CodeIgniter Forums
Validation file input and text input - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Validation file input and text input (/thread-53056.html)

Pages: 1 2


Validation file input and text input - El Forum - 07-09-2012

[eluser]cyberjunkie[/eluser]
Has anyone successfully validated file and text inputs from a multipart form? I tried many solution but nothing seems to work. Please share you experience.

Code:
function create() //create new post
{          
    $this->form_validation->set_rules('content', 'Entry', 'trim|required|xss_clean');
    $this->form_validation->set_rules('category_id', 'Category', 'trim|required|xss_clean|integer');

    //Text input fields
    if ($this->form_validation->run() == FALSE)
    {
        $this->load->view('new_post');
    }      
    else
    {
            $config['upload_path'] = './uploads/posts/';
            $config['allowed_types'] = 'jpg|png';              
            $config['max_size'] = '800'; //in KB

            $this->load->library('upload', $config);

            //File Upload
            if (! $this->upload->do_upload())
            {
                $upload_error['upload_error'] = array('error' => $this->upload->display_errors());

                $this->load->view('my_view', $upload_error);

                return FALSE;
            }

             //Add to database
             $data = array (
               'user_id' => $this->tank_auth->get_user_id(),
               'category_id' => $this->input->post('category_id'),
               'content' => $this->input->post('content')
             );

             $this->Posts_model->create_post($data);

             $this->session->set_flashdata('success', 'Post_added!');
             redirect('posts');
    }      

}



Validation file input and text input - El Forum - 07-10-2012

[eluser]LuckyFella73[/eluser]
If you want to validate POST data and uploaded file you
use callbacks. Your code code look like that:
Code:
function create() //create new post
{          
$this->form_validation->set_rules('content', 'Entry', 'trim|required|xss_clean');
$this->form_validation->set_rules('category_id', 'Category', 'trim|required|xss_clean|integer');
$this->form_validation->set_rules('userfile', 'File', 'callback__do_upload');

//Text input fields
if ($this->form_validation->run() == FALSE)
{
  $this->load->view('new_post');
}      
else
{
  //Add to database
  $data = array (
  'user_id' => $this->tank_auth->get_user_id(),
  'category_id' => $this->input->post('category_id'),
  'content' => $this->input->post('content')
  // maybe save filename into DB too ?
);

$this->Posts_model->create_post($data);

$this->session->set_flashdata('success', 'Post_added!');
redirect('posts');
}      

}



// Form Validation - Callback function
function _do_upload()
{
$config['upload_path'] = './uploads/posts/';
$config['allowed_types'] = 'jpg|png';              
$config['max_size'] = '800'; //in KB

$this->load->library('upload', $config);

//File Upload
if (! $this->upload->do_upload())
{
  $this->form_validation->set_message('_do_upload', $this->upload->display_errors());
  return FALSE;
}
else
{
  return TRUE;
}
}

It's just a rough example but should show you how you do it basically.


Validation file input and text input - El Forum - 07-10-2012

[eluser]boltsabre[/eluser]
Sorry, a little off topic from your actual question, this isn't in regards to your actual code, but just a warning about file uploads in general.

If you didn't already know, they are VERY risky, and if not done correctly can leave some MASSIVE security holes in your application/website.

Make sure you do a google on "php file upload security", there are such things as redrawing images (highly suggested), the set up of you .htaccess file/s and folder structures, creating new random file names, handling code that's been inserted in image meta tags, handling the double extension hack (ie, myimage.php.jpg) and many other things.

It's a lot of extra work, but you'll be sorry you didn't if someone deletes your entire website from the server (very easy and possible to do), steals your usernames and passwords, or something else malicious.


Validation file input and text input - El Forum - 07-10-2012

[eluser]cyberjunkie[/eluser]
@boltsabre, thanks for the warning! I thought that the Codeignter upload library handled all the security issues.

@LuckyFella73, a callback is a brilliant idea! Thanks, I'll try to implement that.


Validation file input and text input - El Forum - 07-10-2012

[eluser]JuanitoDelCielo[/eluser]
if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload('image') )
{}else{}



Validation file input and text input - El Forum - 07-11-2012

[eluser]LuckyFella73[/eluser]
Quote:if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload(‘image’) )
{}else{}

Though that would work as well one advantage of using callback functions
when validating a form is that you can easily set appropiate error messages
using the build-in functionality (form_validation class).

Code:
$this->form_validation->set_message('_name_callback_function', $this->upload->display_errors());
// or custom message:
$this->form_validation->set_message('_name_callback_function', 'Something went wrong with you selected file');



Validation file input and text input - El Forum - 07-11-2012

[eluser]JuanitoDelCielo[/eluser]
[quote author="LuckyFella73" date="1341996244"]
Quote:if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload(‘image’) )
{}else{}

Though that would work as well one advantage of using callback functions
when validating a form is that you can easily set appropiate error messages
using the build-in functionality (form_validation class).

Code:
$this->form_validation->set_message('_name_callback_function', $this->upload->display_errors());
// or custom message:
$this->form_validation->set_message('_name_callback_function', 'Something went wrong with you selected file');
[/quote]

True & Sweet, I love your solution! I'll use it from now!


Validation file input and text input - El Forum - 07-11-2012

[eluser]cyberjunkie[/eluser]
@LuckyFella73, have you tested the validation? I have and it doesn't seem to work work. Validation uses $_POST not $_FILE. I think a workaround is hard to implement than just using the file validation.


Validation file input and text input - El Forum - 07-11-2012

[eluser]CroNiX[/eluser]
You can access $_FILE directly from within a callback rule, and perform the entire upload validation there as well...


Validation file input and text input - El Forum - 07-11-2012

[eluser]cyberjunkie[/eluser]
for some reason it's not displaying form errors...

Code:
function _do_upload()
{
  $username = $this->tank_auth->get_username();
  
  $config['upload_path'] = './uploads/avatars/';
  $config['allowed_types'] = 'jpg|png';
  $config['file_name'] = $username . '_avatar';
  $config['overwrite'] = TRUE; //overwrite user avatar
  $config['max_size'] = '800'; //in KB

  $this->load->library('upload', $config);

  if (! $this->upload->do_upload())
  {
   $this->form_validation->set_message('_do_upload', $this->upload->display_errors());
   return FALSE;
  }
return TRUE
}

function

Code:
function upload_avatar()
{
  $this->form_validation->set_rules('userfile', 'File', 'callback__do_upload');

  if ($this->form_validation->run() == FALSE)
  {
   //load view
   $this->template->build('member/settings/upload_avatar');
  
  }
  else
  {
   //Add image path to database
                        $avatar = $this->upload->file_name; //out of scope
   $user_id = $this->tank_auth->get_user_id();
   $this->Settings_model->update_avatar($avatar, $user_id);
   $this->session->set_flashdata('success', 'Profile image uploaded!');
  
   redirect('/settings/crop_avatar');
  }
  
  
    }