Im new to php and im trying to develo a loggin system, but i cant understand one thing.
For Example:
I hava a object "validator", that do some field checks. In that object i have an array where i save the errors. Like "The password you choose is not valid". Now i want to show this error to the user, the way i do it is passing this array to a Session variable. However i dont like this way of doing it. I create a new object everytime a user submits a form to validate it, but i dont know how to associate that validator object to te user. I want to say "this object belongs to that user".
Thanks,
I think the best way to achieve this goal is to validate your fields with Javascript. There is a lot of tutorials on how to validate fields with Javascript on the internet.
However, if you really want to use PHP, you just need to use the POST method and reload the form's page. Then, with your PHP script, you can validate all fields with your "Validator" object.
Note that you should always validate server side everything you insert in your database. The javascript is only for the UI. Thanks maniator, I wasn't clear enought.
Jean-Philippe
Related
Here's essentially what I'm trying to accomplish. I have an HTML form which is processed by PHP. A user is required to be authenticated to be able to submit this form. However, I do not want the user to loose their work if the session times out while they are working on filling it out.
My thought process is, when I perform my authentication check, if it fails, the authentication module can store the $_POST data in the $_SESSION array, and redirect the user to the login page. Once the user logs in, the login page can redirect the user back to the submission page, and the authentication module would then see that there is saved $_POST data in the $_SESSION array, and set the $_POST array back to the values that were stored in $_SESSION. Then the submission page can process the form data as normal.
I have done testing and verified that it is, in fact (at least in the version of PHP I'm using), possible to overwrite the value of the $_POST superglobal in PHP. And, in this particular situation, it seems to make a lot of sense to do so. Using this method, no other site code anywhere, other than in the authentication module, would have to be modified for every form on the whole site to take advantage of the "saved post data" feature.
So, I've asked myself if I could do this, and the answer is yes. But should I? Or are there potential problems with using this method? Part of me says it make a lot of sense, but another part of me worries it might be bad code design. If I shouldn't do this, what would be the proper way?
Thanks to all the comments. I ended up using the following code placed in a common library file used by all pages. The only downside is you do have to remember to use global $post in any function or method using the special POST data. But it has the advantage of not being hackish like my previous idea.
if (isset($_SESSION['authSavedPost'])){
$post = $_SESSION['authSavedPost'];
unset($_SESSION['authSavedPost']); // So we don't try to re-post the same data twice
}
else{
$post = $_POST;
}
The authentication check function used on this and other forms, if it fails, will save the current POST data as $_SESSION['authSavedPost'] = $_POST so it can later be restored by the above code.
I have a form that the user will submit multiple values to PHP via POST.
The PHP takes the input and if the data entered is valid, it will display a second form for the user to fill out.
After the user has filled out the second form, I need to process the data that was entered in the first form again as well as the data entered in the second form.
What is the best way to access the form data from the first PHP form?
Should I put each value into its own SESSION variable and access it when I need it again later?
I just wasn't sure if this is the best/cleanest way to accomplish this task.
Thanks!
I like the idea of sticking it in the $_SESSION, but depending on your validation needs, it might be better for you to simply use client-side (javascript) validation and some conditional logic to reveal additional form fields. Then you only have one efficient post to the server with all necessary information.
I think it should go without saying, but nevertheless, once it does post to the server you want to re-validate and sanitize the data.
Ok, I am still pretty new to the whole Jquery, Ajax, and PHP side of web design. To be more specific - I am attempting to learn everything all over again after not doing any type of web design for over 10 years lol. I am not looking to have someone write the code for me, all I need is a little push in the right direction. Because I have been searching all over the web to no avail.
What I am attempting to do is create a registration form for my site with multiple inline validations that will validate onBlur. So far I have been able to get two validations to work correctly (checking if the user name already exists in the MySql DB and the password strength) And I am banging my head against the wall at the moment trying to figure out the most efficient way to create multiple validations in one file. My idea is to check if the user name already exists, if the e-mail already exists - and if it is a valid e-mail, check to see if an account exists with a concatenated string of first name and last name, and if the password and retype password fields match. I would like the validation results to display to the right of the text box with either a red x or green check.
Thank you for taking the time to read this, I appreciate any type of guidance
Respectfully,
Paul J. Wesselkamper
I feel like it's to simple because it's so easy but I will give it a try:
You could create the ajax requests in your script posting the user input to an PHP-script every time you recognize an user input.
This PHP-script will check the posted data and send back some information, maybe a code.
In JavaScript you receive this code an show the user what's wrong or right.
Note to check all inputs again when you are inserting them into your database.
I have two software. I want to create a link in the first one to call and fill a form in the second one.
The second one is written in PHP (with CakePHP) and can be accessed by authenticate users. I need to automatically log the users in and fill the form on click of the link.
I don't know how to do that?
I was thinking of this solution, but can you please tell me if you see a better one.
-The link will contain all information to login my user and all information to prefill the form
-The link will be dedicated to this action in my php application. It will automatically log my user in, put the form data in session and redirect to the form page.
-In the form page, if the session variable is not empty I will fill my form.
Please help me and tell me what do you think of this plan.
You can make a route that log you automatically just pass in args your login/pw encoded in md5 after you redirect to what you want.
I am not using the cake but maybe you need to adjust what I propose to fill your wish
You need to turn the GET parameters into POST, that's all and it's dead easy.
See https://en.wikipedia.org/wiki/Post/Redirect/Get
I'm trying to figure out the best practice, as well as safest, way to store a variable with javascript for a web app I'm developing.
I have pages that are generated using php, $_GET and mod_rewrite. They are generated from the id that's given through the url. For example: http://example.com/1125/ (because of mod_rewrite what's actually happening is: http://example.com?id=1125). The php takes $_GET['id'] and retrieves information from the database in accordance the id given, etc... you get the gist.
The problem I'm having is, I have a form on that page where a user can post a question, which is sent via ajax. And I don't know the best way to store the page's id ($_GET['id']).
Right now, I have the id stored in a hidden input within the form (for example: " />). And when the form is submitted to the server and php takes a look a $_POST, it contains ["id"] => 1125. That's how I'm sending the page's id when a question is submitted via the form in the page.
The reason I think that's not secure is, anyone can edit the html (for example through Chrome's inspect element) and change the hidden input's (id) value to any other id.
So my question is, what's the safest way I can store that id with javascript, so when that question form is submitted, It can safely send the correct id to the server? Or any other suggestions thought out with best practice methods?
You only just need to validate the id in the php page that receives the ajax, if the id is valid and the user has permission to use it, then it's ok and it doesn't matter if he changed it through chrome or whatever, but you need to validate because if he changed it for the id that belongs to other user then you have to detect that and error out in that case.
This is just a matter of validate your input according to the priveleges in your application.