I am working on a CMS backend,and I use Codeigniter to help with the development.
So, I am working on a user table. For example, I allow the backend admin to insert, update the user info.
First there is a table of the user, for each row there is an "edit" button. After clicking on the "edit" button, there is a form for that particular user.
e.g.
UserName: Mr. ABC
Email: abc#a.com
Password: 1234
Since I need to ensure the username is unique and email is unique, I need to use isUnique validation
However, the problem is, how to handle the case, "only the user modify the data, then add the is Unique rule"? Because if I don't change the username, then I will pass the original name to check , and it can not pass the is Unique check , thanks
$this->form_validation->set_rules('name', 'Username', 'trim|required|min_length[4]|is_unique[admin.username]');
You're sending the userID anyway to the server in order to update, You can run a query to check if that username/userID combo exists. if it does, that mean this user didn't change. if it doesn't, you need to check further with is_unique.
That's probably best implemented in a callback if you insist of using form_validation.
basically in your controller you'll two functions
function form_grabber()
{
//get your form and stuff. run this line :
$this->form_validation->set_rules('name', 'Username', 'call_back_isUserNameNotChanged[userID]');
//assuming userID comes from the form aswell.
}
function isUserNameNotChanged($username,$userID)
{
//query DB, return true if match exists or false if it doesn't
}
I don't use codeigniter much, so I'm not sure the exact code to go about this, but how about something like this:
$current_name = // current name in db
if ($this->input->post('name') != $current_name) {
// Name has been changed. Do validation.
}
...
Basically, just check if the posted name is different than what is already in the db. If so, run your validation and do your update. If it's the same, just ignore it.
Related
I am building my wedding website and want to integrate an RSVP form using Gravity Forms. The issue I am running into is how to set certain guest that have +1's. I would like to show an additional guest entry (First Name, Last Name, Meal Option) when the initial First Name and Last Name has been populated. How would I go about doing this? Any help would be great! Thanks in advance!
Here is how I'd solve this problem:
First, you need to put everything in the DB, the easiest way would be to either do it manually or somehow loop through an array/CSV calling add_option($key, $value) Again, I would recommend a mobile/phone number as they'll be unique so you don't pull the wrong "John Smith". I'll assume you'll keep it basic with $key as the unique identifier and $value as boolean as to whether to show additional info. Interestingly, by default, if not found get_option($key) will return false and therefore not show your additional data, which I would assume you'd want anyway. If you'd rather it return true just pass true as the second argument.
Now for your answer:
Your URL is something like https://somesite.com/rsvp?id=1234.
function allowed_plus_one() {
$id = $_GET["id"];
$allowed = get_option($id);
return $allowed;
}
Then assumedly it'll be something like
if (allowed_plus_one()) {
// show form with plus one
} else {
// show form without
}
EDIT:
Keeping separate incase this has already been viewed.
You should also be checking for the existence of $_GET["id"] and behaving accordingly. eg:
if (isset($_GET["id"] && !empty($_GET["id"]) {
//do logic above
} else {
//here by mistake so don't show any form?
}
Perhaps I'm just unsure on the documentation. I've tried to figure it out, but I've never used this Codeigniter library before (Aauth). I'm attempting to create a form / page that will allow a user to change their password. The form works fine, but it's not changing the users password in the database.
The documentation says this:
Please note that I am not sure what "FALSE" represents. I do not see a change password method in the documentation provided here.
update_user($user_id, $email = FALSE, $pass = FALSE, $name = FALSE)
Updates user by using user_id
I'm not seeing any errors.
I'm writing something like this:
// get user info for currently logged user (this part works)
$userdata = $this->aauth->get_user();
// Change Password (not currently changing the password for the user)
$this->aauth->update_user($userdata->id, $userdata->email, $_POST['formpassword']);
Whoops, didn't realize when it said "FALSE" it meant it was required.
The correct solution:
// I did not want to change email or name. Password only.
$this->aauth->update_user($userdata->id, FALSE, $_POST['formpassword'], FALSE);
I have an edit made with blade to edit a resource, like this:
{{Form::model( $post ,['action'=> ['PostController#update', 'id' => $post->id], 'method' => 'post'])}}
Which generates a form with action
http://example.com/posts/edit/123
And my fields, having text and hidden inputs
Seeing this url, it's very easy for a bad-intentioned user to update other posts.
How can I protect the route to make it fail if the id is manipulated with the inspector? Is there any built-in wat to tokenize the id to make sure it matches? Can this also de applied to all the hidden inputs?
Thanks
EDIT:
An example on my hidden fields usage:
My posts are generally questions and answers, when an user tries to add an answer to a question, I set question_id as a hidden field, and I want to check it is not manipulated.
Limonte's answer is correct to secure the ability to edit other peoples posts - and you should always do that. To answer the second half of your question:
I set question_id as a hidden field, and I want to check it is not manipulated.
The problem is that you can never trust the data supplied by a client to your system. You must always assume it has been tampered with.
One option to help minimize the risk is you can use the encryption service by Laravel to do this:
{{ Form::hidden('question_id', Crypt::encrypt($question_id)) }}
Then in your controller
$question_id = Crypt::decrypt(Input::get('question_id'));
Just make sure you've set a random application encryption key in your app.php config file
To protect route you should check permission in PostController#update.
In the method beginning check if user can edit given post:
public function update($postId)
{
$post = Post::findOrFail($postId);
if ($post->user_id !== Auth::id()) {
abort(403, 'Unauthorized action.');
}
// validate, update record, etc.
}
i am having a issue with codeigniter form validation.
my table is as
Sr#, name , dob,pic
$this->form_validation->set_rules('name','Duplicate Name','trim|required|is_unique[mcb.name]');
now when i am trying to edit any record with sr# and check the form validation for name (as i dont want duplicate name too) it gives error.
what i am trying to do is update the record but i don't want duplicate name too.
now for example if i edit the record and don't change name but change
DOB
but it shows the duplicate name.
i want to check duplicate name but not in row i am going to update.
Thanks
Solution is kind of easy I think (if I got your question right)
make two sets of rules
$this->form_validation->set_rules('name','Duplicate Name','trim|required|is_unique[mcb.name]');
$this->form_validation->set_rules('name','Duplicate Name','trim|required');
make a if() before using validation->run()
like this
if ( strtoupper($this->input->post('name')) == strtoupper($old_name) ) { //pass old name in hidden field or load it before this condition via model
$this->form_validation->set_rules('name','Duplicate Name','trim|strtoupper|required');
} else {
$this->form_validation->set_rules('name','Duplicate','trim|required|strtoupper|is_unique[mcb.name]');
}
//all other form_validation checks here
if ($this->form_validation->run()) {}
//edit
added strtoupper() so your unique values are really unique
I would like to do something roughly analogous (but not exactly identical) to the following: I want to create a Person content type, which has an SSN field. I would like to store the SSN field as an integer, but allow the user to input the number as 123-45-6789. This means that before validation triggers, stating that "123-45-6789" is invalid input, I would like to remove the dashes and treat this as an integer.
I've tried to use both a #value_callback function, as well as a non-default validation function. The problem then is that although I can force the value to be validated, the unchanged value is what is passed to the db for insertion, which fails. In example, this means that although I can force "123-45-6789" to be recognized by Drupal as "123456789", the database is still being passed "123-45-6789", which of course fails.
The one obvious solution would be altering this via client side javascript, before the value is even submitted to the webserver. I would strongly prefer to avoid this route.
Apologies if I've misunderstood but you should just be able to do something like this:
function my_validation_handler(&$form, &$form_state) {
if (passes_ssn_validation($form_state['values']['SSN'])) {
// Changing the value in $form_state here will carry on over to the submission function
$form_state['values']['SSN'] = convert_to_db_format($form_state['values']['SSN']);
}
else {
form_set_error('SSN', 'The SSN was invalid');
}
}
Then you'd attach that validation function using $form['#validate'][] = 'my_validation_handler' in either your form build or form_alter function.
Hope that helps
you should use hook_node_presave(). It allows you to change the values of different fields before they are inserted to the database. Here's the official documentation:
http://api.drupal.org/api/drupal/modules--node--node.api.php/function/hook_node_presave/7
Hope this can help :)