Skip to content

Customizing Validation Rules

Registration

Shield has the following rules for registration by default:

[
    'username' => [
        'label' => 'Auth.username',
        'rules' => [
            'required',
            'max_length[30]',
            'min_length[3]',
            'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
            'is_unique[users.username]',
        ],
    ],
    'email' => [
        'label' => 'Auth.email',
        'rules' => [
            'required',
            'max_length[254]',
            'valid_email',
            'is_unique[auth_identities.secret]',
        ],
    ],
    'password' => [
        'label' => 'Auth.password',
        'rules' => [
                'required',
                'max_byte[72]',
                'strong_password[]',
            ],
        'errors' => [
            'max_byte' => 'Auth.errorPasswordTooLongBytes'
        ]
    ],
    'password_confirm' => [
        'label' => 'Auth.passwordConfirm',
        'rules' => 'required|matches[password]',
    ],
];

Note

If you customize the table names, the table names(users and auth_identities) in the above rules will be automatically changed. The rules are implemented in RegisterController::getValidationRules().

If you need a different set of rules for registration, you can specify them in your Validation configuration (app/Config/Validation.php) like:

//--------------------------------------------------------------------
// Rules For Registration
//--------------------------------------------------------------------
public $registration = [
    'username' => [
        'label' => 'Auth.username',
        'rules' => [
            'required',
            'max_length[30]',
            'min_length[3]',
            'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
            'is_unique[users.username]',
        ],
    ],
    'email' => [
        'label' => 'Auth.email',
        'rules' => [
            'required',
            'max_length[254]',
            'valid_email',
            'is_unique[auth_identities.secret]',
        ],
    ],
    'password' => [
        'label' => 'Auth.password',
        'rules' => 'required|max_byte[72]|strong_password[]',
        'errors' => [
            'max_byte' => 'Auth.errorPasswordTooLongBytes'
        ]
    ],
    'password_confirm' => [
        'label' => 'Auth.passwordConfirm',
        'rules' => 'required|matches[password]',
    ],
];

Note

If you customize the table names, set the correct table names in the rules.

Login

Similar to the process for validation rules in the Registration section, you can add rules for the login form to app/Config/Validation.php and change the rules.

//--------------------------------------------------------------------
// Rules For Login
//--------------------------------------------------------------------
public $login = [
    // 'username' => [
    //     'label' => 'Auth.username',
    //     'rules' => [
    //         'required',
    //         'max_length[30]',
    //         'min_length[3]',
    //         'regex_match[/\A[a-zA-Z0-9\.]+\z/]',
    //     ],
    // ],
    'email' => [
        'label' => 'Auth.email',
        'rules' => [
            'required',
            'max_length[254]',
            'valid_email'
        ],
    ],
    'password' => [
        'label' => 'Auth.password',
            'rules' => [
                'required',
                'max_byte[72]',
            ],
        'errors' => [
            'max_byte' => 'Auth.errorPasswordTooLongBytes',
        ]
    ],
];