Martin Muzatko

validate field using ___processField

Recommended Posts

Hello!

I'm trying to use the data I create in Processwire as much as possible.

So for a form, I try to use the fields description, name and also its built-in validation rules I defined in ProcessWire on the front-end. (minlength, ranges, patterns, etc)

I already looked into this tutorial, but it is using external resources to validate the form.

Since ProcessWire does all the heavy lifting, when processing data, I don't have to sanitize anything - ___processInput should do the job just fine.

However, it is not actually working correctly. 

$fields = $templates->get('user')->fields;
$submission = $input->post;
foreach ($submission as $key => $value) {
    $field = $fields->{$key};
    if ($field instanceof Field) {
        $field = $field->getInputfield($user);
        $field->___processInput(new WireInputData([$key => $value]));
        var_dump($field->getErrors(true)); // retrieve validation error
    }
}

This works for some constraints, but the values are not correctly validated.

Example: 

postman.thumb.jpg.f81575155a7d8cca2f22fe894089090a.jpg

All the fields are required and zip is an integer field.

Yet, I get no validation error for zip, although it was entered as a string, and not an integer. Funny enough: if I provide a number outside the range, I get "Specified value 2 removed because it is out of bounds (min=1000, max=99999)".
firstname will not return any error for being a required field.

From what I have looked through the source code, there is no check for "required". Some fields only validate on setAttribute. Am I missing anything or am I doomed to build my own validation process?

Thank you in advance!

Best,
Martin

Share this post


Link to post
Share on other sites

I've read a lot into this tutorial, which uses the built-in validation:

Thank you a lot for that @Soma!

Although, CSRF does not work correctly, so I read through this topic here: 

But I can't find a clue, why when ajax-posting to my form, this fails.

 

Share this post


Link to post
Share on other sites

@matjazp I'm not sure. I made it now work with the following:

 

$data = new WireInputData([
    'email' => $input->post->email,
    'username' => $input->post->username,
    'species' => $input->post->species,
    'firstname' => $input->post->firstname,
    'lastname' => $input->post->lastname,
    'password' => $input->post->password,
    'password_repeat' => $input->post->password_repeat,
    'email' => $input->post->email,
    'street' => $input->post->street,
    'zip' => $input->post->zip,
    'city' => $input->post->city,
    'country' => $input->post->country,
    'birthday' => $input->post->birthday
]);

$token = $session->CSRF->getTokenName();
$data->$token = $session->CSRF->getTokenValue();

$post = $input->post;
$post->setArray(array_merge($data->getArray(), $post->getArray()));

 

Share this post


Link to post
Share on other sites
3 hours ago, Martin Muzatko said:

$token = $session->CSRF->getTokenName(); 
$data->$token = $session->CSRF->getTokenValue();

 

You shouldn't use the actual token value you get from the session, you must use the value from the guest. The whole premise of CSRF (cross site request forgery) protection is to detect requests with invalid/missing tokens, so you know they're originated from a form on your site.

If you don't use the posted value (a field starting with TOKEN in $input->post and its value that is sent with the request) you're practically removing CSRF protection altogether.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By burning
      Hi all,
      Im currently building a photo sharing website and have a first version finished. Next step is to incorporate notifications in the website if a user likes one of your photo's, or comments on a photo you posted.
      Just like the notification bell at the top of the forums. Any idea how to approach this functionality?
      Thanks in advance.
    • By Eljeff
      Hello,
      I am testing Processwire.
      Usually, we can found many templates but, here, I an't found. Only existing sites.
      Nobody share template for free or not ?
      Thank you
    • By mcwhitey
      Hi,
      How can I display, on every page of my site, what roles can view that pages template, based on what is checked in settings>templates>template-name>ACCESS TAB?
      I've only gotten as far as displaying the name of the current template: echo $page->template->get('name'); But I'm stuck here. Tried things like $page->template->get('permissions'); but I guess it's a bit more complicated than that.
      Hope someone van point me in the right direction.
      Cheers.
    • By louisstephens
      I have been looking up everything I can to try to find what's going wrong with this. I have a very simple form (title and file field set to multiple) that will create a new page with the name and attachments. However, it appears that I am missing something crucial as only 1 item gets uploaded to the field. Here is my code:
      <?php $uploadpage = new Page(); $uploadpage->template = "dashboard"; $uploadpage->parent = $pages->get("/testing/"); $uploadpage->title = $sanitizer->text($input->post->new_title); $uploadpage->save(); $uploadpage->setOutputFormatting(false); $u = new WireUpload('test_upload'); $u->setMaxFiles(6); $u->setOverwrite(false); $u->setDestinationPath($uploadpage->test_upload->path()); $u->setValidExtensions(array('jpg', 'jpeg', 'gif', 'png', 'pdf')); foreach($u->execute() as $filename) { $uploadpage->test_upload->add($filename); } $uploadpage->save(); ?> I have the max files set to 6, and have a foreach loop to add the files, but it is only uploading one. Does anyone see where I might have gone astray?