Hmm, your doing all of your validation manually in the controller ... this is supposed to be done automagically by the model when you save the record.
Read the following through a couple of times: http://book.cakephp.org/view/125/Data-Validation The one thing you have to watch out for is the password field which is automatically hashed by the Auth component, so to check if password_confirm matches password you also need to hash the password_confirm field. It's easy to do this using a custom validation function such as User Model: ... var $validate = array( 'username' => array( 'isUnique' => array( 'rule' => 'isUnique', 'message' => 'Sorry, this username has been taken, please try another', 'last' => true ), 'validChars' => array( 'rule' => '/^[a-z0-9_]{1,}$/i', 'message' => 'Can only include letters, numbers and underscores' ) ), 'password_confirm' => array( 'notEmpty' => array( 'rule' => array('notEmpty'), 'message' => 'This field cannot be left blank', 'on' => 'create', 'last' => true ), 'confirm' => array( 'rule' => array('validateConfirmPassword'), 'message' => 'Password confirmation does not match' ) ) ); function __validateConfirmPassword($field) { $valid = false; if ($this->data['User']['password'] == Security::hash(Configure::read('Security.salt') . $field['password_confirm'])) { $valid = true; } return $valid; } ... HTH Paul. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en