Model Validation Always Returns True On Update


I am having some issue with validation rules not seeming to run on an active record update. I am trying to enable an email address update function for my application, however when I enter bogus test data validation doesn’t seem to run at all and the record just updates regardless of what is entered. The validation rules work flawlessly when creating a new record however which is why I am confused!

Here is my controller action:

	public function actionUpdateEmail()


		if(isset($_POST['submit'])) {

			//form is submitted, update email address

			$login_model = new LoginForm();


			$login_model->username = Yii::app()->user->email;

			$login_model->password = $_POST['account']['password'];


			if($login_model->validate() && $login_model->authenticateOnly()) {

				//validated owner, we can now save new email address

				$account_model = Account::model()->findByPk(Yii::app()->user->id);

				$account_model->scenario = 'updateEmail';

				$account_model->email = $_POST['account']['email'];

				$account_model->email_confirm = $_POST['account']['email_confirm'];


				if($account_model->validate() && $account_model->update()) {

					//need to re-login the user with new email



					$login_model->username = $_POST['account']['email'];

					$login_model->password = $_POST['account']['password'];




					//set success flash and redirect

					Yii::app()->user->setFlash('success', 'Your email address has been updated! Please use this address on your next login.');



				else {

					//failed to save, maybe error in input

					Yii::app()->user->setFlash('error', 'There was an error while saving your information, please check the messages below and try again.');

					$this->render('update_email', array('account_model' => $account_model));



			else {

				//failed auth, wrong password

				Yii::app()->user->setFlash('error', 'Your password was incorrect, please try again.');

				$this->render('update_email', array('login_model' => $login_model, 'account_model' => $account_model));



		else {

			//nothing submitted yet, just rez the page




and my model rules:

	public function rules()


		// NOTE: you should only define rules for those attributes that

		// will receive user inputs.

		return array(

			array('email, first_name, last_name, phone_number, address_1, state, country, city, post_code, password, salt, is_active, auth_id, create_time', 'required'),

			array('email, email_confirm', 'required', 'on'=>'updateEmail'),

			array('password, password_confirm', 'required', 'on'=>'updatePassword'),

			array('birthday_time, create_time, login_time, is_active, auth_id', 'numerical', 'integerOnly'=>true),

			array('first_name, last_name, email, phone_number, address_1, address_2, state, country, city, website, facebook_page, twitter_page', 'length', 'max'=>255),

			array('post_code', 'length', 'max'=>7),

			array('password, salt', 'length', 'max'=>88),

			array('password_confirm, email_confirm, id, notes', 'safe'),

			array('email', 'compare', 'compareAttribute'=>'email_confirm', 'on'=>'register, updateEmail'),

			array('password', 'compare', 'compareAttribute'=>'password_confirm', 'on'=>'register, updatePassword'),

			array('phone_number', 'phoneValidator'),

			array('email', 'emailValidator'),

			// The following rule is used by search().

			// Please remove those attributes that should not be searched.

			array('id, first_name, last_name, email, phone_number, address_1, address_2, state, country, post_code, birthday_time, website, facebook_page, twitter_page, password, salt, create_time, login_time, is_active, auth_id, notes', 'safe', 'on'=>'search'),



	//checks if email is unique if not logged in

	public function emailValidator($attribute) {

		$results = Yii::app()->db->createCommand()


					->from('account a')

					->where(' = :email', array(':email' => $this->$attribute))



		if(count($results) > 0 && Yii::app()->user->isGuest && $this->isNewRecord) {

			$this->addError($attribute, 'Email is already in use!');


		else {




Try setting the scenario by editing the controllers $login_model to new LoginForm(‘updateEmail’);