Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Controller Prevalidation & Token checking


I have started using Phalcon since CodeIgniter's developers don't want to tell us what is gonna happen with their framework. So I came across with form validation which is something that's the easiest thing in previously mentioned framework. The problem which I encountred is prevalidation - I need to validate password length before I save it into database. I could do that with validation function in specific model but I already encrypt the password in controller. I also found out the filter, but that's not something which would be useful in my case.

The second thing is token checking. I added this code to view:

{{ hidden_field('id': 'register', 'name': security.getTokenKey(), 'value': security.getToken()) }}

{{ submit_button('Register') }}

And that's how I'm checking token in controller:

if ($this->request->isPost() && $this->security->checkToken()) {



Is that way right?

Thank you for help!

Nice one! I have already seen that, but I wasn't sure that this is really neccessary and now I'm completely excited that this way is easier as ever before (on CI).

What about CSRF - it's already included into form itself, but do I need any other code to confirm right CSRF token or this is already done in form?

Thank you again!

Just one more question... It is possible to remove value of password if some other field in form is not correctly entered?