Store Post Requests Fields in Database using Lumen - php

I'm coding a small yet useful app to serve as an end-Point of HTML Forms, to avoid manually code every time I want to save Forms submissions into Database. Because of the nature of the app, I want to store all the POST's fields sent by the HTML form that sends the request.
This is my approach:
- User in the app creates an endpoint to send form submissions every endpoint will be stored in a table called ENDPOINTS that will have 2 fields: endpoint_URL (plain text to create the HTML endpoint) | data sent (JSON text to receive every field sent, no matter if every submission has different fields) this way I can store all the information without altering the structure of the Database Table every time a new field is received.
-The app then can show an HTML table of the specific endpoint and the information received field and content.
My concerns are:
-every submission (no matter if the submission comes from different endpoints) will be stored in the same database table, therefore it can create a huge list of registries on a single table.
Every time the HTML table is created will need to take the JSON content of the database field and reconstruct the HTML table (instead of using the power of the database to this endeavor).
What do you think could be the best approach to accomplish this? I can think on make a new table every time an endpoint is created and this table will receive every submission of the propper endpoint, nonetheless using this approach needs the database to update the fields every time the form receives different fields from the same endpoint.
I'm using LUMEN Framework instead of plain PHP to focus on the logic of the app rather than security concerns.

Related

How to Handle Concurrency control in PHP & MySql

I am using the core PHP & Mysql to building a project and I have a registration form that is divided into multiforms (say 4 to 5 forms) and each form is getting user details from new users, and i want to save the users data to database tables at the final submission of form, so my question is where to save the data got from mutiforms?
situation: 1. if i use the session variable to store the forms data, then it will take too much server resources to store data to session or worse if i got many users at the same time of registration. so sessions can slow down the server.
Please suggest a solution for that.
Store all data in a database and just match data with user's session id.
you can get all fields in javascript and send to server with ajax. Other solution is request individual form and use SQL transactions.

Approving information prior to storing in database?

I am developing a web-based iPhone app and possibly a PC friendly website version as well. The goal here to to allow users to submit a form where specific input values would be stored into a table in the database.
Mind you this information is being gathered for public display and will be posted onto a calendar or list.
However, to prevent from any trolling or spamming, I'd like to make it where submissions have to be approved prior to being submitted into the table.
I have no problem with creating the table, connecting to the database, storing input values into the corresponding table columns. The only issue is how would I go about setting up an approval system? Can I add information to a table via email? Is there a way to approve admissions in cPanel?
This is something that I would like make as smooth as possible, I am expecting a lot of submissions daily with quite a bit of information.
You can have two approaches for this.
Approach 1
Have two copies of the table (which you want to save information
into). The first one should be named tableName_Input. The second one
should be tableName_Final.
Any Data in '_input' is considered raw and needs approval. Once approved the data will be moved into '_final'. The LIVE list/calendar always read from '_final' data.
Approach 2
Have a column named 'isApproved' with a flag 0/1. If 1 it is approved, else it is not. Only show data that is Approved.
Now, how do you get the data approved ?
You have a hard fast rule like spam filter that tells certain post is valid and approved by default
After every post, you send the user an email or some notification (unique to the user - post) that when answered back, shall mark it as approved.
Optional: You can place a column called as 'approval comments' to fill in something at the time of approval.
Flow chart
Tables
'FirstSubmitContent' - Table to store user submitted information
prior to approval.
'FinalSubmitContent' - Table that stores the final information
Code Pages
Content Page --> Contains the form the user fills the content
ContentActionPage --> Calls the controller --> calls the Model
Controller --> calls the model based on page action
Model --> Interacts with the Database table
I do not have any tools at my disposable now to write more detailed Code or Flowchart. I hope this puts in the right direction.
Validate the form on submission and save info in a temporary table in your DB with a randomly assigned activation code (you could use sha1). Then send an email to user with activation code and a link to verify it, ie. domain.com/activate.php?code=abcde12345.
The activation page can be very simple with just a $_GET['code']. Then check if you find a match in the DB for that code and finally prepare your query with all the info you gathered before to store it permanently.
Then you can make a cron job to delete all records from that table every 24-48 hours so users will have to activate within that time range.

CodeIgniter multi-step signup

I'm currently working on a web app that uses CodeIgniter, in specific, I'm building the signup forms.
This form consists out of 3 different steps, I'm just wondering what the best way would be in order to save information between 2 steps?
I only want to save all the information into the database once the final stap has been completed.
Should I just use native PHP session to do this? Or should I use CI flashdata?
I've used hidden fields and sessions. I tend to save all the form values to a text file at the end of each stage. Then if something happens at any given stage I can choose what to do with the data saved in the text file.
For instance, if you wished you could capture an email address on the first page. If the form doesn't get completed (as in all stages were successfully completed), then you could send an email to the prospective user with a link to the signup form at the appropriate stage. The prospective user would not have to re-fill any of the fields they've filled in and you get a chance to recapture them as a user.
I tend to use the text file as a default way to save all the data from any stage of a multi-stage form. At the end of the form I can process the data into the DB and delete the text file. To catch partially complete signups I can write a script that is executed via a cronjob that runs every minute. I always save a timestamp in the data file representing the last time the file was updated. If the timestamp is more than X minutes old you run your didn't finish signup script on it or just delete it.
Saving data at each stage is simple. After the first stage you create the $dataFile with $dataFile = file_put_contents(json_encode($data)); where $data = array('timestamp'=>...) + $_POST;. Each stage after the first I use $data = json_decode(file_get_contents($dataFile), TRUE) + $_POST;, and $data['timestamp'] = ...;. Then use file_put_contents to save it back to the file. Obviously, you will need to track the $dataFile variable but this is easily done via hidden fields or session data.
The file will only be out there for X minutes before being processed and deleted but if you wish to have security on the text file during that short time frame then I'd suggest looking up a cipher or creating your own variation on the simple Ceasar's cipher. Use the cipher on the field names as well as the values.
Back in Dec I was working through the issue of multi-stage forms in the latest CodeIgniter for myself. I can't say this is a generally accepted best practice but the text file has worked well for me in the past. I posted some sample code for a multi-stage form here: Multi-Stage Form Example.
You can post the values to the next form where you can use hidden fields to store these values so that when you post the last form you have all the values and you can process them at one time.
I faced this case in my latest project and I used the session of Codeigniter to save the data submitted after validation in userdata session as array in the last step I send data to the DB

How to secure JSON call without using a captcha

So we are building a website and created our basic information to send logins to our database. We have trouble trying to disallow requests that just plug their own data in.
E.g.
http://testing.site.com/php/interfaces/User.php?Action=1&Email=test#gmail.com&FirstName=herp%20derp
By replacing email and firstname, they are able to add multiple users to the database and potentially with a script thousands. Is there any way to prevent this without using a captcha? We are trying to be very minimal and open with the site's design so would love some input if this is possible.
One option we have considered is moving our PHP offline and only allowing our API to access it- however it still presents the problem of users adding in authorised data (and overloading our database with thousands of multiple requests)
Here is a sample option, create a table with 2 fields, one is an Auto Increment id and one is a random code, lets name them ID and CODE
When sending that request, create 1 record in that table and pass the ID and CODE along with request, when receiving the request, check if there is a record in database with that ID and CODE process the request and delete that record from database too and if there isn't that record, just ignore request ...

Adding role to user by providing username + mailing + codeigniter ajax

1. Adding role to user
Hello. I am creating my php system that will be used mainly to spread information and managing large database of users.
Let say i have my main "team" settings, and i want to have site where user (admin) can set up team data like "coordinator" or "manager" etc. I want to keep that simple, so admin can set up specific roles (they are stored in database under table team_settings with specific fields like team_manager etc.) by providing username/visible name.
Here is my question. I assume i will need to use jQuery to do simple "quick search" to choose specific user, but here is the deal. How to put this one in my form, that after choosing person, when i post the form i will store user_id in specific table field?
So mainly - how to set up user_id in my field when input will have user name instead?
2. Codeigniter Mailing / Bulk Emails
I am looking for any person that had faced mailing problems while using codeigniter or pure php. My problem is - my shared hosting have 30 sec execution time on PHP scripts, so i need to send email, mobile text message and IM message in this time.
Of course i can use cron to accomplish that, but the question is: Do anyone now any sort of extern API that i can use to send my bulk email? It will be same message (maybe with some variables, nothing more) send to about 150 users maximum.
3. Codeigniter Ajax
I just need to call same methods from my controllers and return different objects - when it is requested by AJAX it should return HTML, but when I call it (or my user) manually, it should load the view. How can i accomplish that?
Thanks in advance for all of your replies.
May The Force Be With You.
Answer for question 3, as I didn't understand the first two.
Simple way of using a function in two different ways:
Send an additinal parameter with ajax request like: ajax=true(either post or get request). when a normal request post/get will be posted, it will not be there. So just have a check that whehter aN ajax named variable exist in post/get request and process data accordingly. IF AJAX FOUND, do not load view, and echo $HTML; else $this->load->view('viewname'); Hope that helps.
After searching the user, when clicking on the edit user are you editing on the same page on a popup or navigating to different page for editing. If you are using same page, store the username in a Javascript global variable and post it while posting other edited details. If you using different page you can pass the username or user_id in the url segment and can use this as a parameter inside the controller function.
http://yoursite.com/controller/functionName/username or id
function functionName($username)
{
//do validate the $username and useit
//if posted update ot display the edit form
}
You can use some email queue concept. Where you insert all the generated emails to a queue table and with status off course. Then process them in a cron job in preferable limit so that it will not exceed the 30second limit. I am have included the same concept for the Codeigniter websites generated using thephpcode.com

Categories