This is my code, once it's submitted it should in theory go to localhost/site/main/login_validation.
<?php
echo form_open('main/login_validation');
$emailData = array(
'id' => 'inputEmail3',
'class' => 'form-control',
'placeholder' => 'Email',
'value' => 'email'
);
echo form_input($emailData);
$passwordData = array(
'id' => 'inputPassword3',
'class' => 'form-control',
'placeholder' => 'Password',
'value' => 'password'
);
echo form_password($passwordData);
$buttonData = array("type" => "submit", "class" => "btn btn-success btn-sm", "value" => "Login", 'name' => 'login_submit');
echo form_submit($buttonData, 'Login');
echo form_close();
?>
It sends me to http://joeobrien.kd.io/ci_site/?email=Email%40domain.com&password=password123&login_submit=Login, I assume I’ve made some simple mistake. This link might show you the webpage if it's still online.
Looking at the link you provided you seem to have a form within a form remove the outer one and it should work fine.
Related
I am trying to add class like this "class' => 'form-control' in this but it is not working.
$data = array(
'name' => 'SupplierAddress',
'value' => set_value('SupplierAddress'),
'id'=>'SupplierAddress',
'class' => 'form-control',
'required' => 'true'
);
echo form_input($data);
I wonder what is the best and the most secured way of handling user's input in Codeigniter. Basically I have form for user's profile made by form helper like this:
echo form_open();
echo form_label($this->lang->line('user_update_profile_first_name'), 'first_name');
echo form_input(array('type' => 'text', 'name' => 'first_name', 'id' => 'first_name', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('first_name', $user_profile['first_name'], false)));
echo form_label($this->lang->line('user_update_profile_last_name'), 'last_name');
echo form_input(array('type' => 'text', 'name' => 'last_name', 'id' => 'last_name', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('last_name', $user_profile['last_name'], false)));
echo form_label($this->lang->line('user_update_profile_birth_date'), 'birth_date');
echo form_input(array('type' => 'text', 'name' => 'birth_date', 'id' => 'birth_date', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('birth_date', $user_profile['birth_date'],
echo form_submit(array('value' => $this->lang->line('user_update_profile_form_submit'), 'name' => 'submit', 'class' => 'btn btn-primary'));
echo form_close();
As you can see in my code I am skipping xss filtering provided in set_value function due to xss filtering is done in form_input() already.
My Controller function for inserting data in DB looks like this
$validation_rules = array(
array(
'field' => 'first_name',
'label' => $this->lang->line('user_update_profile_validation_error_first_name'),
'rules' => 'required|trim|max_length[255]'
),
array(
'field' => 'last_name',
'label' => $this->lang->line('user_update_profile_validation_error_last_name'),
'rules' => 'required|trim|max_length[255]'
),
array(
'field' => 'birth_date',
'label' => $this->lang->line('user_update_profile_validation_error_birth_date'),
'rules' => 'required|trim|max_length[255]'
)
);
$this->form_validation->set_rules($validation_rules);
if($this->form_validation->run()) {
$user_data = array(
'user_id' => $this->profile_data->user_id,
'first_name' => $this->input->post('first_name', TRUE),
'last_name' => $this->input->post('last_name', TRUE),
'birth_date' => date('Y-m-d',strtotime($this->input->post('birth_date', TRUE)))
);
if($this->user_model->update_user_profile($user_data)) {
$view_data['success'] = TRUE;
$new_site_language = $this->language_model->getLanguageFolderById($user_data['site_language']);
$this->lang->load('application/user_lang', $new_site_language);
} else {
$view_data['server_error'] = TRUE;
}
}
I am filtering here data from user by provided $this->input->post('', true) xss filter. In model I am inserting data to DB by active record class. I am just wondering if this is the right and secure way of handling users input if there is not needed something like htmlspecialchars() . But what happens when someone have some "special" chars in name like for example Someone O'Sombody or some names from foreign countries? I am also showing data in navbar using html_escape($this->profile_data->first_name) to prevent running users potentially dangerous code. Did I get this whole "security thing" in the right way or there should be something changed because of potential danger?
I've created a view form_variables.php that contains all the form input variables defined in a single file. So that whenever i need to create an input field, i would simply include the form_variables file and then use the form input variables defined in the form_variables.php
Here's what it contains.
<?php
$email = array(
'name' => 'u_email',
'type' => 'text',
'maxlength' => '50',
'class' => 'form-control',
'value' => set_value('e_email'),
'placeholder' => "Enter your Email Address"
);
$pwd = array(
'name' => 'u_pwd',
'type' => 'password',
'maxlength' => '50',
'class' => 'form-control',
'id' => 'pwd',
'placeholder' => "Enter your Password"
); ?>
Now i have another view that contains the form.
<?php echo $this->load->view('includes/form_variables'); ?>
<div class="form-group">
<?php echo form_input($email); ?>
</div>
It still says that the variable $email is undefined. Although it loads the form_variables.php file. Please Help.
Instead of using a view for this purpose. try using a controller
Class form_variables extends CI_Controller
{
function get_email_field()
{
return array(
'name' => 'u_email',
'type' => 'text',
'maxlength' => '50',
'class' => 'form-control',
'value' => set_value('e_email'),
'placeholder' => "Enter your Email Address"
);
}
function get_password_field()
{
return array(
'name' => 'u_pwd',
'type' => 'password',
'maxlength' => '50',
'class' => 'form-control',
'id' => 'pwd',
'placeholder' => "Enter your Password"
);
}
}
Now to call this controller inside another controller
$this->load->library('../controllers/form_variables');
// use your function
$email_field = $this->form_variables->get_email_field();
$pass_field = $this->form_variables->get_password_field();
I hope this will work for you..
i have a better solution to this,this will solve your problem, as well as you can create a dynamic field also :
1st step:
create a common_helper.php function in /helpers.
and place the following code in it.
if (!function_exists('get_field')) {
function get_field($field, $data = array()) {
switch ($field) {
case "email":
return array(
'name' => 'u_email',
'type' => 'text',
'maxlength' => '50',
'class' => 'form-control',
'value' => set_value('e_email'),
'placeholder' => "Enter your Email Address",
);
break;
case "password":
return array(
'name' => 'u_pwd',
'type' => 'password',
'maxlength' => '50',
'class' => 'form-control',
'id' => 'pwd',
'placeholder' => "Enter your Password",
);
break;
case "custom":
if (count($data)) {
$placeholder = (isset($data['placeholder'])) ? $data['placeholder'] : 'Enter you text here';
$length = (isset($data['length'])) ? $data['length'] : '50';
$id = (isset($data['id'])) ? $data['id'] : '';
return array(
'name' => $data['fieldName'],
'type' => 'text',
'maxlength' => $length,
'id' => $id,
'class' => 'form-control',
'placeholder' => $placeholder,
);
}
break;
default:
return array(
'name' => 'textfiled',
'type' => 'text',
'maxlength' => '50',
'class' => 'form-control',
'placeholder' => "Enter your text",
);
}
}
}
2nd step:
autoload it in config/autoload.
when you need it just pass your defined field name to the function e.g.
get_field('password') ,in your case
<?php echo form_input(get_field('password')); ?>
and if you want to create a dynamic field just Passed the following:
$fieldOpt=array(
'fieldName' => 'username',
//optional
'placeholder' => "Enter your username here",
'id'=>'myidfield',
'length'=>'60',
);
<?php echo form_input(get_field('custom', $fieldOpt);?>
hope this will help you.
I have a form in a cakephp view which saves well with a single button, here is the code in the view book_form.ctp
echo $this->Form->create
(
'Book',
array
(
'url' => array
(
'controller' => 'Books',
'action' => 'save_record'
),
'class' => 'span12 the_ajaxform',
'inputDefaults' => array
(
'label' => false,
'error' => false
)
)
);
.
.
// form fields
.
.
$options =array(
'label' => __('Save'),
'class' => 'btn btn-primary',
'id'=>'saveform'
);
echo $this->Form->end($options);
.
.
This works perfect! Now i wanted to add two buttons on that form and this is what i did
$options =array(array(
'label' => __('Save & Close'),
'class' => 'btn btn-primary',
'id'=>'saveform'
),
array(
'label' => __('Save & Create New'),
'class' => 'btn btn-primary',
'id'=>'saveformnew'
)
array(
'label' => __('Cancel'),
'class' => 'btn btn-primary',
'id'=>'formcancel'
));
echo $this->Form->end($options);
But this only brings one button which wont even submit the form,where am i going wrong?
and can each button call a different method in the controller?
Thanks in advance
If you set the name of the submit button, it will have that as a key in the post data, so you can redirect using that info at the start of your action. e.g.
<?php echo $this->Form->submit('btn1value', array('name'=>'btn1'))?>
<?php echo $this->Form->submit('btn2balue', array('name'=>'btn2'))?>
clicking the first button will give post data like:
array(
[btn1] => btn1value
[YourModel] => array(...)
)
Which makes it easy to do something like:
if (isset($this->request->data['btn1'])) {
// btn1 was clicked
} else if (isset($this->request->data['btn2'])) {
// btn2 was clicked
}
I am not sure whether it is "Technically Correct", HTML4, 5 compatible or not etc. but I have always done it something like this, without any problem so far:
<?php echo $this->Form->submit('Delete it', array('name'=>'User[formaction]')); ?>
<?php echo $this->Form->submit('Undelete Selected', array('name'=>'User[formaction]')); ?>
<?php echo $this->Form->submit('Purge Selected', array('name'=>'User[formaction]')); ?>
where "User" is the model name.
Usually one form can have just one action
this lmnitation is no longer true in HTML5 where you can set the form action for every button
so: the following code works only for HTML5 browsers
echo $this->Form->button(
'Your Action Description Here',
array(
'type' => 'submit',
'formaction' => 'yourActionHere' //
)
);
Try this, This is easy to do.
<div class="submit">
<?php echo $this->Form->submit(__('Submit', true), array('name' => 'ok', 'div' => false)); ?>
<?php echo $this->Form->button('Cancel', array('type' => 'button'));?>
Try using the FormHelper's button function to create the submit button and the other buttons and just call end after that without any options. This will output the buttons and end your form for you.
See: FormHelper::button
e.g.:
echo $this->Form->button('Save & Close', array('type' => 'submit'));
echo $this->Form->button('Save & Create New', array('type' => 'button'));
echo $this->Form->button('Cancel', array('type' => 'reset'));
I have a page with 2 forms on it: a registration form and a login form. Each form has a submit button. Now I'm validating both forms, but for example if I press the submit button of the registration form I'd like only to show the error messages of the registration form and not of the login form. At the moment both error message are being shown. Is there a way around this?
<div class="grid-container">
<div class="grid-50 login">
<h3>Inloggen</h3>
<?php
$loginEmail = array('placeholder' => "Email", 'name' => "loginEmail");
$loginPassword = array('placeholder' => "Wachtwoord", 'name' => "loginPassword");
$loginSubmit = array('name' => "loginSubmit", 'class' => "btn", 'value' => "Inloggen");
$loginForgot = array('name' => "loginForgot", 'class' => "link", 'value' => "Wachtwoord vergeten?");
echo form_open('login/inloggen', array('class' => 'grid-100 formc'));
echo form_input($loginEmail);
echo form_password($loginPassword);
echo form_submit($loginSubmit);
echo form_submit($loginForgot);
echo form_close();
?>
<?php echo validation_errors('<p class="error">');?>
</div>
<div class="grid-50 login">
<h3>Registreren</h3>
<?php
$registerName = array('placeholder' => "Naam", 'name' => "registerName");
$registerEmail = array('placeholder' => "Email", 'name' => "registerEmail");
$registerPassword = array( 'placeholder' => "Wachtwoord", 'name' => "registerPassword");
$registerSubmit = array('name' => "registerSubmit", 'class' => "btn", 'value' => "Registreer");
echo form_open('login/register');
echo form_input($registerName, set_value('registerName'));
echo form_input($registerEmail, set_value('registerEmail'));
echo form_password($registerPassword);
echo form_submit($registerSubmit);
echo form_close();
?>
<?php echo validation_errors('<p class="error">');?>
</div>
Validation in the controller
$this->form_validation->set_rules('registerEmail', 'Email verkeerd', 'trim|required|valid_email');
$this->form_validation->set_rules('registerPassword', 'Password te kort', 'trim|required|min_length[4]');
it would be nicer if you create different rules for the login and for you're registration.
how?
create a Form_validation.php file on application/libraries
inside specify the rules for you're login and register example
$config = array(
'login_validation_rules'=>array(
array(
'field' => 'username',
'label' => 'The User Name',
'rules' => 'required'
),
array(
'field' => 'password',
'label' => 'The Password',
'rules' => 'required'
)
),
'registration_validation_rules'=>array(
array(
'field' => 'email',
'label' => 'The Email',
'rules' => 'required|valid_email'
),
array(
'field' => 'firstname',
'label' => 'The Firstname',
'rules' => 'required'
)
)
);
Then on you're controller you can catch what form they are submitting and what validation rules to use example
if($this->input->post('registerSubmit'))
{
if($this->form_validation->run('registration_validation_rules') == FALSE)
{
//error
}else{
//good
}
}elseif($this->input->post('loginSubmit')){
if($this->form_validation->run('login_validation_rules') == FALSE)
{
//error
}else{
//good
}
}
At the same time you're controller will not be cluttered with rules. makes reading easier you can read more of this on the Codigniter manual - validation config file
Do you use two submit in one page? try to make one to submit through javascript or jquery
be cause when you submit the submit it submit the whole page in some browsers
also try this show validate error for each fields
<?=form_error('loginEmail')?>
<?=form_error('registerPassword')?>