Basically I have an anchor tag (update) that gets the id of the request in the table and load the update view getting all the request details
<i class="fa fa-eye"></i> Update
This is then received in my method
public function update_request_view($idx)
{
//some code here to load the view and get details
}
The url then becomes http://localhost/dashboard/staff/request/update_request_view/48
Now when I try to save the update that I make using another method
public function update()
{
$idx = $this->uri->segment(5);
}
My $idx variable is empty. When I use $this->uri->segment(4), I get update_request_view.
I dont wanna use hidden fields since it will cause lots of security issues and also when I will be able to work this out i will encrypt the id. Why is my $this->uri->segment(5) empty and how do I get it?
Most likely, if I understand you correctly, it is because the update function is a separate page than http://localhost/dashboard/staff/request/update_request_view/48. So CI doesn't see any of the previous url variables. You can either submit to update/{$id} (action url) or you can use a hidden field; it is no less safer than using an id in the url as that can be just as easily manipulated with a change to the form action.
That being said, if you are really concerned about security you should restrict access to particular users for a given record using some sort of ACL.
Related
I'm implementing a "Clone" button in my application, which should allow to perform the following:
create a copy of the chosen model;
redirect to the create view, whose form field should be populated with the cloned model's data;
allow the user edit some fields;
save the new model.
So far, my ModelController#clone method is:
$newModel = $existingModel->replicate();
$newModel->title = "Copy of ".$existingModel->title;
$newModel->created_at = now() // not sure if necessary, or if it'll be changed once the model is stored in the database
return redirect(route('models.create')); // I know this doesn't do what I need
As it is, obviously, nothing gets passed to the create view, but I can't find any clue on how to do that.
I have tried adding ->withInput(compact($newModel)) to the redirect() call, but I don't see the field being populated.
In the models.create view, I have set up the form field to use the old(...) data, if available.
This answer is almost what I need, but it would imply changing every field to check if there is some sort of input other than the old session data, like this:
<input [other attributes omitted] value="{{ $newModel['title'] ?? old('title') }}">
Is it the right way to do so, or is there a quicker/more standardized way of proceeding?
you could overriding the session old input data by:
Session::put('_old_input', $newModel);
and then just render the old() in form inputs
On the page, there will be several posts by a user. Each post has an id # to identify it which is used when editing or deleting the post. With blade, I can make it so that hidden ID div only shows up when the authenticated user is on their own profile (since only they are allowed to edit or delete the posts).
However, I also have a liking feature that also uses that hidden ID div. I don't want someone to view the page source, change the ID, then click the like button. Is there a way to include the ID in the view, but not allow it to be changed?
I could try do to some validation on each like such as match the user, body, time posted, and ID and if that doesn't match then throw an error. Curious if there's a better way.
View:
<div class="post-like">
Like
</div>
Controller:
The $postId is that hidden ID div
public function getLike($postId)
{
$post = Post::find($postId);
if (!$post) {
return redirect()->back();
}
if (Auth::user()->hasLikedPost($post)) {
return redirect()->back();
}
$like = $post->likes()->create([]);
Auth::user()->likes()->save($like);
return redirect()->back();
}
It's not wise expose users' ID like this, but if you really need it, Laravel provides a way to handle users' action authorization. It can be done using either policies or model scopes.
Alternatively, you can ignore those authorizations and use UUID instead ID.
There is a nice package that handles it for you. Basically you'll just need to add a new field to the users' table.
In my applications I use both of them.
If I understand your question correctly, here's one idea: you can hide the actual post ID by concatenating your ID with some server-side only "key" and hashing.
For example:
In your app.php you add something like "post_mask_key" => "super_secret_123456"
...and in your code, something like:
$maskedPostId = sha1(\Config::get("app.post_mask_key") . $postId);
Then, share $maskedPostId with your view, which will be embedded into the HTML. The user can try to change it but when it is submitted, you can re-generate the hash easily (since you know both the key and ID server side) and compare the two.
Note: this approach is cryptographically weak but should be sufficient for masking a non-critical item like a post ID.
I have footer view that's included on all my pages which contains a form. I would like to be able to make use of CI's form validation library to validate the form. Is that possible?
Currently the form posts back to the current page using the PHP_SELF environment variable. I don't want to get it to post to a controller because when validation fails it loads the controller name in the address bar, which is not the desired behaviour.
Any suggestions gratefully received.
Thanks,
Gaz
One way, whilst far from ideal, would be to create a "contact" function in every controller. This could be in the form of a library/helper.
CI doesn't natively let you call one controller from another, although I believe there are extensions that enable this.
Another option would be an AJAX call instead, which would allow you to post to a generic controller, validate etc whilst remaining on the current page.
In this use case, I would definitely go for an AJAX call to a generic controller. This allows you to show errors even before submitting in the origin page.
Another way (slightly more complex), involves posting your form data to a generic controller method, passing it a hidden input containing the current URL.
The generic controller method handling your form can then redirect to the page on which the user submitted the form, passing it the validation errors or a success message using flash session variables: $this->session->set_flashdata('errors',validation_errors()) might do the trick (untested)
The good thing about this is that you can use the generic form-handling method for both the ajax case (suppressing the redirect) and the non-ajax case
AJAX would be best, just like everyone else says.
I would redirect the form to one function in one controller, you could make a controller just for the form itself. Then have a hidden value with the return URL. As far as errors go you could send them back with flashdata.
Just remember to never copy paste code, it a bad practice and guarantees bugs.
//make sure you load the proper model
if ($this->form_validation->run() == FALSE){
// invalid
$redirect = $this->input->post('url');
$this->session->set_flashdata('errors',validation_errors());
redirect($redirect);
} else {
/*
success, do what you want here
*/
redirect('send them where ever');
}
I want to be able to read / write some variables to the current session in my Salesforce site pages.
I have a site built using Salesforce Sites, I need to store/retrieve some values across all the pages (consider that I am building something similar to a shopping cart).
However I cant find any good example on how to read and write variables to the session (anonymous user).
I am using Visualforce pages with several controllers built in Apex.
Regards
If you are building something like a shopping cart, or a "wizard" where you need to keep controller variables in context from one page view to another, then the best way to do this in VisualForce is to use the same controller.
When the user submits a form ( through actionFunctions, commandButtons, or commandLinks, etc.), and your controller returns a page Reference, the view state is preserved if the new visual force page uses the same controller.
In this way, you could, for example, have the user enter their name and email address using apex:inputField tags on page one. They navigate to page two, which uses the same controller as page one, and the page could reference the same controller variables. Essentially, the controller is still in scope, and so are all the variables that were updates.
Example:
Page one:
<apex:page controller="myController">
Please enter your name <apex:inputText value="{!shopper_name}"/>
<br/>
<apex:commandButton action="{!pageTwo}" value="Click for page two"/>
</apex:page>
Page two:
<apex:page controller="myController">
You entered: <apex:outputText value="{!shopper_name}" />.
</apex:page>
Controller:
public class myController {
public string shopper_name { get; set; }
public myController() {
shopper_name = null;
}
}
Custom settings are cached at the application level, maybe that's why it was suggested in the link above. I'm not sure if I'd recommend that approach, but you might be able to get it to work.
If you create a Custom Setting named "SessionData", and add your custom fields (that represent the data you want to store in session), you could save data to it like this:
Database.SaveResult result = Database.insert(new SessionData__c(YourFieldHere='Your value here etc'));
System.debug(result.getID());
Then use the resulting custom setting ID to store in a cookie. While custom settings can be accessed using normal SOQL, the advantage is that the data is cached and can be accessed like this:
if (SessionData__c.getAll().containsKey('unique ID from cookie here'))
{
System.debug(SessionData__c.getInstance('unique ID from cookie here').YourFieldHere);
}
Keep in mind that custom settings weren't really designed for this, so you'll need to periodically purge old custom settings data, as normal session management systems do.
See the Apex Custom Settings documentation for more details.
I think Visualforce View State might be useful to you:
Visualforce pages that contain a form component also contain an encrypted, hidden form field that encapsulates the view state of the page. This view state is automatically created, and as its name suggests, it holds the state of the page - state that includes the components, field values and controller state.
You should use Javascript cookies for this.
You could also use Apex cookies, but then you'd need to make sure that each request hits the server (and not the caching layer).
for Apex Cookie you can use following code:
//Setting Cookie
public void setCookie() {
Cookie userCookie = new Cookie('CookieName', fieldValueToBeStoredAsCookie, null, 315569260, false); //Here 315569260 represents cookie expiry date = 10 years. You can set this to what ever expiry date you want. Read apex docs for more details.
ApexPages.currentPage().setCookies(new Cookie[] {
userCookie
});
}
//Reading Cookie
Cookie cookie = ApexPages.currentPage().getCookies().get('CookieName');
if (cookie != null) {
String fieldValueToBeStoredAsCookie = cookie.getValue();
}
Not sure if this can be done but it seems my main issue is because i have a default route to a method called "index." I want to be able to list all users tagged with a specific keyword. In addition, users can search for other users based on these keywords.
i.e.
www.domain.com/tags/apples
www.domain.com/tags/oranges
www.domain.com/tags/blueberry
It works fine if I go to the URL manually. I'm having issues getting it to work with a form field.
Snippet of the form_open:
<?=form_open('tags/');?>
<p>Search for Tag: <input type="text" name="tag" /></p>
<p><input type="submit" value="Search" /></p>
Here's a snippet of my controller:
function index() {
$data['result'] = $this->tags_model->searchByTag($this->uri->segment(2));
$this->load->view('tags_view', $data);
}
Here's a snippet of my router:
$route['tags'] = "tags/index";
$route['tags/(:any)'] = "tags/index/$1";
Now, I can easily fix all this if I have a method called search, but I don't want the URL to show up as www.domain.com/tags/search/orange.
When you create your form you set it to use POST variables instead of GET, that way they don't go through the url, that's codeigniter's default method for forms.
So your form_open code will generate the following code:
<form method="post" action="tags/" />
If you want them to got through url though, call the form opener this way instead:
form_open('tags/', array('method' => 'get'));
The same applies to any other attributes you want to specify for the form, just follow the same pattern attribute_name => attribute_value inside the array.
More info on the user guide
The problem here is that your form will be submitting all it's data to "/tags", with nothing trailing it, as POST data doesn't come in as part of the URL. Even if it was a GET request however, I don't think that CodeIgniter will take anything out of the querystring and use it as part of the routing segments.
I think what you should do is have a small Javascript function that automatically updates the form action parameter to be tags/<select option value> whenever the select value is changed. This way it will submit to the right place. In order to handle non-javascript enabled browsers, you could have a default action called tags/search that would simply analyze your form data and put out a 301 redirect to the proper tags/<location> once you'd figured it out.
It seems like a bit of overkill here however, as you could really point the form at tags/index and not worry about it. I'm not sure search engines index form submission locations, and even if they did, they certainly wouldn't index a form that submits to dynamic URIs in the way that you want it to. You could still link to the search result pages using tags/apples, etc, but the form could work quite normally just by going to tags/index.
I ended up redirecting the URL and passed the keyword into the URI.
i.e. domain.com/tags/view/