Martin Muzatko

validate field using ___processField

Recommended Posts

Hello!

I'm trying to use the data I create in Processwire as much as possible.

So for a form, I try to use the fields description, name and also its built-in validation rules I defined in ProcessWire on the front-end. (minlength, ranges, patterns, etc)

I already looked into this tutorial, but it is using external resources to validate the form.

Since ProcessWire does all the heavy lifting, when processing data, I don't have to sanitize anything - ___processInput should do the job just fine.

However, it is not actually working correctly. 

$fields = $templates->get('user')->fields;
$submission = $input->post;
foreach ($submission as $key => $value) {
    $field = $fields->{$key};
    if ($field instanceof Field) {
        $field = $field->getInputfield($user);
        $field->___processInput(new WireInputData([$key => $value]));
        var_dump($field->getErrors(true)); // retrieve validation error
    }
}

This works for some constraints, but the values are not correctly validated.

Example: 

postman.thumb.jpg.f81575155a7d8cca2f22fe894089090a.jpg

All the fields are required and zip is an integer field.

Yet, I get no validation error for zip, although it was entered as a string, and not an integer. Funny enough: if I provide a number outside the range, I get "Specified value 2 removed because it is out of bounds (min=1000, max=99999)".
firstname will not return any error for being a required field.

From what I have looked through the source code, there is no check for "required". Some fields only validate on setAttribute. Am I missing anything or am I doomed to build my own validation process?

Thank you in advance!

Best,
Martin

Share this post


Link to post
Share on other sites

I've read a lot into this tutorial, which uses the built-in validation:

Thank you a lot for that @Soma!

Although, CSRF does not work correctly, so I read through this topic here: 

But I can't find a clue, why when ajax-posting to my form, this fails.

 

Share this post


Link to post
Share on other sites

@matjazp I'm not sure. I made it now work with the following:

 

$data = new WireInputData([
    'email' => $input->post->email,
    'username' => $input->post->username,
    'species' => $input->post->species,
    'firstname' => $input->post->firstname,
    'lastname' => $input->post->lastname,
    'password' => $input->post->password,
    'password_repeat' => $input->post->password_repeat,
    'email' => $input->post->email,
    'street' => $input->post->street,
    'zip' => $input->post->zip,
    'city' => $input->post->city,
    'country' => $input->post->country,
    'birthday' => $input->post->birthday
]);

$token = $session->CSRF->getTokenName();
$data->$token = $session->CSRF->getTokenValue();

$post = $input->post;
$post->setArray(array_merge($data->getArray(), $post->getArray()));

 

Share this post


Link to post
Share on other sites
3 hours ago, Martin Muzatko said:

$token = $session->CSRF->getTokenName(); 
$data->$token = $session->CSRF->getTokenValue();

 

You shouldn't use the actual token value you get from the session, you must use the value from the guest. The whole premise of CSRF (cross site request forgery) protection is to detect requests with invalid/missing tokens, so you know they're originated from a form on your site.

If you don't use the posted value (a field starting with TOKEN in $input->post and its value that is sent with the request) you're practically removing CSRF protection altogether.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By louisstephens
      I have been using the wiresmtpmail module in a few installs for sending out automated emails etc etc, and it works flawlessly. However, I now need to send an email when a user submits a form, and for the life of me I can not figure out how to get the form to submit.
      if(isset($_POST['Submit'])) { $mail = wireMail(); // calling an empty wireMail() returns a wireMail object $toName = $sanitizer->text($input->post->fullname); $toEmail = $sanitizer->email($input->post->email); $phone = $sanitizer->text($input->post->phone); $comments = $sanitizer->text($input->post->comments); $subject = $page->store_name . $page->title; $numSent = wireMail($toName, '', $subject, $textBody, $options); } If I remove the if statement, the form submits just fine, however you can just refresh the page (without adding anything to the fields), and it will submit a blank email every refresh. Has anyone gotten this working with a submit button?
    • By modifiedcontent
      I have one central website, with membership registration and content etc., and then several related websites with their own URL/domains, each on Processwire, all on the same server.
      I would like to access the database of the central website from the sister websites. How would I do that?
      You can't bootstrap one PW installation into another. You can include template parts from one in the other by just using the server path, but whatever you try to get/post just comes/goes to the database of the site you are on.
      Could you switch databases by including the config.php from another PW installation somewhere?
      What is the correct, secure way to do this?
    • By celfred
      Hello,
      I have a feeling I'm missing an easy thing here (again...). If I trash a page from API with :
      mypage->trash()
      Is there a simple way to restore it if needed ? I can do it in back-end, but I'd like to do it through API with something like
      mypage->restore()
       but this doesn't exit  
      So if you can give me a little help on that, I'd appreciate. Thanks in advance !
    • By theo
      Here is my first processwire module (beta).
      https://github.com/theo222/ImagePickerField
      A lot of "first times". First time Github, Markdown and of course PW Modules.
      So be gentle please.
      I hope it works.

    • By jrtderonde
      Hey,
      I'm working around a module that adds pages in my ProcessWire installation. The pages are added based on a JSON array that will be imported through a page save. Everything works fine except for when the pages are added. I get the following error
      Integrity constraint violation: 1062 Duplicate entry '3e215ecd6774fd99c2b0eb5cadf36a07-1269' for key 'name_parent_id' I'm using the following code/loop to generate the pages.
      // Loop through the files foreach ($p->importFile as $file) { // Set the file location $name = $file->data["basename"]; $path = $p->importFile->path; $location = $path . $name; // Get the file $json = file_get_contents($location); $json = json_decode($json); // Loop through the rows of the import foreach ($json->ttEntityDelAddrLink as $client) { // Create new page $new = new Page(); // Create unique hash $unique = md5(date("Y-m-d H:i:s") . "-" . $client->CustomerCode); // Set some variables for the new page $new->setOutputFormatting(false); $new->template = "_client"; $new->parent = $p; // Create hash $new->title = $client->DelAddressName; $new->name = $unique; // Page specific fields $new->company = $client->DelAddressName; $new->companyId = $client->CustomerCode; $new->city = $client->DelAddressCity; $new->address = $client->DelAddressStreet; $new->postcode = $client->DelAddressZipCode; $new->country = $countries[$client->DelAddressCountryCode]; // Save the page $new->save(); } // Exit for debugging exit; }
      Does anybody know what's wrong?