I have a page with 2 forms on it: a registration form and a login form. Each form has a submit button. Now I'm validating both forms, but for example if I press the submit button of the registration form I'd like only to show the error messages of the registration form and not of the login form. At the moment both error message are being shown. Is there a way around this?
<div class="grid-container">
<div class="grid-50 login">
<h3>Inloggen</h3>
<?php
$loginEmail = array('placeholder' => "Email", 'name' => "loginEmail");
$loginPassword = array('placeholder' => "Wachtwoord", 'name' => "loginPassword");
$loginSubmit = array('name' => "loginSubmit", 'class' => "btn", 'value' => "Inloggen");
$loginForgot = array('name' => "loginForgot", 'class' => "link", 'value' => "Wachtwoord vergeten?");
echo form_open('login/inloggen', array('class' => 'grid-100 formc'));
echo form_input($loginEmail);
echo form_password($loginPassword);
echo form_submit($loginSubmit);
echo form_submit($loginForgot);
echo form_close();
?>
<?php echo validation_errors('<p class="error">');?>
</div>
<div class="grid-50 login">
<h3>Registreren</h3>
<?php
$registerName = array('placeholder' => "Naam", 'name' => "registerName");
$registerEmail = array('placeholder' => "Email", 'name' => "registerEmail");
$registerPassword = array( 'placeholder' => "Wachtwoord", 'name' => "registerPassword");
$registerSubmit = array('name' => "registerSubmit", 'class' => "btn", 'value' => "Registreer");
echo form_open('login/register');
echo form_input($registerName, set_value('registerName'));
echo form_input($registerEmail, set_value('registerEmail'));
echo form_password($registerPassword);
echo form_submit($registerSubmit);
echo form_close();
?>
<?php echo validation_errors('<p class="error">');?>
</div>
Validation in the controller
$this->form_validation->set_rules('registerEmail', 'Email verkeerd', 'trim|required|valid_email');
$this->form_validation->set_rules('registerPassword', 'Password te kort', 'trim|required|min_length[4]');
it would be nicer if you create different rules for the login and for you're registration.
how?
create a Form_validation.php file on application/libraries
inside specify the rules for you're login and register example
$config = array(
'login_validation_rules'=>array(
array(
'field' => 'username',
'label' => 'The User Name',
'rules' => 'required'
),
array(
'field' => 'password',
'label' => 'The Password',
'rules' => 'required'
)
),
'registration_validation_rules'=>array(
array(
'field' => 'email',
'label' => 'The Email',
'rules' => 'required|valid_email'
),
array(
'field' => 'firstname',
'label' => 'The Firstname',
'rules' => 'required'
)
)
);
Then on you're controller you can catch what form they are submitting and what validation rules to use example
if($this->input->post('registerSubmit'))
{
if($this->form_validation->run('registration_validation_rules') == FALSE)
{
//error
}else{
//good
}
}elseif($this->input->post('loginSubmit')){
if($this->form_validation->run('login_validation_rules') == FALSE)
{
//error
}else{
//good
}
}
At the same time you're controller will not be cluttered with rules. makes reading easier you can read more of this on the Codigniter manual - validation config file
Do you use two submit in one page? try to make one to submit through javascript or jquery
be cause when you submit the submit it submit the whole page in some browsers
also try this show validate error for each fields
<?=form_error('loginEmail')?>
<?=form_error('registerPassword')?>
Related
I wonder what is the best and the most secured way of handling user's input in Codeigniter. Basically I have form for user's profile made by form helper like this:
echo form_open();
echo form_label($this->lang->line('user_update_profile_first_name'), 'first_name');
echo form_input(array('type' => 'text', 'name' => 'first_name', 'id' => 'first_name', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('first_name', $user_profile['first_name'], false)));
echo form_label($this->lang->line('user_update_profile_last_name'), 'last_name');
echo form_input(array('type' => 'text', 'name' => 'last_name', 'id' => 'last_name', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('last_name', $user_profile['last_name'], false)));
echo form_label($this->lang->line('user_update_profile_birth_date'), 'birth_date');
echo form_input(array('type' => 'text', 'name' => 'birth_date', 'id' => 'birth_date', 'maxlength' => '255', 'required' => 'true', 'value' => set_value('birth_date', $user_profile['birth_date'],
echo form_submit(array('value' => $this->lang->line('user_update_profile_form_submit'), 'name' => 'submit', 'class' => 'btn btn-primary'));
echo form_close();
As you can see in my code I am skipping xss filtering provided in set_value function due to xss filtering is done in form_input() already.
My Controller function for inserting data in DB looks like this
$validation_rules = array(
array(
'field' => 'first_name',
'label' => $this->lang->line('user_update_profile_validation_error_first_name'),
'rules' => 'required|trim|max_length[255]'
),
array(
'field' => 'last_name',
'label' => $this->lang->line('user_update_profile_validation_error_last_name'),
'rules' => 'required|trim|max_length[255]'
),
array(
'field' => 'birth_date',
'label' => $this->lang->line('user_update_profile_validation_error_birth_date'),
'rules' => 'required|trim|max_length[255]'
)
);
$this->form_validation->set_rules($validation_rules);
if($this->form_validation->run()) {
$user_data = array(
'user_id' => $this->profile_data->user_id,
'first_name' => $this->input->post('first_name', TRUE),
'last_name' => $this->input->post('last_name', TRUE),
'birth_date' => date('Y-m-d',strtotime($this->input->post('birth_date', TRUE)))
);
if($this->user_model->update_user_profile($user_data)) {
$view_data['success'] = TRUE;
$new_site_language = $this->language_model->getLanguageFolderById($user_data['site_language']);
$this->lang->load('application/user_lang', $new_site_language);
} else {
$view_data['server_error'] = TRUE;
}
}
I am filtering here data from user by provided $this->input->post('', true) xss filter. In model I am inserting data to DB by active record class. I am just wondering if this is the right and secure way of handling users input if there is not needed something like htmlspecialchars() . But what happens when someone have some "special" chars in name like for example Someone O'Sombody or some names from foreign countries? I am also showing data in navbar using html_escape($this->profile_data->first_name) to prevent running users potentially dangerous code. Did I get this whole "security thing" in the right way or there should be something changed because of potential danger?
I'd like some help please.
This is the array that holds all the validation on a contact form
class Contact_Form extends CI_Controller
{
private $_validation = array(
'fullname' => array(
'field' => 'fullname',
'label' => 'Fullname',
'rules' => 'trim|required|max_length[255]'
),
'email' => array(
'field' => 'email',
'label' => 'Email Address',
'rules' => 'trim|required|max_length[255]|valid_email'
),
'phone' => array(
'field' => 'phone',
'label' => 'Phone',
'rules' => 'trim|max_length[10]|integer'
),
'message' => array(
'field' => 'message',
'label' => 'Message',
'rules' => 'trim|required'
),
'captcha' => array(
'field' => 'captcha',
'label' => 'Security Code',
'rules' => 'trim|required|callback_validate_captcha'
)
);
// This is the part where I validate my contact form inside a method
$this->load->library('form_validation');
$this->form_validation->set_rules($this->_validation);
if ($this->form_validation->run() === true) {
echo 'works!';
}
This is the callback function that validates the captcha
public function callback_validate_captcha($str) {
$post_captcha = $this->input->post('captcha');
$set_captcha = $this->session->userdata('captcha');
if (strcmp($set_captcha, $post_captcha) !== 0) {
$this->form_validation->set_message('validate_captcha', '%s is wrong');
return false;
}
return true;
}
If i hit submit on an empty form I get the error that idicates that captcha is a required field, but if i submit a wrong code i don't get any error at all, which means that the callback is being ignored.
I tried to change my if statement
// change this (althought i feel its more correct)
if (strcmp($set_captcha, $post_captcha) !== 0)
// to this
if ($set_captcha != $post_captcha)
but the problem remains. Any ideas what's wrong?
you are making major mistake you have to make function validate_captcha instead of callback_validate_captcha.
Because callback is form keyword to call a function just try and bingo
This is my code, once it's submitted it should in theory go to localhost/site/main/login_validation.
<?php
echo form_open('main/login_validation');
$emailData = array(
'id' => 'inputEmail3',
'class' => 'form-control',
'placeholder' => 'Email',
'value' => 'email'
);
echo form_input($emailData);
$passwordData = array(
'id' => 'inputPassword3',
'class' => 'form-control',
'placeholder' => 'Password',
'value' => 'password'
);
echo form_password($passwordData);
$buttonData = array("type" => "submit", "class" => "btn btn-success btn-sm", "value" => "Login", 'name' => 'login_submit');
echo form_submit($buttonData, 'Login');
echo form_close();
?>
It sends me to http://joeobrien.kd.io/ci_site/?email=Email%40domain.com&password=password123&login_submit=Login, I assume I’ve made some simple mistake. This link might show you the webpage if it's still online.
Looking at the link you provided you seem to have a form within a form remove the outer one and it should work fine.
How do I show the messages when using the CakePHP validation? As I creating the input fields manually using input() instead using the shorthand form() helper.
e.g. Form:
<?php echo $this->Form->create('User', array('id' => 'loginform', 'type' => 'post',
'url' => array('controller' => 'users', 'action' => 'login'))); ?>
<fieldset id="login">
<ul class="clearfix">
<li id="li-username">
<?php echo $this->Form->input('email', array( 'label' => array('class' => 'placeholder', 'text' => 'Email address or username') )); ?>
</li>
<li id="li-password">
<?php echo $this->Form->input('password', array( 'type' => 'password', 'label' => array('class' => 'placeholder', 'text' => 'Password') )); ?>
<span id="iforgot"><?php echo $this->Html->link('?',
array('controller' => 'users', 'action' => 'forgotpassword'), array('title' => 'Forgot your password?')); ?></span>
</li>
<li id="li-submit">
<button type="submit" title="Log in">Log in ►</button>
</li>
</ul>
</fieldset>
<?php echo $this->Form->end(); ?>
and this is my validation in the user model:
public $validate = array(
'email' => array(
'valid' => array(
'rule' => 'email',
'message' => 'The email is not valid'
),
'required' => array(
'rule' => 'notEmpty',
'message' => 'Please enter an email'
)
)
);
However the validation error messages don't show?
EDIT:
I tested this on my register form at /users/add/ and it works so it seems that the auto validation does not work with the login method???? How do I add validation for the login form then :/
The validation is actually stored in the model object. I'm not entirely sure off-hand how to access the errors, but I think its in $this->User->validationErrors.
Have a look at the model api for more information.
For logging in, use the auth component. If you'd rather not, then just get the user from the db and display an error using $this->Session->SetFlash() if the user doesn't authenticate.
You can show your code login function?
I think in your code that have redirect in-case validate false
If you use $this->redirect() it'll not show validate messages :)
First you check your post data is going to validate function.you can simple check this in your else condition like this :
$this->{$this->modelClass}->set($this->data);
if($this->{$this->modelClass}->validates(){
//Save data in DB
}else{
pr($this->{$this->modelClass}->validationErrors); // This will show your error message
}
You can also show error in your view.ctp file like this
$errors = '';
foreach ($this->validationErrors[$model] as $key => $validationError) {
$errors .= $this->Html->tag('li', $validationError[0]);
}
echo $this->Html->tag('ul', $errors,array('class' => 'error'));
I am trying to set up validation on a simple contact form that is created using the form helper. No validation at all occurs. What is wrong?
In the code below, the “good” keyword always shows, regardless of what is entered into the form, and the saved values set via set_value are never shown.
Controller
// Contact
function contact() {
$data['pageTitle'] = "Contact";
$data['bodyId'] = "contact";
$this->load->library('form_validation');
$config_rules = array ('email' => 'required','message' => 'required');
$this->form_validation->set_rules($config_rules);
if ($this->form_validation->run() == FALSE) {
echo "bad";
$data['include'] = "v_contact";
$this->load->view('v_template',$data);
} else {
echo "good";
$data['include'] = "v_contact";
$this->load->view('v_template',$data);
}
}
View
echo validation_errors();
echo form_open('events/contact');
// name
echo form_label('Name', 'name');
$data = array (
'name' => 'name',
'id' => 'name',
'maxlength' => '64',
'size' => '40',
'value' => set_value('name')
);
echo form_input($data) . "\n<br />";
// email address
echo form_label('Email Address', 'email');
$data = array (
'name' => 'email',
'id' => 'email',
'maxlength' => '64',
'size' => '40',
'value' => set_value('email')
);
echo form_input($data) . "\n<br />";
// message
echo form_label('Message', 'message');
$data = array (
'name' => 'message',
'id' => 'message',
'rows' => '8',
'cols' => '35',
'value' => set_value('message')
);
echo form_textarea($data) . "\n<br />";
echo form_submit('mysubmit', 'Send Message');
echo form_close();
It looks like you're not setting the validation rules according to the way the new Form_validation library does it (the user guide has a section on the new syntax). That seems to be the syntax for the old Validation library.
Try this instead for your $config_rules array and see if your validation runs properly:
$config_rules = array(
array('field' => 'email', 'rules' => 'required'),
array('field' => 'message', 'rules' => 'required')
);
$this->form_validation->set_rules($config_rules);