• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
double form in a function

#3
[eluser]Rhaziel[/eluser]
That is absolutelly true. But if i make this in two controllers It will become easy for hacking. I do not want people accessing the edit_data part directly. How can i prevent them?

EDIT: I canged it a bit and now basically what i got here is two functions:

Code:
public function edit()
{

   $this->load->helper('form');
   $this->load->library('form_validation');
   $data['title'] = 'Bronie w Erpegi DUOS';
   $data['type'] = 'weapons';
   $data['type_pl'] = 'bron';
   $this->form_validation->set_rules('edit_object', 'Nazwa', 'required');
  if ($this->form_validation->run() === FALSE)
  {
   $data['edit_list'] = $this->db_functions_model->get_list($data['type']);
   $this->load->view('templates_views/header', $data);
   $this->load->view('templates_views/panel');
   $this->load->view('kompendium_views/edit', $data);
   $this->load->view('templates_views/footer');
  }
  else
  {
   $edited_object_name = $this->input->post('edit_object');
   redirect('weapons/edit_data');
  }

Code:
public function edit_data()
  {
   echo $edited_object_name;
   $data['title'] = 'zmien bron w Erpegi DUOS';
   $this->load->helper('form');
   $this->load->library('form_validation');
   $data['type'] = 'weapons';
   $data['type_pl'] = 'bron';
   $this->form_validation->set_rules('new_description', 'nowy opis', 'required');
   if ($this->form_validation->run() === FALSE)
   {
   $data['entry_description'] = $this->db_functions_model->get_entry_data($data['type'],$edited_object_name);
   $this->load->view('templates_views/header', $data);
   $this->load->view('templates_views/panel');
   $this->load->view('kompendium_views/edit_data', $data);
   $this->load->view('templates_views/footer');
   }
   else
   {
   $this->db_functions_model->set_entry_data($data['type'],$edited_object_name);
   redirect('weapons/');
   }
  
  }

now you see I do not call the edit_data() function instead I make a redirect. This is because for some reason if i call a function the URL stays the same (that is 'weapons/edit') and this is causing the problems.
But if i change the url to 'weapons/edit_data' then it all works perfectly.
But there are two problems with this:
- I cannot pass the variable from edit() which contains the name of object i want to edit
- Users have direct access to edit_data() which is probably a security flaw.
THIS IS MADNESS!
why this cant be easy?
I want to call a func, and it should change the URL!


Messages In This Thread
double form in a function - by El Forum - 07-13-2012, 03:00 PM
double form in a function - by El Forum - 07-13-2012, 03:47 PM
double form in a function - by El Forum - 07-14-2012, 01:21 AM
double form in a function - by El Forum - 07-15-2012, 01:16 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.