[eluser]gullah[/eluser]
Thanks for the replies but I'm afraid Michael what you were suggesting is what I'm trying to avoid. I had the form action set like that and it is possible to change that. I left the action with the id in it but I added security in the function, here is what I did.
let me know if you see any problems with it.
Code:
function lyrics()
{
//check if user is logged in to add/submit lyrics
$this->freakauth_light->check();
//load form_validation class
$this->load->library('form_validation');
//get the action and the songId from the URI
$action = $this->uri->segment(3);
$songId = $this->uri->segment(4);
//run the query to get album, artist, and song information
$this->db->join('albums', 'albums.album_id = songs.album_id');
$this->db->join('artists', 'artists.artist_id = songs.artist_id');
$this->db->where('song_id', $songId);
$query = $this->db->get('songs');
//if the song exists do this
if($query->num_rows() > 0)
{
//get this information ready to go to the view
$row = $query->row();
$data['artist'] = $row->artist;
$data['album'] = $row->album;
$data['song'] = $row->song;
$data['songId'] = $row->song_id;
//if there has been a post we will go in here
if(isset($_POST['Lyrics']))
{
//set the rules for lyrics
$this->form_validation->set_rules('Lyrics', 'Lyrics', 'trim|required|xss_clean|alpha_dash|min_length[30]');
//run the validation
if($this->form_validation->run() == FALSE)
{
//validation failed
$data['title'] = 'Error in your submission';
$this->template->load('template_main', 'songs/lyrics', $data);
} else {
//validation passed
$ok = false;
//check to see if this song already exists in the lyrics table
$this->db->where('song_id', $data['songId']);
$lyricsQuery = $this->db->get('lyrics');
//if it doesn't set ok to true
if($lyricsQuery->num_rows() == 0)
{
$ok = true;
}
//if it does make sure verified is not set to 1 --this here prevents users from altering form to populate another 'visible' song
$lyricsRow = $lyricsQuery->row();
if($ok == true || $lyricsRow->lyrics_verified == -1)
{
//change the lyrics \n\r to <br />'s
$this->load->library('lyrics');
$cleanLyrics = $this->lyrics->addBreaks($this->input->post('Lyrics'));
//load the submit model
$this->load->model('submitmodel');
$created_by = $this->db_session->userdata('user_name');
$this->submitmodel->submitLyrics($cleanLyrics, $data['songId'], $created_by);
//set the flash to let them know we will review it
$this->db_session->set_flashdata('flashMessage', 'Thank you for your submission. The lyrics will be reviewed in the next 24 hours');
redirect('songs/view/' . $data['artist'] . '/' . $data['album'] . '/' . $data['song']);
} else {
//if they end up here we know they changed the form
$data['error'] = 'You really had to try to get here, therefore you IP, username, and e-mail have all been logged';
$this->template->load('template_main', '404', $data);
}
}
} else {
//if there is no post data it will display the form
$action = $this->uri->segment(3);
$song = $this->uri->segment(4);
if($action == 'add')
{
$data['title'] = 'Add Lyrics';
$this->template->load('template_main', 'songs/lyrics', $data);
}
}
} else {
//if the song doesn't exist send them to a 404 page
$data['error'] = 'Song does not exist';
$this->template->load('template_main', '404', $data);
}
$this->output->enable_profiler(TRUE);
}
