and alias this. So we're going to pull in respect validation and we're going to pull the validator in.
01:17
But all of these contain static methods. We'll see that in a second. So rather than use validator over and over again, we're going to alias this as B just so it's a little bit more convenient to write.
01:28
So down here in the store method, this will throw an exception if any of the validation rules fail. So let's just do this really plainly, first of all, and then we'll add a try catch block around this to see what we can do. OK, so to use this validator, we use the V validator we aliased
01:46
and we go ahead and choose a key that we want to validate. This is going to be email. This needs to match what you send down in the parsed body. And we know that we called that email.
01:56
So the next thing that we need to do in here is just provide the validation rules. If you need to do anything specific, you can head over to the documentation for this library to see what you need to do. For now, though, let's say that we want the email to be an email address,
02:11
of course, and we want this to be not empty. So, of course, if the user doesn't fill it in, we want to show a validation error. And you just need to chain on any of these methods that you want. For example, we have minimum, maximum, pretty much any validation rules that you need.
02:27
OK, so we can continue to chain onto this to any other things that we need to validate. So next up, let's validate the password. And for us, we're just going to say that we don't want this to be empty. OK, so now that we've defined out the validation rules for the two fields
02:43
that we need to validate, what do we do now? Well, we go ahead and use the assert method, and we pass in the array of data that we want to validate in here. We know that that comes from request and get parse body.
02:56
So let's just pass that directly in. OK, so just doing this, let's see what happens when we try and submit our login form without any details. You can see that we get a validation exception here,
03:08
and it gives us the errors in a rough way. So validation exception, we can go ahead and pick up now, and we can grab the errors specifically, flash them to the session, and then show them on the form.
03:21
So let's add a try catch block around the validation that we're creating here. And let's catch that validator exception. So validator exception, and we'll call that E. OK, how do we get the error messages here?
03:34
Well, we just want to grab them directly from the exception. So let's say E and get messages. And let's see what this gives us. And let's kill the page here as well.
03:43
OK, let's go over and just refresh this and submit the form. We get a fail cross site request forgery check here because this would be regenerated. So we'll have to go and hit the page again for the security to kick in.
03:56
OK, there we go. These are our validation messages. Really, really easy. We've got the key in here for the field, and we've got the actual value.
04:04
Now, you can customize these. I'm not going to do that just now. But of course, head over to the documentation to find out how you can do that. So in here, we now want to flash a message.
04:15
So let's bring in our session functionality into here so we can flash this. So let's pull this in at the top with the correct namespace. And there we go. Let's go down to the exception here.
04:28
And instead of dumping this, let's flash a message with our session error bag. So let's grab this and say add. And let's add errors to this. And let's add those messages to that error bag.
04:44
OK, so now we can redirect. Let's go down here and return a new redirect response. And we can pretty much do the same thing as we did here to redirect the user. So validate, flash a message with that array of errors,
04:58
and then redirect the user back to the login page. OK, let's head back over and hit login. We're redirected back. All we need to do now is pick up those errors on the form.
05:09
And then we can just do this for our register page as well. OK, now that we've done this, inside of the index method, where we're showing the login page, we can go ahead and pass these errors down and then access them with Twig.
05:22
There's a much better way to do this that means that you don't have to pass these errors down every single time. We'll be looking at doing that a little bit later. But for now, let's go ahead and grab the error messages from our session
05:34
using getFlashBag and then getErrors. And we're going to grab the first key from this. Or if there aren't any errors, we're just going to use null. OK, so now what we can do over in our login page is down here,
05:48
underneath our email, is add in an if statement to check these. So we can say errors.email. And we can end that if statement there. And then if there are errors, we can create our component to show this.
06:00
So I'll just write errors in here for now. And we'll grab that in a second. OK, let's hit login. And you can see, sure enough, we have validation errors.
06:08
Let's actually output the error that we have specifically for email. And when we hit login, there we go. So we've got now a validation message showing on the page. And we can just copy and paste this to do exactly the same thing for the password.
06:22
And as you can see now, it shows both of the errors. If we were to go ahead and enter both, of course, this would work. The only problem is at the moment, if we type in, say, an incorrect password, it just redirects us back without any message.

Episode overview

In this episode, we tackle an essential task for any web application: validating the login form. Now that we have session flashing set up, it’s finally possible to provide users with helpful feedback when they submit invalid data.

We start by pulling in the "respect/validation" library using Composer, although you can swap it for another validation library if you prefer. We alias the validator for convenience and define validation rules for the email and password fields—making sure the email is both not empty and a valid email address, and the password isn’t empty.

You’ll get to see how the validation library throws exceptions when the rules are broken. We wrap this with a try-catch block, extract error messages from the exception, and—using our session's flash bag—store them for display. Then we redirect back to the login form, where we pick up and show those errors using Twig. You’ll also see how to present these messages in the UI next to the respective form fields.

By the end of the episode, you’ll know how to flesh out meaningful, per-field validation for login and, by extension, other forms (like registration). We also briefly touch on better ways to pass errors to your templates, which we’ll explore later. For now, you have everything you need to make login validation actually help your users out with clear messages.

Episode discussion

No comments, yet. Be the first!