I am using some variables in a Yii controller action. Now I want to validate it in another action of the same controller where I am getting the server response. I don't want to use session method. Is there any other way to implement my goal?
one of my action is request and the other is server response handling action.
Related
I'm working with Laravel 5.8 and I'm trying to sent parameters from my controller to a php file that is not a view.
I've tried this way:
return redirect('my-route/?my-parameter='.'value');
But I want to send it with POST method, how can I do that ?
If you are sending a request to another php application (or any application really) then I would also second #Nikolay and check out Guzzle. Or, another option would be to check out Requests I've used both and both I think would get you what you're looking for.
Either option works great when communicating server-to-server (not an ajax call to an internal controller method).
The php file in your public folder will need to be able to check for such request(s). Without knowing what that file looks like, somewhere/how you'll need to check if there are query parameters.
Hope this helps!
I think this is one of the more complex tricks to get right and therefore I have decided to elicit the help of the very knowledgeable people on StackOverflow. My scenario is as follows: I have two entities, a user and an account. A user is always linked to an account upon registration (and depending on the type of user, might be linked to more than one account. Upon registration the function saveUser() is called (via ajax from frontend) and the submitted form data is retrieved from the Request Object. This data is then passed to the function saveAccount($data) (which is called in the saveUser() function) in the form of a parameter and the account is created (sometimes called more than once with different data sets to create various accounts), which is linked to the user.
Now I want to create an account from my admin panel without creating a user, so I want to call saveAccount($data) directly via ajax (from frontend) and pass the form data to it as a PARAMETER (instead of retrieving it in the function via the Request Object), so that I can use the same saveAccount($data) function and that I do not have to create a saveAccount() which works the the Request variable. Does this make sense? Is this possible? If so, how would I go about doing this?
I did not post any code, as I did not see the need for it, this is more a conceptional problem, but if you require the code that I have thus far or if anything is unclear I will be happy to elaborate.
There should not be any saveAccount method, you just rely on relationships between entities, i.e. on a setAccount method, or to a addAccount one in case you need to add an entity to a Collection.
Then Doctrine will take care of saving and persisting everything.
For saving data, I would always rely on a RESTful interface [which you can create easily via FOSRestBundle], and send everything via ajax no matter what; you'll end up with a smoother interface and more maintainable code.
For instances where a controller function can be called either via AJAX with form data or internally by a another controller function the following solution works:
public function saveAccount($data = null)
{
if (empty($data)) $data = $this->getRequest()->request->all();
...
}
Then you can pass an array to the controller function in the same format as your form data array and it will use that data if passed to the function, otherwise it will retrieve the REQUEST (form) data.
I'm pretty new to Symfony2 and am just wondering what would be the preffered way of doing this.
I have lots of admin actions that involve receiving form data and processing it. Naturally, when processing is finished, controller action sends return $this->redirect($this->generateUrl('.....'));.
Now since I have made a JavaScript that submits forms via ajax if browser supports it I need to modify my controller actions to return Response object containing json array but only if request was sent via ajax.
Is it possible to recognize if request sent to controller is AJAX request?
Where in directory tree is the preffered place to place class named ResponseHandler which would do the redirecting or returning json array based on type of request ? I realized Symfony2 is very strict about these things so I want to get it right from the start. Maybe there is even already bundled solution for this in it?
Update
I figured out I can use $this->getRequest->isXmlHttpRequest() in controller.
Question 2 still stands.
Where in directory tree is the preffered place to place class named ResponseHandler which would do the redirecting or returning json array based on type of request?
If you do an AJAX request you store the data in an parameter, a POST or GET parameter. You can access this parameter in the controller with:
// ...
public function finishAction()
{
// if you use a GET request
$data = $this->getRequest->query->get('my-get-parameter');
// and if you use a POST request
$data = $this->getRequest->request->get('my-get-parameter');
// ... do something with the data
}
However to answer your question:
The symfony core framework uses the Event Dispatcher component to trigger and attach events. The events are triggered everywhere in the Symfony code. You can attach a class to an event and when that event is triggered, you can change it. That way, you can modify the Response object.
Events that are thrown in the code can be found in a *Events class in that component. In this case, we want the REQUEST event. Read more on the event dispatcher and how to attach events in the documentation: Event Dispatcher Component and Symfony2 Framework specific documentation.
I realized Symfony2 is very strict about these things
Symfony really isn't strict about your directory structure. It delivers a default Standard Edition with the recommend structure, but you can change it to make it yours. And if a class is written in the PSR-0 standards symfony will load alle classes you need.
I used Zend Framework for near 3 month and I'm searching for a method to pass parameters from the view to the controller in a secure way. I prefer to pass the parameters like $_POST method, but I don't want to use forms.
Is there any method to use in ZF? I only know the url() method but I don't know if this method is works well to passing important data to the controller.
HTTP is a stateless protocol and you can basically choose from four solutions to preserve information between requests (as this is, I think, what you are trying to do, isn't it):
Query string
Hidden elements in forms
Cookie
Session
Session would be the safest. In ZF you have Zend_Session component to help you with session managment.
As far as sending POSTs without form it is rather difficult. Have a look at: Zend Framework: How to POST data to some external page (e.g. external payment gate) without using form?. However, if you only want to sent POST data than you could do it in PHP using cURL.
I think you might be looking for Session variables.
You want to send something that can't be seen from URL into the next request, right? Session is ideal for that.
Update:
I read your question as:
"There is this variable in page, that somehow changes. I want the user to send it to the server, but it should not appear in the URL. But without using forms."
There is no way to initiate POST request (like let the user post a password or sth like that) from browser without forms or javascript axaj call. To send some data via POST you can use Zend_Http_Client(), but that's done server-side and you still need to make a GET request first.
May I ask you how would you implement it using GET? That would help us to understand what exactly you'd like to do.
And the last idea:
I'm searching for a method to pass
parameters from the view to the
controller in a secure way
JUST BEACUSE IT'S NOT IN URL IT'S NOT SECURE! :)
I think what you can use is a digest key
The method has nothing to do with security GET, POST, Cookies or Session a person on the client side can manipulate the params.
Example:
mywebsite.com/widget.php?id=1234&action=delete
A person can change the GET param id and delete whatever they want. Obviously, your controller should implement Auth and perhaps an ACL, for authentication and authorisation, but this still wont prevent URL tampering. For example, what's the stop Bob logging in and altering a URL to edit John's widget.
you generate a digest key by concating the params into a string:
1234+password = "1234password" then generate the MD5 of the result = d5b1ee4b463dc7db3b0eaaa0ea2cb5b4
pass this along the url.
mywebsite.com/widget.php?id=1234&action=delete&mac=d5b1ee4b463dc7db3b0eaaa0ea2cb5b4
inside widget.php you can use the same formula to calculate the digest key and check to see if it matches. If they attempt to change the id to say 4567 the MD5 result would be 09fef3620249f28ae64adc23bded949, so you can deny the request.
If you have more than 1 param on your URI, string them together, add the password and generate an MD5 or SHA1.
All my previous projects have had this workflow on Contact pages
User submits form
Controller gets $_POST details
Controller validates details (and sets error messages if necessary)
Controller sends email
Controller redirects to thanks page
Is this the standard workflow?
I used to validate everything in controllers, and then did some more reading and they recommended against it. Therefore, should I send the $_POST details to a helper type object and let it do all the work (validation/sending)?
In controller we should only check validation. The main validation should be on model before operations with DB.
The controller file need to check & validate the user input data.
After getting & accumulating all the data, it needs to transfer the data to the Model file for checking with the database (if needed) & then need to do some other works from here (like setting sessions / cookies, or sending mails, or firing hooks, ...). However, the control must come back to the same controller method, as all the previous model functionalities must be fired by a method call, from the same controller method.
The proper view method must be called now, and then the output must be rendered to the console.
Hope it helps.
Validation is typically performed in the Model, not in the Controller.
This is because data structures are usually defined in the Model and it is best to compare the acquired data immediately before manipulation (i.e. inserting into a database, etc.).