I have created a website in php, the website has a signup form and google captcha in it. If the captcha is correct the form will submit successfully. If the captcha is wrong the same page will reload:
$this->session->set_flashdata('message', 'Captcha Error.');
redirect(base_url('signup'), 'Location');
The problem is the page is reloading with empty values, the user entered inputs are gone, can anyone please tell me what am i missing in my code?
Thanks in advance.
You can save your form value in session, and autofill the form based on data in session.
//set formdata to session
$data_session = array(
'name' => $name,
'email' => $email
);
$this->session->set_userdata('form_data', $data_session);
And set the data when you load the register page, and set the value to your view.
//load session data if exist
$data['name'] = null;
$data['email'] = null;
if ($this->session->userdata('form_data') != null)
{
$data['name'] = $this->session->userdata('form_data')['name'];
$data['email'] = $this->session->userdata('form_data')['email'];
}
$this->load->view('register_view',$data);
Dont forget to remove the session if signup is successful.
$this->session->unset_userdata('form_data');
Alternatively you can also use HTTP method and POST / GET the data to the new page (dont use HTTP GET if you want to send the password).
Related
I'm using GUMP https://github.com/Wixel/GUMP for server side form validation and have a question regarding showing messages after a redirect.
I want to validate the form data after submission, then redirect to the form if there was an error but I don't know the best way to pass the errors to the form after the redirect.
I've read this question Header Redirect after form Validation in PHP which suggests two ways of doing this:
1.
$message="Some message for the next page.";
$message=urlencode($message);
header("Location:page.php?message=".$message);
2.
$_SESSION['message']='some other message';
The author of the answer thinks method 1 is more secure, but can you tell me why that would be?
I've also had a look at how it's done by php-form-builder class https://github.com/lkorth/php-form-builder-class, and they seem to use method 2:
/*Valldation errors are saved in the session after the form submission, and will be displayed to the user
when redirected back to the form.*/
public static function setError($id, $errors, $element = "") {
if(!is_array($errors))
$errors = array($errors);
if(empty($_SESSION["pfbc"][$id]["errors"][$element]))
$_SESSION["pfbc"][$id]["errors"][$element] = array();
foreach($errors as $error)
$_SESSION["pfbc"][$id]["errors"][$element][] = $error;
}
So, my question is, which is the best way to go about this? Pass the errors with $_GET or in session variables?
p.s. If I've missed something, and there is a way to do it that's easier/built into GUMP, please point it out!
Two files, one of them contains all the PHP business logic and the other the form (which you include in the first file). The first file does two things: it checks to see if the form was submitted and displays the form. On the first run, there are no error messages because the form has yet to be submitted. If the form is submitted and it does not validate, have the form display the error message(s) (i.e.; <?php echo $gump->get_readable_errors(true) ?>). No need to store the error messages in session. You could also re-populate the form with the previously submitted data.
form.php
<?php
$_error_messages = '';
if (isset($_POST) && !empty($_POST)) :
$gump = new GUMP();
// Let's sanitize the POST data
$_POST = $gump->sanitize($_POST);
$gump->validation_rules(array(
// your validationm rules here
));
$gump->filter_rules(array(
// your filter rules here
));
// Validate the form data
$validated_data = $gump->run($_POST);
if ($validated_data === false) :
// The submitted data did not validate,
// display the errors in the form
$_error_messages = $gump->get_readable_errors(true);
else :
// The submitted data validated successfully
. . .
endif;
endif;
// Display your form
include 'form-view.php';
form-view.php
<!DOCTYPE html>
<html>
<head>
// . . .
</head>
<body>
<section>
<?php echo $_error_messages ?>
<form
action = '<?php echo htmlentities('form.php'); ?>'
method = 'post'
name = 'my_form'
>
// The rest of your form here
</form>
</section>
</body>
</html>
$userData = (new User())
->setPersonCode(123)
->setPhone('+470002342342342');
$userForm = $this->toolbar->getForm(UserType::class, $userData);
I'm creating form from entity class where is setted data. If now I try use:
$userForm->isValid();
I'm getting true, because form data is not submitted, how I can do validation, without setting manually data to form and submitting ?
If you don't want to submit data to a form, skip forms entirely; use the Validator service directly:
<?php
// (Assuming you're in a controller, otherwise inject the validator some other way.)
$userData = (new User())
->setPersonCode(123)
->setPhone('+470002342342342');
$validator = $this->get('validator');
$errors = $validator->validate($userData);
$isValid = count($errors) === 0;
Your question is worded a little strange and im not sure exactly what you want, If you want to manually set the data like above then call $form->submit() passing the user data.
$userData = (new User())
->setPersonCode(123)
->setPhone('+470002342342342');
$userForm = $this->toolbar->getForm(UserType::class);
$userForm->submit($userData);
if(!$userForm->isValid()){
// handle errors
}
If you want to have the user submit data on a form then do something like this:
public function createUserAction(Request $request)
{
$userForm = $this->toolbar->getForm(UserType::class);
$userForm->handleRequest();
if(!$userForm->isValid()){
// handle errors
}
}
$userForm->handleRequest(); will handle taking data that was submitted from the form on the page.
I'm having problems with storing variables in a $_SESSION variable.
I'm using Zend framework and building a 3 step application form. Now, when the first step is done, I store the data in MySQL database, and store the returned insert id in a session variable. Then I forward the page to another controller (step 2). When I forward the request, everything works fine and I can read the id from the session variable. But when I submit the second form (which has the same controller of step 2 as an action) the session is lost. I try to var_dump it, and it returns NULL.
Here's the code:
public function organizationAction()
{
$this->view->vals="";
$form=$this->getOrganizationForm();
$this->aplid=$_SESSION['appid'];
var_dump($_SESSION);
$firsttime=$this->getRequest()->getParam('firsttime',0);
//if(null==$this->aplid) $this->_forward('index','index');
if ($this->getRequest()->isPost() && $firsttime==0) {
if (!$form->isValid($_POST)) {
// Failed validation; redisplay form
$this->view->form = $form;
return false;
}
var_dump($_SESSION);
$values = $form->getValues();
$db=new Util_Database();
if($db->insertOrganization($values,$this->aplid))
$this->_forward('final');
else echo "An error occured while attempting to submit data. Please try agian";
}
$this->view->form=$form;
}
What is the problem here? I tried storing the session_id in the form, and then setting it before session_start(), but it starts a whole new session. Please help!
I'm not sure if this is going to help, because I'm not sure if something else might be happening in step 2. But here goes.
You might be inadvertently overwriting your session data. Here is what I came up with that might help give some ideas.
public function organizationAction() {
$this->view->vals = "";
$form = $this->getOrganizationForm();
$db = new Util_Database();
//This will only submit the form if the is post and firsttime == 0
if ($this->getRequest()->isPost() && $this->getRequest()->getPost('firsttime') == 0) {
//if form is valid set session and save to db
if ($form->isValid($this->getRequest()->getPost())) {
//We only want to initialize the session this time, if we do it
//on the next pass we may overwrite the information.
//initialize session namespace
$session = new Zend_Session_Namespace('application');
//get values from form, validated and filtered
$values = $form->getValues();
//assign form value appid to session namespace
$session->appid = $form->getValue('appid');
//assign session variable appid to property aplid
$this->aplid = $session->appid;
if ($db->insertOrganization($values, $this->aplid))
$this->_forward('final');
else
echo "An error occured while attempting to submit data. Please try agian";
} else {
//if form is not vaild populate form for resubmission
//validation errors will display of form page
$form->populate($this->getRequest()->getPost());
}
}
//if not post display form
$this->view->form = $form;
}
P.S. If your gonna go ZF...Go ZF! :)
I have a form on a php page that is submitted to the same page.
I noticed that if I reload/refresh the page the form gets re-submitted.
How do I code to avoid this in the most easy way?
One possibility is, to implement the post-redirect-get approach.
Simply said, a POST request will be never delivered to the browser. Instead you execute all necessary actions and store the information you need in the session, and then you make a redirect with code 303.
$page = 'show_result.php';
header('Location: '.$page, true, 303);
exit;
Doing it this way, the browser will show the "show_result.php" page (a GET request) instead of the page requested with POST. This is also the page that is added to the history, so refreshing and using the back button will never do another POST request. As a nice side effect you get rid of browser warnings about resending data, normally the user cannot decide what to do then anyway.
I think the biggest problem with this approach is, that you need a session to store error messages, that means you have to rely on cookies. If you do no redirect to display errors, the browser will show the warning about resending data.
This assume a lot of things, but maybe is what you are looking for:
if ($_POST)
{
$success = false;
/*
* if all goes OK managing POST data make $success = true;
*
*/
if ($success)
{
// this will redirects to your original
// form's page but using GET method
// so re-submitting will be no possible
header("location: {$_SERVER['PHP_SELF']}");
exit;
}
}
According to HTTP standard, you ought to make browser to do a GET request after sending POST one.
Here is a sketch example to do the form handling:
<?
if ($_SERVER['REQUEST_METHOD']=='POST') {
$err = array();
//performing all validations and raising corresponding errors
if (empty($_POST['name']) $err[] = "Username field is required";
if (empty($_POST['text']) $err[] = "Comments field is required";
if (!$err) {
//if no errors - saving data and redirect
header("Location: ".$_SERVER['PHP_SELF']);
exit;
} else {
// all field values should be escaped according to HTML standard
foreach ($_POST as $key => $val) {
$form[$key] = htmlspecialchars($val);
}
} else {
$form['name'] = $form['comments'] = '';
}
include 'form.tpl.php';
?>
In CakePHP when a user tries to access an action that is protected with the Auth component they are redirected to the login page.
So for example if I tried to acccess: domain.com/posts/add it would take me to domain.com/users/login
What I want to do is when anything like this happens is add a query string with the previous url like so: domain.com/users/login?back=/posts/add This is because I have disabled autoRedirect so that the redirect is no longer based on the session.
How would I add this query string though? Thanks
Just to confirm I know how to redirect the user using the query string in the login method just not how to send the query string in the first place when a user is sent to the login page from action that requires authorisation.
I do it by accessing $this->Auth->redirect() in the login action, and parsing that value as a hidden param to the login form, check for it's existence if the form is submitted, and send the user back to it.
ie controller:
function login() {
if($this->Auth->user()) { // User got logged in
if(!empty($this->data['User']['referer']) {
$this->redirect($this->data['User']['referer']);
} else {
// Take them to dashboard or something instead
}
} else {
// Set return_to to last page
$referer = $this->Auth->redirect();
if($referer == $this->here) {
$referer = false;
}
$this->set(compact('referer') );
}
}
And in your form something like $this->Form->input('referer', array('type' => 'hidden', 'value' => $referer ?: false); - Note PHP 5.3 ternary.