As I have right now, I have 3 functions: Main,Login and Panel. Explanation of the 3 functions:
Main
This is the home page. The thing is, on this page there is a login screen as well. So the input will be sent to the function 'Login'.
Login
This is where (only) all the validation will be. If validation fails, I'm sending it back to the Main with the error messages, and if it succeeds, It'll go further to the function 'Panel'.
Panel
Success. You logged in. Nothing special here.
Now my problem is, everything described in the function Login, can mostly fit in the Main function. Is there any reason to not just get everything from Login and put it in Main? So basically when the form is sent, if it fails, stay on the same page but with error messages or 'Succes! you logged in.' I feel like I'm overthinking this too much.
There should be no repetition, validation must be separate function for example validateData(Login) and similar (in calcFunctions.php)
HTML functions should be also in separate functions in for example (view)showFunctions.php then you proceed procedural in index.php you start with if session does not exists you do this else that.
Function login, main and similar are bad because I don't know what they are doing just by looking at their names. Functions you can use for example for particular actions in index.php. showInfoForEveryone, showInfoForLoggedIn, showSingupAndLogin, cleanData, showFormSingUP, showFormSingIn, errortable (array for errors that you can display if there is any), validateData() etc..
This way there is no repetition.
Related
I get the MVC thing. :) I swear I do.
So, I have the main controller that serves up either the Home 'view' or a Login/Registration 'view' based on if the user is logged in.
Works fine and dandy.
On registration an email link is sent, which the user needs to click to verify the account->email, this happens to be a function in the Home controller that fires off a model is the link is valid.
Now, inside this model is the code to update the database with A: Activated/Not, B: Try Count.
Now, once this is done, I want to display the Login/Register 'view' with an appropriate message (failed, not failed, tried too many times, etc...)
I was going to use a redirect and throw the message type, and message text in a session variable and just display it that way, but then got to thinking that I could bypass that by firing off the Home controller index function passing in an array variable containing the message type, and message text.
Boy was I wrong.
So, how can I do this? I'd really like to stay away from relying on sessions
The respective method of Model should return a value (probably an array) that contains status and count (pseudo-code)
$statusCount = $model->getStatusCount($input);
And later pass the data to View
$view->set('statusCount', $statusCount);
So answering the question: yes, you can evade the $_SESSION.
I'm building my first PHP site, and I've got the registration process working even using the new PDO API, however I don't know what to do when I'm done successfully registering the user?
So, in other words, the register.php page doesn't have any markup, I just used it to POST to so I could build the record.
I'm sorry guys, I just don't yet understand how most people use PHP.
You could handle it in many different ways.
Have one page with markup and one page for handling post. (which is how you have it now). Your register.php page can pickup $_POST variables from your form, validate them and if ok then show quick message showing ("Well done!") echo "Well done";
You can also instead of showing echo "Well done", redirect to another page something like thank-you.php that will just show you have registered message. This is good because if your user tries to refresh the page it will not attempt to generate new registration. (See http://php.net/manual/en/function.header.php)
Handle everything in one php file. eg. If $_POST is empty then show registration form. If $_POST has items, check and validate and show message (either success or please fix following data and show form. (Example here: http://www.html-form-guide.com/php-form/php-form-tutorial.html)
Obviously there is a lot more to sending forms - validation/sanitizing being the major part of it, but since you are just learning basics I think you can forget about it for now. Just always remember to research first and try not to invent the wheel (See example http://php.net/manual/en/function.htmlspecialchars.php to help you with sanitizing)
That's up to you. Generally, you will display a registration confirmation page to let the user know that their registration worked. If you are sending an activation email, now would be a good time to do so, and to let them know as well. Also, a link to the members area from that page is helpful. You can also log the user in directly from the registration confirmation page.
I've seen this behaviour in many websites and web applications but I'm not able to find a "clean and standard" way to reproduce it: the user fills in the form, submits it and then, after a successful validation, the form is reloaded with a message on top saying something like "The item has been saved". No problems so far, what I can't understand is how they keep displaying the confirmation message if that specific page is reloaded, but when the user goes to another page and then returns to the original one (the one containing the form) the message is not there anymore. There seems to be no get or post data, so I'm assuming session variables or cookies are used instead, but how do they know when to keep and when to unset them? Or maybe I'm wrong and there is some other way... help me, please!
My guess would be that they used a session variable which unsets itself the moment that page is accessed. So if they try to access it again, they are simply redirected.
Maybe the page with the form doesn't have any "unset" session variable but the others do ?
I am currently working on adding pre-validation to my website. So that pages that require a log-in or other criteria, will only display if your session matches that criteria. I've got most of the system working, but I have one major obstacle. I cannot figure out how to stop CodeIgniter from running the rest of the controller (and thereby showing the page anyways), when the validation fails.
Here is my configuration:
All my pages are in the Content controller
My security system is a model called security.php
In the _head private function (which is called by every page), I load security.php and call it's main function: run()
$this->security->run() gets the specific validation criteria for the page, and checks them.
If the user passes, then run() does nothing, and the page execution continues
This is where I need help. If the user does not pass, then I need to display an error page, and stop the controller from calling any other views.
Does anyone know how to do this?
Thanks,
Lemiant
You could do one of two things. A would be to redirect to another page with a differant uri. B would be to use an if/else statement to choose which view you show under the same uri.
One thing you need to do is have the security method you talked about return TRUE or FALSE if it is successful or not.
Examples:
A:
if(!$this->security->run())
{
redirect('my/error/page');
}
B:
if($this->security->run())
{
// Security Passes, proceed as normal
}
else
{
// Security Fails, show error page
}
Hope this helps
How stop execution of codeigniter: die(); or exit();
But, I don't think that's really what you want to do. What you want to do is to load a different view to show an error page if the validation fails.
Im trying my first form validation with PHP.
I need some guidance with the logic.
I have purchase.php (which has the form) and review-purchase.php(which sets SESSION variables and displays the user data inputted)
If any of the fields fail validation I don't want the user to get to review-purchase.php
Should I be sending the user to the review-purchase.php script, checking validation there and then redirecting back the purchase.php with an error message?
or
should I be using an if/else statement with $_SERVER['php_self'] etc in the form action="" and keep all the validation on the purchase.php page itself and only letting purchase-review run if everything passes validation?
Sorry for the confusing question but i myself am very confused...
That's a question many people ask themselves, and there is probably not one right answer...
What I generally do, in your case, is :
purchase.php displays the form
that form posts on itself (ie, purchase.php)
when data has been submitted, it is dealt with -- still in purchase.php
if there is an error (like something not OK in the input), you can re-display the form really easily, this way : you already have every values that were typed in by the user
if there is no error, you can do whatever you have to with the data ; like set it in session, if that's what you need, or save it to database, for instance.
only when everything was OK (data validation OK and storage OK), you redirect to "confirm.php"
that confirmation page does nothing except display a message saying "thanks for your purchase", or something like that.
It means putting more stuff in your purchase.php, yes :
(re-)displaying of the form
dealing with the input
But, this way, it is really easier to re-display the form, pre-filled with what the use first typed, when there's a validation error.
You can use functions/classes/methods or even some included files, though, to not end up with one big chunk of un-readable / un-maintenable code...
If your form posts to another page, it'll be really harder to re-display the form... If you are using redirections, you'll to pass everything in the URL, and it'll be a mess (And there's a size limit, too)
Here, it means I would totaly remove your review-purchase.php file ; and transform it to a confirmation page, so the user knows everything was OK and his purchase is being take care of.
I suppose it's quite what you meant in your last paragraph, actually :-)
Just beware : you have to think about escaping data before injecting it back into the form (see htmlspecialchars and/or htmlentities) ; that is true for everything you get from the user (And, probably, for PHP_SELF too, I'd say) ;-)
Well, it seems you have a misconception about where and when PHP code is executed. If you want to validate user input on the server side - with PHP (and you should because any JavaScript validation on the client can be worked around by a nefarious user) - the PHP validation can only occur after the user has posted data. That is no matter to which page the user posts the data - be it the original form or a different page.
So, in your situation if you want users to go to a page if validation is successful and to a different page is validation fails yo will need to do a redirect anyway.
In this case you have two paths:
user requests Purchase.php and fills out the form
user posts data to validation page
if data is valid -> display purchase review information
else -> re-display form page and have user re-enter data
So if Purchase.php posts to itself, you can validate there and redirect to review.php only if data is valid. Which means that in the successful case you do 2 redirects and in the failed case you do only 1 post.
On the other hand, if you post directly to review.php and you validate there, you have 1 post in the successful case, and 2 in the failed case.
The above is true no matter how you spin it - unless you use the same URL for the form and the review, in which case you can put logic in the same place to do the form, validation and purchase review in the successful case.
I hope this helps.
The most common way of doing this would be to do all your validation checks in purchase.php. This way, if there are validation errors, it's easier to re-display the form with all of the information that the user has already entered.
If the validation passes, you can do a redirect to review-purchase.php with the necessary purchase information set in a database, or possibly $_SESSION if you're not using a database.
If you can separate the validation code into functions, and the display code into templates to be included, you can achieve a nice separation of logic that would allow you to use them from whichever file you go with. You might be able to avoid a redirect in that way, ie. in purchase.php you could check if there's $_POST input, validate it, and either re-display the form template, or display the purchase review template.