bwakad Posted May 19, 2014 Share Posted May 19, 2014 Okay, here goes... I have a profile page for users who are logged in. On that page I present a form which hold 3 fields: profiel, contactnaam and contactemail. I have added those fields to the member template. Each user get created a member page upon registration and the member page name is same as username. Now, underneath I have code from creating a new page but I actually need to use the existing member page so that form submission is storing the fields on that member (user) page. Do I have to make use of user id, or user name? $p = new Page(); // delete this? or how to change? $p->of(false); // sets output formatting to false in order to change field values. $p->parent = $pages->get("/members"); $p->template = "member"; $p->profiel = $sanitizer->text($input->post->profiel); $p->contactnaam = $sanitizer->text($input->post->contactnaam); $p->contactemail = $sanitizer->email($input->post->contactemail); $p->save(); // save the page $p->of(true); Link to comment Share on other sites More sharing options...
Wanze Posted May 19, 2014 Share Posted May 19, 2014 Do you need to know if a member page already exists or is this always the case? If the member page already exists: $member_page = $pages->get("template=member,name={$user->name}"); if ($member_page->id) { $member_page->of(false); $member_page->profiel = $sanitizer->text($input->post->profiel); // .. $member_page->save(); // Better to a redirect here after saving stuff $session->redirect('./'); } else { // Member page not found... strange. How to handle this case? } Cheers Link to comment Share on other sites More sharing options...
Raymond Geerts Posted May 20, 2014 Share Posted May 20, 2014 I dont see any reference to $user in here $p = new Page(); // delete this? or how to change? $p->of(false); // sets output formatting to false in order to change field values. $p->parent = $pages->get("/members"); $p->template = "member"; $p->profiel = $sanitizer->text($input->post->profiel); $p->contactnaam = $sanitizer->text($input->post->contactnaam); $p->contactemail = $sanitizer->email($input->post->contactemail); $p->save(); // save the page $p->of(true); How do you know which user is posting these values? If you are not already doing this, its better to keep a reference to the $user by all times to prevent somebody to post and modify somebody else his profile. 1 Link to comment Share on other sites More sharing options...
bwakad Posted May 20, 2014 Author Share Posted May 20, 2014 The member (name) page already exist because as I said, it's created when they register. The profile page is accessible after they logged in and just to update or add something new to their member page. So, the current logged in user is posting to their own member page. I can't use: new Page() on the first line - maybe use something as $p = pages->get(/members/{$user}); Link to comment Share on other sites More sharing options...
Martijn Geerts Posted May 20, 2014 Share Posted May 20, 2014 (edited) Raymond has a good point. <qoute>How do you know which user is posting these values?</quote> 1. I log in (martijn)2. I go to the form3. change the the values from the form to: <input name='profiel' value='bwaked'> <input name='contactnaam' value='Malle Balle'>4. Press submit. The risk is that you are 'Malle Babbe' now. Look at the example of wanze $member_page = $pages->get("template=member,name={$user->name}"); He's using $user->name, this part can't be changed by the current user. Edited May 20, 2014 by Martijn Geerts Link to comment Share on other sites More sharing options...
bwakad Posted May 20, 2014 Author Share Posted May 20, 2014 Thanks Martijn (and others) Just to make it clear: The profile template (page) is just a holder for the form, and only visible to the current logged in user. 'profiel' is a text-area field on the form, and is now renamed to 'about'... (changed it today). the contactnaam is just a name as a contact person for a company, nothing more, nothing less, so no chance of messing things up there all fields have nothing to do with the core user template and content - I keep login / registration details seperate from normal content... But indeed, the example wanze gave is something I can try. Except for the if it exist part, since the page is created by default. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now