CodeIgniter add URI Segments - codeigniter

I have created a login form with CodeIgniter. To test the form, I submit incorrect data, I get the correct information back and the form is redisplayed. If I correct the errors and resubmit the uri segment is appended to the URL.
So I call the app with localhost/myapp, the login form is displayed. On submission the url change to localhost/myapp/controller/authenticate. When submitting again the URL change to localhost/myapp/controller/authenticate/controller/authenticate
What is the problem here?
View
<form action="<?php echo base_url();?>/welcome/authenticate" method="post" id="loginfrm">
<input type="text" name="username" /><?php echo form_error('username', '<div class="error">', '</div>'); ?><br />
<input type="password" name="password" /><?php echo form_error('password', '<div class="error">', '</div>'); ?><br />
<input type="submit" value="Login" />
</form>
controller
public function index()
{
$this->load->view('welcome_message');
}
public function authenticate()
{
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('welcome_message');
}
else
{
echo $this->input->post('username') . " -->> " . $this->input->post('password');
}
}
}

Always use redirect in function where forms are processed this prevents the form re-submission in your case if everything works fine and your view is loaded when user tries to refresh the page he will be asked to resubmit the form. Redirect function changes the url in browser address bar so user will no longer be asked for form re-submission.

Related

Input type submit won't trigger when it's clicked

I have trouble with my code, I want to create an upload button to upload my .xlsx file, but it won't trigger even when I try to click it.
My view.php :
<form action="<?php echo base_url("index.php/fin/cost_control/workingcanvas/import"); ?>" method="post" id="import_form" enctype="multipart/form-data">
<p><label>Pilih File Excel</label>
<input type="file" name="file" id="file" required accept=".xls, .xlsx" /></p>
<br />
<input type="submit" id="import" name="import" value="Import" class="btn btn-info" />
</form>
My controller:
public function import(){
include APPPATH.'third_party/PHPExcel/PHPExcel.php';
$excelreader = new PHPExcel_Reader_Excel2007();
$loadexcel = $excelreader->load('excel/'.$this->filename.'.xlsx');
$sheet = $loadexcel->getActiveSheet()->toArray(null, true, true ,true);
$numrow = 1;
foreach($sheet as $row){
if($numrow > 1){
array_push($data, array(
'nis'=>$row['A'],
'nama'=>$row['B'],
'jenis_kelamin'=>$row['C'],
'alamat'=>$row['D'],
));
}
$numrow++;
}
$this->SiswaModel->insert_multiple($data);
redirect("Siswa");
}
and my model:
public function insert_multiple($data){
$this->db->insert_batch('siswa', $data);
}
I've tried with adding some part on autoload such as
$autoload['helper'] = array('url','form','file');
Any suggestions or advice? Thanks.
first load form helper in autoload file of codeigniter or load manually
$autoload['helper'] = array('url'); // autoload
$this->load->helper->('form'); // manually loading form helper
you better use this
$attributes = array('enctype' => 'multipart/form-data');
echo form_open('index.php/fin/cost_control/workingcanvas/import', $attributes);
<your upload form code>
<?php echo form_close(); ?>
instead of tags
more info: https://codeigniter.com/user_guide/helpers/form_helper.html

How to fix AJAX modal form in Laravel 5.3

I've upgraded my app from Laravel 4.2 to Laravel 5.3. On an index page listing citations, I have an AJAX modal form to edit or view the login credentials for the citation. This was working fine in Laravel 4.2, but I cannot for the life of me get it to work in 5.3. After about 5 hours Googling and trying different things, I thought I would post it here so that someone way more experienced than me can point me in the right direction.
Here's the link on the index page:
<a style="cursor: pointer; " title= "Login Credentials" data-loopback="cit-pg-1" data-citationid="1079" class="getCitationdetails"><span class="glyphicon glyphicon-lock " title="Login Credentials"></span></a>
And here's the JavaScript:
<script type="text/javascript">
$(document).on('click','.getCitationdetails',function(){
var citationid = $(this).data('citationid');
var loopback = $(this).data('loopback');
$.ajax({
url : '/citation-password',
type:'post',
data : {citationid :citationid, loopback :loopback},
success:function(resp){
$('#AppendLoginDetails').html(resp);
$('#LoginCredentialsModal').modal('show');
$('.loadingDiv').hide();
},
error:function(){
alert('Error');
}
})
})
Here's my route:
Route::match(['get', 'post'], '/citation-password', 'CitationsController#citationpassword');
And here's the Controller method that generates the form on get and saves the data on post:
public function citationpassword()
{
if (Request::ajax()) {
$data = Request::all();
if (!$data['citationid']) {
return redirect('/citations')
->with('flash-danger', 'Missing citation id for Login credentials form!!');
}
// Save loopback variable if we have it in order to return user to the page where they came from; default return location is citations
$loopback = 'citations';
if (array_key_exists("loopback", $data)) {
$loopback = $data['loopback'];
}
$getcitationdetails = Citation::where('id', $data['citationid'])->select('id', 'site_id', 'username', 'password', 'login_email', 'login_notes')->first();
$getcitationdetails = json_decode(json_encode($getcitationdetails), true);
$getsitedetails = Site::where('id', $getcitationdetails['site_id'])->select(
'id',
'directory_username',
'directory_password',
'security_questions',
'email_account',
'email_account_password',
'email_account_name',
'google_user',
'google_pwd',
'name_of_google_account'
)->first();
$getsitedetails = json_decode(json_encode($getsitedetails), true);
$response ="";
$response .= '<form action="'.url('/citation-password').'" method="post">
<div class="modal-body">';
if (!empty($getsitedetails['directory_username'])) {
$response .= '<div class="form-group">
<label for="recipient-name" class="col-form-label">Default login credentials for this site:</label>
<p>Username: '.$getsitedetails['directory_username'].'
<br />Password: '.$getsitedetails['directory_password'].'
<br />Email account: '.$getsitedetails['email_account'].'
<br />Email password: '.$getsitedetails['email_account_password'].'
<br />Name on email account: '.$getsitedetails['email_account_name'].'
<br />Default security questions: '.$getsitedetails['security_questions'].'</p>
<p>Gmail account: '.$getsitedetails['google_user'].'
<br />Gmail password: '.$getsitedetails['google_pwd'].'
<br />Name on Gmail account: '.$getsitedetails['name_of_google_account'].'</p>
</div>';
}
$response .= '
<input type="hidden" name="_token" value="'.csrf_token() .'" />
<input type="hidden" name="citation_id" value="'.$data['citationid'].'" />
<input type="hidden" name="loopback" value="'.$loopback.'" />
<div class="form-group">
<label for="recipient-name" class="col-form-label">Username:</label>
<input type="text" class="form-control" name="username" value="'.$getcitationdetails['username'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Password:</label>
<input type="text" class="form-control" name="password" value="'.$getcitationdetails['password'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Login email used:</label>
<input type="text" class="form-control" name="login_email" value="'.$getcitationdetails['login_email'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Login notes:</label>
<textarea class="form-control" style="height:130px;" name="login_notes">'.$getcitationdetails['login_notes'].'</textarea>
</div>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-success" id="success">Save</button>
<button type="button" class="btn btn-danger" data-dismiss="modal" aria-hidden="true">Cancel</button>
</div>
</form>';
return $response;
} else {
// The popup modal has posted back here; process the data
$data = Request::all();
// Handle & translate loopback; returning user to the page where they came from
$loopback = 'citations';
if ($data['loopback']) {
$loopback = $data['loopback'];
// Translate pages it came from
$trackLoopback = new trackLoopback();
$loopback = $trackLoopback->translate($loopback);
}
$updatecitation = Citation::find($data['citation_id']);
$updatecitation->username = $data['username'];
$updatecitation->password = $data['password'];
$updatecitation->save();
return redirect($loopback)
->with('flash-success', 'Login credentials have been updated successfully!');
}
}
In an effort to isolate the error, I even simplified the form in the controller like this:
public function citationpassword()
{
if (Request::ajax()) {
return '<p>This is the modal form!</p>';
} else {
// The popup modal has posted back here; process the data
$data = Request::all();
// Handle & translate loopback; returning user to the page where they came from
$loopback = 'citations';
if ($data['loopback']) {
$loopback = $data['loopback'];
// Translate pages it came from
$trackLoopback = new trackLoopback();
$loopback = $trackLoopback->translate($loopback);
}
$updatecitation = Citation::find($data['citation_id']);
$updatecitation->username = $data['username'];
$updatecitation->password = $data['password'];
$updatecitation->save();
return redirect($loopback)
->with('flash-success', 'Login credentials have been updated successfully!');
}
}
and also simplified the route to this:
Route::get('/citation-password', 'CitationsController#citationpassword');
but all I get when I click the link is a popup notice, "Error."
I'm not experienced with AJAX. How do I get the form to display in Laravel 5.3?
And/or, how can I change the JavaScript function so that it shows the actual error instead of the "Error" notice? (I tried a number of methods I found on StackOverflow to display errors but all of them resulted in NO error notice; just a blank page. And, I've not been successful at getting my Firefox debugger to show the errors either.)
Thanks!
The correct way to debug the JavaScript is to post the errors this way:
<script type="text/javascript">
$(document).on('click','.getCitationdetails',function(){
var citationid = $(this).data('citationid');
var loopback = $(this).data('loopback');
$.ajax({
url : '/citation-password',
type:'post',
data : {citationid :citationid, loopback :loopback},
success:function(resp){
$('#AppendLoginDetails').html(resp);
$('#LoginCredentialsModal').modal('show');
$('.loadingDiv').hide();
},
error: function(xhr, ajaxOptions, thrownError) {
alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
}
})
})
Once you do so, you will see that the error has to do with missing CsrfToken for the form. [The actual error message is from the Laravel framework: Illuminate\Session\TokenMismatchException: in file /home/reviewsites/moxy53/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php on line 6] Since both the get and post verbs use the same route, Laravel is requiring the CsrfToken before the form with the Csrf field gets generated.
It is possible (but NOT recommended!) to exclude this route from CSRF protection by editing App\Http\Middleware\VerifyCsrfToken.php with the following exception:
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'/citation-password',
];
However, a much better approach is to add the token. It is correct that since you are using a post method to send the data values to the controller, you cannot use the controller to generate the token field in the form. Hence, the solution is to take the html out of the controller and put it in the blade. These lines:
$response .= '<form action="'.url('/citation-password').'" method="post">
<div class="modal-body">';
...
</div>
</form>';
should not be in the $response generated by the controller, but should instead be in the modal div in the blade itself. THEN, you can add the CSRF field in the blade thus:
<form action="{{url('/citation-password')}}" method="post">
{{ csrf_field() }}
<div class="modal-body" id="AppendLoginDetails">
</div>
</form>

Codeigniter Radio button form validation?

I want to validate three radio button inputs using codeigniter form validation rule:
HTML Page
<form action="<?php echo base_url('register')" ?> method="POST">
<input type="radio" name="cars" value="BMW">
<input type="radio" name="cars" value="Ferrari">
<input type="radio" name="cars" value="Jaguar">
<input type="submit" name="submitter">
</form>
Controller
public function register()
{
$this->form_validation->set_rules('cars', 'Cars', 'required');
if($this->form_validation->run() == TRUE)
{
i know what to do here
}
else
{
i know what to do here
}
}
How to do form validation in codeigniter for radio button in my case ?
Load library for form validation and other helpers in application/config/autoload.php
$autoload['libraries'] = array('form_validation');
$autoload['helper'] = array('form', 'url');
In your controller
public function register()
{
$this->form_validation->set_rules('cars', 'Cars', 'required');
if($this->form_validation->run() == TRUE)
{
echo "success";
}
else
{
$this->load->view('welcome_message');
}
}
In your view file use below code for printing validation errors
<?php echo validation_errors(); ?>
To show form error use form_error() function and to show all error use <?php echo validation_errors(); ?>
HTML PAGE
<form action="<?php echo base_url('register'); ?>" method="POST">
<?php echo form_error('cars'); ?>
<input type="radio" name="cars" value="BMW">
<input type="radio" name="cars" value="Ferrari">
<input type="radio" name="cars" value="Jaguar">
<input type="submit" name="submitter">
</form>
Controller
public function register(){
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('cars', 'Cars', 'required');
if($this->form_validation->run() == TRUE)
{
echo "i know what to do here"; //die;
}
else
{
echo "i know what to do here"; //die;
}
$this->load->view('welcome_message'); // your html view page
}
I think you are looking for in_list validation as an addition to required that has been mentioned by the others.
$this->form_validation->set_rules('cars', 'Cars', 'required|in_list[BMW,Ferrari,Jaguar]');
Also, as a self-reminder, since it took me 1 year to know about this.

Weird behaviour of CI after a redirect()

I have a strange bug during the password recovery process.
When a user loses his pwd, the app send an email with a token inside the recovery link ( http://localhost/reset-password/f38fd00aa975b28c70f54d948d20de40 for exemple ) This token is an unique key inside the user table.
In the routes.php, i have :
$route['reset-password/(:any)'] = "/user/reset_password_form/$1";// new password form
$route['reset-password'] = "/register/reset_password"; //simple email form
then, reset_password_form generates a form with the token as hidden input :
public function reset_password_form($hash = NULL) { //create form to change password, with user validation hash inside
$user_id = $this->user_model->get_id_by_confirmation_code(strip_tags($hash));
if (isset($user_id)) {
$this->data['validation_code'] = $hash;
$this->data['title'] = $this->lang->line('user_title_password_edit', FALSE);
$this->template->load('default', 'register/reset_password_form', $this->data);
}
else{
$this->session->set_flashdata('error', $this->lang->line('user_error_reset_password', FALSE));
redirect('reset-password');
}
the view:
<?php $attributes = array('class' => '');
echo form_open('user/edit_password', $attributes) ?>
<input type="hidden" id="validate" name="validate" value="<?=$validation_code?>">
<div class="form-group">
<input type="password" id="password" name="password" placeholder="Password" class="form-control" value="<?php echo set_value('password'); ?>">
</div>
<div class="form-group">
<input type="password" id="password_confirm" name="password_confirm" placeholder="Password confirmation" class="form-control">
</div>
<button type="submit" name="submit" class="btn btn-success">Change password</button>
</form>
Finally, the user/edit_password function changes the user password with a new one.
public function edit_password() { //get new password and change it
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[6]');
$this->form_validation->set_rules('password_confirm', 'Confirm Password', 'trim|required|matches[password]');
$this->form_validation->set_rules('validate', 'Validate', 'trim|alpha_numeric|required');
if ($this->form_validation->run() === false) {
//STRANGE BUG
$URL = '/reset-password/'.$this->input->post('validate');
$this->session->set_flashdata('error', validation_errors());
redirect($URL);
}
else {
//change pssword
}
}
The bug happen when the form validation fail : i'm suposed to be redirected to the previous form ( /reset-password/hash) with a flashdata error message, but the error message dont display.
Much more weird : even if i'm on the right form ( but without error message) if i decides to click on another menu item (for exemple /home) , it immediately displays the /reset-password form ( /register/reset_password in the routes) with the error message i was supposed to get previously.
As if the full php instruction was kept in stamp and launched after whatever action.
PS : as edit_password() and reset_password_form() are in the same controller, i could have used $this->reset_password_form($hash) instead of redirect() but it has exactly the same effect !
ps2: here is the register/reset_password:
public function reset_password() {
//display forgotten password form page
$this->data['title'] = 'Forgotten password';
$this->template->load('default', 'register/reset_password', $this->data);
}
you recovery link http://localhost/reset-password/f38fd00aa975b28c70f54d948d20de40 is not finding controller. CI is looking for your token number as controller

CodeIgniter POST variables

Anyone know why:
class Booking extends Controller {
function booking()
{
parent::Controller();
}
function send_instant_to_paypal()
{
print_r($_POST);
echo '<hr />';
print_r($this->input->post());
echo '<hr />';
$id_booking = $this->input->post('id_booking');
$title = $this->input->post('basket_description');
$cost = ($this->input->post('fee_per_min') * $this->input->post('amount'));
echo $id_booking;
echo $title
echo $cost
}
}
Will echo post variables in CI for $_POST
but NOT for $this->input->post();?
I've got
$this->input->post() in use and working on a search page elsewhere in the site... but on this page, it's not working..
here's my form...
<form id="add_funds" action="' . site_url('booking/send_instant_to_paypal') . '" method="post">
<input type="text" name="amount" id="amount" value="" />
<input type="hidden" name="id_booking" id="id_booking" value="0" />
<input type="hidden" name="basket_description" id="basket_description" value="Adding Credit" />
<input type="hidden" name="fee_per_min" id="fee_per_min" value="' . $fee_per_min . '" />
<input type="submit" value="Add to basket" />
</form>
It's mental ;-p
Anyone spot anything obviously stupid I'm missing?
You most likely have XSS or CSRF enabled and it will prohibit (guessing here) Paypal to get those details back to you.
This is typical of CodeIgniter, and there are some work arounds like excluding CSRF for certain controllers (via config or hook).
If you give some more details on where the POST is coming from I can answer a bit clearly.
edit
could be that you are calling $this->input->post() incorrectly? I know that CI2.1 added support for $this->input->post() to return the full array, but until this point you had to explicitly define the post variable you wanted ala:
$user = $this->input->post('username');
I resolved the issue with excluding CSRF protection for that particular method
you can add this code in application/config/config.php
if(stripos($_SERVER["REQUEST_URI"],'/Booking/send_instant_to_paypal') === FALSE)
{
$config['csrf_protection'] = TRUE;
}
else
{
$config['csrf_protection'] = FALSE;
}
The only thing I can think of right now is that you maybe did not load the form helper, but I'm not sure if it's being used for that.
you can do this in the /config/autoload.php
I for example have this:
$autoload['helper'] = array('url', 'form', 'html', 'site_helper', 'upload_helper');
you can also load it in your function itself as follow:
function send_instant_to_paypal()
{
$this->load->helper('form');
print_r($_POST);
echo '<hr />';
print_r($this->input->post());
echo '<hr />';
$id_booking = $this->input->post('id_booking');
$title = $this->input->post('basket_description');
$cost = ($this->input->post('fee_per_min') * $this->input->post('amount'));
echo $id_booking;
echo $title
echo $cost
}

Resources