I am trying to allow the user to post data to my server as part of a multi-page form without requiring registration. This form post includes a file upload. I'd rather not use ajax for the whole form if I can help it.
This raises the issue of what happens if the user abandons the form mid-way through.
I am new to php but I was wondering if the following is sensible:
Page 1: On "submit", store infromation in session
Page 2: On "submit" store page one and page two data in database.
That way I can have multipage forms but the information is only loaded to my database when the user completes the second page.
Would something like this work?
Related
I have been working on a controller that makes modifications on existing data. The initially received response gives the client a view where client can fill a form and submit it as POST request. After the POST request is handled, client gets redirected to the same page where he/she filled the form.
The problem here is, form is not actually part of that view that is acquired with GET request. The form is being loaded with the help of a button and AJAX request to another route. This part is important: form is not part of the view, it is loaded with an AJAX request on that view.
So, what is the problem? The problem is, I'm currently providing invalid data to the form so I can check out the validation system is working correctly. I should to feed client back with proper error messages and load the form with old inputs that the client has provided. But when I try that, I get the old input and errors on the view, after submitting the form. That's great, but once I click that button to load the form into the page and open it, there's no old input or error data. That is probably because Laravel's old input data and errors bag is only available for the next request. When the controller redirects the client to the route that responses with the view, it receives the error and old input data but when it loads the form by making an AJAX request, they are already cleaned.
To overcome this problem, I have been resetting the old input and errors with the same values for the next request, like below:
#php
session()->flash('errors', $errors);
session()->flash('_old_input', request()->old());
#endphp
This solution was working good on the page that loads the creation but I also have the same mechanism for editing the added resource. Refreshing the old input and error data works for creating phase but doesn't work as well for editing. I have made sure I'm doing everything same for both actions, I checked it out but I couldn't find why there's such inconsistent behaviour. So I dediced to look up for another solution.
How do I make error data and old input data persistent? I will probably need to remove these session datas after the controller done its job or after showing the data to the user with the form view. How do I do that?
I have a submission form, and I wrote a PHP script to make form send an email with input data that the user inserts it in the fields of the form
Now I put the PHP code in the same file of HTML and CSS, I mean that the HTML, CSS and PHP in the same file
When I put the file in the CMS, that what happened to the page, you could see what happen from here: https://www.hochikiamerica.com/acd-landing-2
PHP Script and HTML code of the form
https://github.com/Mstava/FreelancerProject/blob/master/formScript.php
Now, I need to know where to put the PHP code in the HTML file to avoid this
and How to ensure that code is working and it sends the Email
When you click on submit your form action takes you to action_page.php That's where you should read your post variables and send the email. Take a look at this post I wrote several years ago blue host email
A common misconception is that additional PHP can be run upon the user doing something (i.e. clicking submit button). Not the case. When the page has been rendered, no further PHP on that page can be executed.
So, what to do?
You have two options:
(1) You can create a second page (action_page.php or some name), that is specified on the action= attribute of the form tag. That additional page will receive the data the user typed in, via PHP variables $_POST (if method="post") or via $_GET if method=get, and you can then use that data to send the contact form, and either display new data to the user or send the user back to the original page. Of course, you may need additional PHP to acknowledge the form has been sent, etc - and this additional code will need to handle both the case where the user is visiting the page for the first time, and when the contact form has been sent and the user is seeing the page for the second time.
(2) You can use AJAX (javascript/jQuery) to grab the form data, send it to a secondary PHP file, which will receive the data via the $_POST/$_GET variables, send the email, and return a response back to the first page.
These days, mostly we use the second method, because it is much more powerful. For one, the user remains on the same page. For another, there is no page refresh. For another, your javascript can do other things after the form has been sent.
AJAX is actually pretty simple - just do a google search for YouTube videos on creating a login system with PHP and AJAX. You should be able to find one of around 10 mins or less that explains all you need to know to send your contact form, and send feedback back to the calling page.
Here is a 5-minute YouTube tutorial that will show you the basics:
Install a simple PHP and Ajax login system
I have some pages in my web app which deal with the sent data from a form. I want to avoid the following situation:
An user creates (in the client side) a form with the same fields that my original form and sends it to the url which process the forms. Then, my process page receives the form sent by the user and processes it.
Is there any way to do that only forms sent via my web application get processed?
An easy way is to generate a random token, set that in a session variable when you generate the form and add is as a hidden field to the form.
When the form is sumbmitted, you can check the session variable against the form field value.
That ensures that a visitor would need to request the form first but of course they could still to that programmatically, get the token and add that to the form submission.
Are the users not authenticated?
You might want to research around CSRF. There are many articles detailing how to go about that, see below:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html
I had an upload form on my website, where users entered details about their upload file, selected the file and uploaded to the webserver.
The POST action of the form was to submit the file to a php page called upload_control.php, where the post details were validated, and if correct the file was stored on disk an entry was placed in the database. The file was renamed to ID_name before storing, where the ID was taken from the database, as the largest ID so far (just a counter).
Now things have changed and it makes more sense to upload the file to storage elsewhere. This is done straight by the user, the action of the form points to the other server which stores the file if the form was submitted correctly. [ I have no control over the processing done by the other server, it's a storage solution like amazon s3 ]
The problem is: How do I get the last used ID from my database, so that I rename the file to ID_filename with javascript before uploading? (I can store the filename on a hidden form field and the remote server will understand to rename it when it receives it).
Better yet: Is there a way to validate all the form details - using php. not javascript, before submiting the form to the storage solution?
My thoughts are towards sending the form details to a php script on my server with ajax, upon hitting the submit button but before posting, so that the php script can get the latest id from the database, validate the request, send back the new details or the new id, and then really submit the form. -- But how can this by done?
on button click call php function through ajax, and pass all the data collected from page to service as json, php is very strong at parsing json. and you can return result from that method to indicate whether to data is authenticated or not. A nice tutorial to hook you up is this.
http://www.queness.com/post/328/a-simple-ajax-driven-website-with-jqueryphp
I am currently working on a zend framework site using an ACL.
The ACL works and uses a DB for storing privaliges. What I have done so far is, on in a preDispatch I capture where the user wanted to go to, and if they need to login to get there the page displays the login form. I have also captured if a user has submitted a form and stored the data (location and form data). No problems so far.
The user submits the login form, and I then check if I have a location to send them onto, again no problems here, this works.
However I want to be able to submit the original form data now they are autherised - the only problem is, if I redirect them to the page, the call to:
$this->getRequest()->isPost()
fails as it isn't a post request.
I can forward the user to the page on sucessful login, and in the preDispatch set $_POST to the data originally captured, this works as the original POST still stands, this works but I do not think is the correct way to do this - specially the URL - obviously the page displayed is correct, the form has been submitted correctly, but the URL is of the login process.
Obviously I could change from using $this->getRequest()->isPost() but as there are large amounts which would need changing I was hoping not to have to do this.
The way it's done usually (seen this on many sites), would be to store the form data and requested action in session, then redirect the user to a login page. When login is authorized, you read the session for any pending action, reload the form and populate it with data from session (properly clearing any pending action from session afterwards). The user would just have to click Submit again.
The other way to do this would be to use HttpClient and submit the data as POST with it.