CodeIgniter Forums
Stop form validation callbacks from being accessible through the url - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Stop form validation callbacks from being accessible through the url (/showthread.php?tid=31259)



Stop form validation callbacks from being accessible through the url - El Forum - 06-11-2010

[eluser]Lyon[/eluser]
Hi,

I am not sure if this has been mentioned before (searching didn't bring anything up).

Code:
class Some_class extends Controller
{
    function index()
    {
        $this->load->library('form_validation');
        $this->form_validation->set_rules('username', 'Username', 'trim|required|callback_username_check');

        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('login_view');
        }
        else
        {
            //Process login
        }
    }

    function username_check($username)
    {
        //Check to see if username is in the database
    }
}

As this code stands http://example.com/index.php/username_check will call the username_check function, and http://example.com/index.php/username_check/some_name will call the function with some_name as the $username parameter.

You cannot make the function private as then the form_validation library will not be able to access it.

A way to stop people from being able to access your callback functions like this you can precede them with an underscore :
e.g. function _username_check($username)
This means renaming any refrences to the function as well as registering the callback in the validation as :
callback__username_check (note the double underscore after callback)

Even by using http://example.com/index.php/_username_check your function will not be called.

Sorry if this is mentioned elsewhere but I came across this problem today and couldn't find any information regarding it.

Maybe a little note on the form_validation user guide page is in order as us newbies manage to do all kinds of stupid things without realising the problems they can cause :-P

Also if there is another way of hiding public functions from the browser I would be happy to hear it.
I have tried searching for information on it but it seems I must be using the wrong keywords lol.


Stop form validation callbacks from being accessible through the url - El Forum - 06-11-2010

[eluser]Twisted1919[/eluser]
Code:
private function _username_check($username='')
{
return ;
}

$this->form_validation->set_rules('username', 'Username', 'trim|required|callback__username_check');

Easy huh ?