How Yii captcha client side validation work?

Question

i have disabled ajax validation but i have 'enableClientValidation'=>true in form. the sessions are saved in database. then how Yii check Captcha field on focusing another field? i cant see any change in net->all firebug tab.

Answer 1

Client-side validation places JavaScript code at the bottom of the page that validates the data instead of using Ajax. Since there is no way of using JavaScript to validate a Captcha without storing the answer on the client-side this is impossible unless you use Ajax. But the built-in Captcha provided by Yii only validates on form submit even if Ajax validation is enabled.

http://www.yiiframework.com/doc/api/1.1/CActiveForm it states...

There are some limitations of CActiveForm regarding to its AJAX validation support.First, it does not validate with file upload fields.Second, it should not be used to perform validations that may cause server-side state change.For example, it is not suitable to perform CAPTCHA validation done by CCaptchActionbecause each validation request will increase the number of tests by one. Third, it is not designed to work with tabular data input for the moment.

So if you want to have the Captcha validate on the client-side you must use Ajax and you have to program this yourself since this functionality is not provided by default in Yii.

Answer 2

Ajax/client-side validation will not work without calling $form->error() .

If you want to use ajax validation or client side validation, be sure to call..

$form->error($model, 'field')

..in the view file for each field that requires live validation.

I hope it will solve your problem.

Answer 3

we mostly think captcha validation in client side is impossible but it is possible.

Yes yii can do the captcha validation in client side using a simple hash(one side encryption) formula. And for this reason there is no ajax request and "we can't see any change in net->all firebug tab."(Shayan said)

Sometimes we may think that it is impossible to generate a one-side hash using an opensource code such as javascript but it is possible if you encrypt a sentence or a word based on itself. So either the source and the decryption key are absent(something like the crypt function of php). php md5 function do this automatically.

var hash = jQuery('body').data('captcha.hash'); //hash in the jQuery data storage of body
if (hash == null)
    hash = 563;//this simple hash is generated by server and will be different for different captcha images
else
    hash = hash[1];
for(var i=value.length-1, h=0; i >= 0; --i) h+=value.toLowerCase().charCodeAt(i);
if(h != hash) {
    messages.push("The verification code is incorrect.");
}

So using the client side validator the captcha will be validated either in client and server twice.

And another note : The right sentence from yii doc is :

The AJAX-based validation has a few limitations. First, it does not work with file upload fields. Second, it should not be used to perform validations that may cause server-side state changes. Third, it is not designed to work with tabular data input for the moment.

The second note in the yii sentence means when you are using the ajax validation , the server side ajax validation causes the captcha image code in the serverside session repository to be refreshed(The problem i had some days ago) because in an ajax validation process the whole form will be submitted ajaxically to server to validate only ONE field. Yii privided a testTime property with default value 3 for CCaptchaAction to reuse a captcha code if the previous captcha validation was successful. But it is not useful because if your captcha field was empty when the register form is checking the username ajaxically it will be a failure(not success) for the captcha validation. However the solution is as easy as a pie or cake for us to exclude the captcha validation in an ajax validation in the CCaptchaValidator.