Martin Muzatko

validate field using ___processField

5 posts in this topic

Hello!

I'm trying to use the data I create in Processwire as much as possible.

So for a form, I try to use the fields description, name and also its built-in validation rules I defined in ProcessWire on the front-end. (minlength, ranges, patterns, etc)

I already looked into this tutorial, but it is using external resources to validate the form.

Since ProcessWire does all the heavy lifting, when processing data, I don't have to sanitize anything - ___processInput should do the job just fine.

However, it is not actually working correctly. 

$fields = $templates->get('user')->fields;
$submission = $input->post;
foreach ($submission as $key => $value) {
    $field = $fields->{$key};
    if ($field instanceof Field) {
        $field = $field->getInputfield($user);
        $field->___processInput(new WireInputData([$key => $value]));
        var_dump($field->getErrors(true)); // retrieve validation error
    }
}

This works for some constraints, but the values are not correctly validated.

Example: 

postman.thumb.jpg.f81575155a7d8cca2f22fe894089090a.jpg

All the fields are required and zip is an integer field.

Yet, I get no validation error for zip, although it was entered as a string, and not an integer. Funny enough: if I provide a number outside the range, I get "Specified value 2 removed because it is out of bounds (min=1000, max=99999)".
firstname will not return any error for being a required field.

From what I have looked through the source code, there is no check for "required". Some fields only validate on setAttribute. Am I missing anything or am I doomed to build my own validation process?

Thank you in advance!

Best,
Martin

Share this post


Link to post
Share on other sites

I've read a lot into this tutorial, which uses the built-in validation:

Thank you a lot for that @Soma!

Although, CSRF does not work correctly, so I read through this topic here: 

But I can't find a clue, why when ajax-posting to my form, this fails.

 

Share this post


Link to post
Share on other sites

@matjazp I'm not sure. I made it now work with the following:

 

$data = new WireInputData([
    'email' => $input->post->email,
    'username' => $input->post->username,
    'species' => $input->post->species,
    'firstname' => $input->post->firstname,
    'lastname' => $input->post->lastname,
    'password' => $input->post->password,
    'password_repeat' => $input->post->password_repeat,
    'email' => $input->post->email,
    'street' => $input->post->street,
    'zip' => $input->post->zip,
    'city' => $input->post->city,
    'country' => $input->post->country,
    'birthday' => $input->post->birthday
]);

$token = $session->CSRF->getTokenName();
$data->$token = $session->CSRF->getTokenValue();

$post = $input->post;
$post->setArray(array_merge($data->getArray(), $post->getArray()));

 

Share this post


Link to post
Share on other sites
3 hours ago, Martin Muzatko said:

$token = $session->CSRF->getTokenName(); 
$data->$token = $session->CSRF->getTokenValue();

 

You shouldn't use the actual token value you get from the session, you must use the value from the guest. The whole premise of CSRF (cross site request forgery) protection is to detect requests with invalid/missing tokens, so you know they're originated from a form on your site.

If you don't use the posted value (a field starting with TOKEN in $input->post and its value that is sent with the request) you're practically removing CSRF protection altogether.

2 people like this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By beto
      I can't add a new value to a custom PageArray field  for my user.
       
      However, when I create a new user, I CAN add the new PageArray value:
       
      I need help. Thank you very much.
       
    • By kixe
      As described in this post (https://processwire.com/talk/topic/8551-custom-urls-for-pages/?p=82742) the option 'Name Format Children' under the tab 'Family' in template settings doesn't work properly and also not as expected. I had a look inside the code and made some changes which are working properly, which offers much more options, more consistency and less code too.

      The result is the following. You have 3 Options for generating name and title, which could be combined in endless variations.
      Name is always derived from title, same like creating pages manually.
      type date: if function detects # character anywhere in the string, conversion will be: deletion of # and string will be used as format parameter for PHP date() function type field: if string is a fieldname of the parent page the value of this field will be used type string: if string doesn't fit to the 2 preceeding it will be taken as it is All parts (separated by comma) will be composed in the order of setting. You can use unlimited numbers of parts

      I made a pull request on github: https://github.com/ryancramerdesign/ProcessWire/pull/831

      Example screenshots

      Setting ...


      will result in


       
    • By bmacnaughton
      I would like to be able to fetch the labels for fields in a language different than the current logged in user.
      For field values that's easy 
      // p is page, l is language, and f is field $p->getLanguageValue($l, $f); I'm looking for something like
      $fields->getLanguageValue('en', 'length'); The only solution I know of is to save the current user language, iterate through the languages by setting the user language and fetching the value, and then restore the user language.
       
    • By Xonox
      Hi,
      I need to add the original image dimensions (width x height) for the images inserted in the body field, in a few data-fields. Something like:
      <a href="/site/assets/files/1092/image-1.jpg"> <img alt="" src="/site/assets/files/1092/image-1.690x0-is.jpg" width="690" data-width="1500" data-height="1000 "> </a> Where data-width and data-height are the image-1.jpg dimensions.
      I tried to do this through a file, to control the field output:
      templates/fields/post/body.php But turns out the body comes already formatted from the DB, so I can't override the image display, unless I use some cumbersome str_replaces. Even with this solution, it's impossible to achieve the desired result.
      Is there any way I can do this through a ProcessWire process?
      I know it can be done through php, reading the file's header to extract the height and width and then do a str_replace on the body string to insert the desired code. However I'm curious if it can be done in any simpler and more effective way, without having to read the files from disk and do the replaces.
      Thanks,
    • By bmacnaughton
      Is there a way to tell if a field is a multi-language field?
      I am currently checking to see if the last 8 characters are 'Language' but that seems like a fragile solution.