The validation rules

I am implementing a captcha that should only appear for a few minutes after a user mistyped his password. The logic is situated in isLoginAbuse function.

public function rules()


		return array(

			// email and password are required

			array('email, password', 'required'),

			// rememberMe needs to be a boolean

			array('rememberMe', 'boolean'),

			// password needs to be authenticated

			array('password', 'authenticate'),

            array('verifyCode', 'captcha', 'captchaAction' => 'site/captcha', 'allowEmpty'=>$this->isLoginAbuse()),




the problem I have come across is that it calls isLoginAbuse() every time I open the Login page, whereas it should only be invoked only after a user clicks Submit button. I do realize it is what it is supposed to be like. I have tried doing this


but it didn’t work.

Do I have to create my own captcha class and override the run() method to accomplish this simple task? Is there a simpler way?

You can use scenarios for this:


I am not sure how to use’em, but I will try.

btw, is there any way to affect rules once they were defined? (e.g. dismiss captcha validation from within authenticate() function?)

That’s what scenarios are for.

I am not sure if I should create a new topic. So I am gonna ask here.

When the client validation is turned on, Yii generates the following jscript to validate the captcha:

jQuery('body').data('site/captcha.hash', [data['hash1'], data['hash2']]);

to check the code it does this

var hash = $('body').data('site/captcha.hash');

if (hash == null)

	hash = 771;


	hash = hash[1];

for(var i=value.length-1, h=0; i >= 0; --i) h+=value.toLowerCase().charCodeAt(i);

if(h != hash) {

	messages.push("The verification code is incorrect.");



can it be considered safe?

Also, another question I have is is there any way to apply ajax validation to only a certain text-field, rather than to everything residing within CActiveForm widget?

btw, what is hash2 for? It is not used in any way.