Martin Muzatko

validate field using ___processField

5 posts in this topic

Hello!

I'm trying to use the data I create in Processwire as much as possible.

So for a form, I try to use the fields description, name and also its built-in validation rules I defined in ProcessWire on the front-end. (minlength, ranges, patterns, etc)

I already looked into this tutorial, but it is using external resources to validate the form.

Since ProcessWire does all the heavy lifting, when processing data, I don't have to sanitize anything - ___processInput should do the job just fine.

However, it is not actually working correctly. 

$fields = $templates->get('user')->fields;
$submission = $input->post;
foreach ($submission as $key => $value) {
    $field = $fields->{$key};
    if ($field instanceof Field) {
        $field = $field->getInputfield($user);
        $field->___processInput(new WireInputData([$key => $value]));
        var_dump($field->getErrors(true)); // retrieve validation error
    }
}

This works for some constraints, but the values are not correctly validated.

Example: 

postman.thumb.jpg.f81575155a7d8cca2f22fe894089090a.jpg

All the fields are required and zip is an integer field.

Yet, I get no validation error for zip, although it was entered as a string, and not an integer. Funny enough: if I provide a number outside the range, I get "Specified value 2 removed because it is out of bounds (min=1000, max=99999)".
firstname will not return any error for being a required field.

From what I have looked through the source code, there is no check for "required". Some fields only validate on setAttribute. Am I missing anything or am I doomed to build my own validation process?

Thank you in advance!

Best,
Martin

Share this post


Link to post
Share on other sites

I've read a lot into this tutorial, which uses the built-in validation:

Thank you a lot for that @Soma!

Although, CSRF does not work correctly, so I read through this topic here: 

But I can't find a clue, why when ajax-posting to my form, this fails.

 

Share this post


Link to post
Share on other sites

@matjazp I'm not sure. I made it now work with the following:

 

$data = new WireInputData([
    'email' => $input->post->email,
    'username' => $input->post->username,
    'species' => $input->post->species,
    'firstname' => $input->post->firstname,
    'lastname' => $input->post->lastname,
    'password' => $input->post->password,
    'password_repeat' => $input->post->password_repeat,
    'email' => $input->post->email,
    'street' => $input->post->street,
    'zip' => $input->post->zip,
    'city' => $input->post->city,
    'country' => $input->post->country,
    'birthday' => $input->post->birthday
]);

$token = $session->CSRF->getTokenName();
$data->$token = $session->CSRF->getTokenValue();

$post = $input->post;
$post->setArray(array_merge($data->getArray(), $post->getArray()));

 

Share this post


Link to post
Share on other sites
3 hours ago, Martin Muzatko said:

$token = $session->CSRF->getTokenName(); 
$data->$token = $session->CSRF->getTokenValue();

 

You shouldn't use the actual token value you get from the session, you must use the value from the guest. The whole premise of CSRF (cross site request forgery) protection is to detect requests with invalid/missing tokens, so you know they're originated from a form on your site.

If you don't use the posted value (a field starting with TOKEN in $input->post and its value that is sent with the request) you're practically removing CSRF protection altogether.

2 people like this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By rocket
      Noob to Processwire. Trying to convert some older sites to Pwire. I am having trouble including a legacy form class into my templates:
      If I embed the php directly in the template, it works. But if I use include statements, the form object returns null.
      This works:
          use formbuild\Form;
          session_start();
          $form = new Form(init1, 'init2', ...');
          $form->param1 = ...;
          $form->param2 = ...;
          $form->param3 = ...;
       
          $form->render();
      -----------------------------------------------------------------------------------------
      This fails:
          include_once ($config->paths->templates."forms/form1.php");
          $form->render();
      ____________________________________________________________________
      My referencing is OK, no error message. The only code that cannot reside in the include file are the following lines:
          use formbuild\Form;
          $form = new Form(init1, 'init2', ...');
      My PhP is rusty, maybe that is the problem, but it could be something about Pwire, namespace maybe. I have tested it outside Pwire and no problems.
      Please advise. Thanks.
       
       
    • By pppws
      hey there,
      i'm using processwire for the first time, so maybe it's a dumb question. but i'm trying to have an options field which values are the users of the processwire. i don't need the values to be displayed, it's just for the administration of the page. but each time a new user is created / a user is deleted the options field should be updated automatically. is something like that possible?
    • By louisstephens
      So I have a bit of code for ad management :
      <?php $ads = $pages->find("parent.template=client, sort=expiration_date"); $alert_count = 0; foreach ($ads as $ad) { $todaysdate = date("F j, Y H:i"); $today = strtotime($todaysdate); $expireson = $ad->expiration_date; $expires = strtotime($expireson); $fiveaway = $expires - 432000; if ($today > $expires) { $alert = $alert_count=+1; echo $alert; } } //end FOREACH ?> It currently finds all the pages with a parent of "client" and then I can drill down to the pages that have "Expired" in my if statement. I wanted to get a "count" of the pages that met the if statement requirements so I could output that number in an alert at the top of the page. When it runs, it currently just prints out "1 1 1 1..." and not the total count of pages. Does anyone know of a way possibly achieving my desired output? I tried count(), but that did not quite produce my desired output.
       
      I should note that I have several other if statements dealing with the date/time for outputting other alerts as well (just didn't think they were needed for this case).
    • By Sipho
      Is there a module or plugin that is like a repeater but you can choose a template? I want something that let's me:
      choose a template to get fields from, display these fields like a repeater does add new pages without adding a title or name (this might be achievable using other means like ProcessSetupPageName)  delete pages I feel like somebody might have already made a module that does just this, however, I haven't found any. Perhaps there is a way of doing this with a standard repeater that I don't know about.
    • By Sipho
       

      I have an issue where I want different formats for creating one page. When you are creating a new page I want it to offer different types of fields from when you are editing it.
      For example, I have a field called countries which is a multiple page reference field. This is desirable as it is in a very easy to edit format. Currently, I am using selectize.js which makes it possible to search for the pages and add them in a tag fashion. This is how I want it to be when a page is already created. However, when creating a new page it is often easier to just paste a list of all the countries as text. This is because the data is coming from an old website where the countries are written like this:
      I can code something which converts this text into the multiple page reference fields but I am not sure how to go about it. At first I tried making another template which had fields that were in this “quick” format. Then I planned to make it such that when you add one of these quick pages it creates a page in the standard format and deletes itself. This has it’s own problems such as where to place the new page, what title and name to give it, whether to have just one quick page or multiple and when to delete it. It just didn’t seem right. 
      Another possibility would be to show special quick fields when creating a new standard page but hide them when the page is saved and show the standard fields. I am not to sure how to achieve this though. 
      Does anyone know a better way of going about this? I feel like this is a simple problem which already has an elegant solution.