CakePHP seems to redirect an invalid form back to the controller/action the form was sent from. But in my case, the form comes from controller/action/value and I need to validation redirect to go there.
I've tried adding redirects in my controller in the appropriate place to no avail. Any ideas?
You totally can do this. Just manually check the validation from the controller like this:
if ($this->ModelName->validates(array('fieldList' => array('field1', 'field2')))) {
// valid - do save here and continue
} else {
// invalid - do redirect here
}
You can read more here:
http://book.cakephp.org/1.3/view/1182/Validating-Data-from-the-Controller
Related
My controller posts a form to create a new page. After posting the form I need to redirect the user to the new page that will have the contents for that page that were entered in the previous form. If I simply do return view('mynewpageview', compact('mycontent')); where my mycontent is the object used to execute the $mycontent->save(); command, I carry the risk for someone refreshing the url thus posting the same content twice by creating a new page.
Instead I would like to redirect the user to the actual page url.
My route is
Route::get('/newpage/{id}', 'PageController#pagebyid'); and if I use return redirect()->route('/newpage/$pageid'); where $pageid = $mycontent->id; I get Route not defined error.
What would be the solution either to stop someone from resubmitting the content or a correct syntax for passing the parameter?
The correct answer that works for me is -
Give your route a name in the routes file
Then pass the parameters with an array as shown below in the controller.
return redirect()->route('newpageid', ['id' => $pageid]);
With basic (unnamed) routes, the correct syntax was return redirect('/newpage/'.$pageid);
You have already found out you can alternatively use named routes.
Last but not least, thanks for having considered the "double submit" issue! You have actually implemented the PRG pattern :)
Normally google is my best friend but this problem I can't figure out or even understand.
I have an action in my controller that I use for selecting which follow up action in my controller to use, based on user input (see image)
This redirect work like a charm, it's when the action I'm redirected to is finished as the problem arises. In my action I fetch some much needed data for the web site. When tha data is fetched the action are supposed to redirect to a generic action, that in turn will present my view. The "middleware" action redirect correctly and it also send the parameters but the "recieving action" don't handle or recieve the parameters.
I'm totally clueless here, is it not possible to redirect to an action that in turn redirect to another action or what is the problem?
The route specification looks a bit odd.
I think it should be possibly:
[HttpGet("Customer/Device/{id}")]
public IActionResult Device(string id, bool like)
{
}
Now the URL it tried to redirect you to should work. Id from URL, and the like parameter from query.
If you want both in URL:
[HttpGet("Customer/Device/{id}/{like}")]
public IActionResult Device(string id, bool like)
{
}
I'm working on a small project with CodeIgniter which handling some post data submitted from the admin form page.
I do transfer the post data to a method in my controller and send it to the database.
Its working all the time.
Im thinking, what if someone make an external form with the exact same inputs name and action attribute with mine in the admin page (I dont know how to figure the inputs name out but this is just my wonder), and try to post some data to the controller?
I try to use session but I wonder if there are any way to protect that kind of inject method?
you can try before your form_validator with
if( $_SERVER['HTTP_REFERER'] == base_url()){
//form validator
}
else{
$this->session->set_flashdata('warning', 'You try to enter from an external web without permission');
redirect(base_url(), 'refresh');
}
There are a couple of things you can do.
First, since this is an admin only page I assume you have some kind of login and user verification in place.
You can use session data to store the successful admin login.
//admin log in OK
$this->session->set_userdata('admin_logged_in', TRUE);
In the method that processes the form post, confirm the user is logged in
if($this->session->userdata('admin_logged_in') !== TRUE)
{
redirect('somewhere_else');
return; //here in case the redirect call doesn't work
}
Second, since you are 'posting' to this page confirm that is the method the server has received - it MUST be post. If you are using CI version => 3.0 the do this
if($this->input->method() !== 'post')
{
//somebody is trying to fool you
redirect('somewhere_else');
return; //here in case the redirect call doesn't work
}
If you are using an earlier version of CI (before 3.0.x) do this
if(strtolower($this->server('REQUEST_METHOD') !== 'post')
{
//somebody is trying to fool you
redirect('somewhere_else');
return; //here in case the redirect call doesn't work
}
You also might want to consider the case where the session info checks out but it was not a POST request. That is very suspicious to me and it might be wise to destroy the session before redirecting.
This question already has answers here:
CodeIgniter - How to get a list of all my controllers dynamically?
(2 answers)
Closed 7 years ago.
I have defined an encryption method for back reference of my login page in CodeIgniter. My encrypted string is a controller name which user was calling login function from that.
It's working fine but there is a security risk if I redirect to invalid decoded addresses before checking decoded strings is valid controller or not.
For example after a successful login to a link like http://example.com/login/sH-hs-eY-Tz it will redirect me back to http://example.com/home/ which home is decoded version of sH-hs-eY-Tz and everything is ok till now.
Now if a user try to login from some other url like http://example.com/login/gh-Yh-LJ-gh (s)he will be redirected to some url like http://example.com/decode(gh-Yh-LJ-gh)/ which is letting him/she to access my decryption method in url and showing a simple 404 page not found output. So this should be a security risk if I not check decoded string to be a valid controller name before applying a redirection to it.
So I only want a method to dynamically check if a string for example "Home" or "test" or "Welcome" is a controller name in my project or not? How can I handle this on a right way?
Any suggestions will be appreciated.
Just create a config element array in your config.php file.
Create an array in that file consisting of all the encoded string of your controllers. For Example
$config['encodedControllers'] => array(
"sH-hs-eY-Tz",
"iu-ss-et-az",
"sH-vs-eY-fz",
"gH-ns-bY-cz",
);
Then from where ever you want to check just call this array using
$controllersArray = $this->config->item('encodedControllers');
Get the uri segment from the URL using
$controllerName = $this->uri->segment(3); // NOTE the number inside segment() may differ according to your URL
Check if this $controllerName exists in $controllersArray using in_array(),
if(in_array($controllersArray,$controllerName )){
//Do the redirection
}
else{
//Do what ever you want to
}
Hope this helps
I have footer view that's included on all my pages which contains a form. I would like to be able to make use of CI's form validation library to validate the form. Is that possible?
Currently the form posts back to the current page using the PHP_SELF environment variable. I don't want to get it to post to a controller because when validation fails it loads the controller name in the address bar, which is not the desired behaviour.
Any suggestions gratefully received.
Thanks,
Gaz
One way, whilst far from ideal, would be to create a "contact" function in every controller. This could be in the form of a library/helper.
CI doesn't natively let you call one controller from another, although I believe there are extensions that enable this.
Another option would be an AJAX call instead, which would allow you to post to a generic controller, validate etc whilst remaining on the current page.
In this use case, I would definitely go for an AJAX call to a generic controller. This allows you to show errors even before submitting in the origin page.
Another way (slightly more complex), involves posting your form data to a generic controller method, passing it a hidden input containing the current URL.
The generic controller method handling your form can then redirect to the page on which the user submitted the form, passing it the validation errors or a success message using flash session variables: $this->session->set_flashdata('errors',validation_errors()) might do the trick (untested)
The good thing about this is that you can use the generic form-handling method for both the ajax case (suppressing the redirect) and the non-ajax case
AJAX would be best, just like everyone else says.
I would redirect the form to one function in one controller, you could make a controller just for the form itself. Then have a hidden value with the return URL. As far as errors go you could send them back with flashdata.
Just remember to never copy paste code, it a bad practice and guarantees bugs.
//make sure you load the proper model
if ($this->form_validation->run() == FALSE){
// invalid
$redirect = $this->input->post('url');
$this->session->set_flashdata('errors',validation_errors());
redirect($redirect);
} else {
/*
success, do what you want here
*/
redirect('send them where ever');
}