Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Validation file input and text input
Validation file input and text input
  • El Forum
    Guest
  •  
#1
07-09-2012, 11:17 AM

[eluser]cyberjunkie[/eluser]
Has anyone successfully validated file and text inputs from a multipart form? I tried many solution but nothing seems to work. Please share you experience.

Code:
function create() //create new post
{          
    $this->form_validation->set_rules('content', 'Entry', 'trim|required|xss_clean');
    $this->form_validation->set_rules('category_id', 'Category', 'trim|required|xss_clean|integer');

    //Text input fields
    if ($this->form_validation->run() == FALSE)
    {
        $this->load->view('new_post');
    }      
    else
    {
            $config['upload_path'] = './uploads/posts/';
            $config['allowed_types'] = 'jpg|png';              
            $config['max_size'] = '800'; //in KB

            $this->load->library('upload', $config);

            //File Upload
            if (! $this->upload->do_upload())
            {
                $upload_error['upload_error'] = array('error' => $this->upload->display_errors());

                $this->load->view('my_view', $upload_error);

                return FALSE;
            }

             //Add to database
             $data = array (
               'user_id' => $this->tank_auth->get_user_id(),
               'category_id' => $this->input->post('category_id'),
               'content' => $this->input->post('content')
             );

             $this->Posts_model->create_post($data);

             $this->session->set_flashdata('success', 'Post_added!');
             redirect('posts');
    }      

}
  • El Forum
    Guest
  •  
#2
07-10-2012, 01:23 AM

[eluser]LuckyFella73[/eluser]
If you want to validate POST data and uploaded file you
use callbacks. Your code code look like that:
Code:
function create() //create new post
{          
$this->form_validation->set_rules('content', 'Entry', 'trim|required|xss_clean');
$this->form_validation->set_rules('category_id', 'Category', 'trim|required|xss_clean|integer');
$this->form_validation->set_rules('userfile', 'File', 'callback__do_upload');

//Text input fields
if ($this->form_validation->run() == FALSE)
{
  $this->load->view('new_post');
}      
else
{
  //Add to database
  $data = array (
  'user_id' => $this->tank_auth->get_user_id(),
  'category_id' => $this->input->post('category_id'),
  'content' => $this->input->post('content')
  // maybe save filename into DB too ?
);

$this->Posts_model->create_post($data);

$this->session->set_flashdata('success', 'Post_added!');
redirect('posts');
}      

}



// Form Validation - Callback function
function _do_upload()
{
$config['upload_path'] = './uploads/posts/';
$config['allowed_types'] = 'jpg|png';              
$config['max_size'] = '800'; //in KB

$this->load->library('upload', $config);

//File Upload
if (! $this->upload->do_upload())
{
  $this->form_validation->set_message('_do_upload', $this->upload->display_errors());
  return FALSE;
}
else
{
  return TRUE;
}
}

It's just a rough example but should show you how you do it basically.
  • El Forum
    Guest
  •  
#3
07-10-2012, 02:11 AM

[eluser]boltsabre[/eluser]
Sorry, a little off topic from your actual question, this isn't in regards to your actual code, but just a warning about file uploads in general.

If you didn't already know, they are VERY risky, and if not done correctly can leave some MASSIVE security holes in your application/website.

Make sure you do a google on "php file upload security", there are such things as redrawing images (highly suggested), the set up of you .htaccess file/s and folder structures, creating new random file names, handling code that's been inserted in image meta tags, handling the double extension hack (ie, myimage.php.jpg) and many other things.

It's a lot of extra work, but you'll be sorry you didn't if someone deletes your entire website from the server (very easy and possible to do), steals your usernames and passwords, or something else malicious.
  • El Forum
    Guest
  •  
#4
07-10-2012, 12:03 PM

[eluser]cyberjunkie[/eluser]
@boltsabre, thanks for the warning! I thought that the Codeignter upload library handled all the security issues.

@luckyfella73, a callback is a brilliant idea! Thanks, I'll try to implement that.
  • El Forum
    Guest
  •  
#5
07-10-2012, 12:22 PM

[eluser]JuanitoDelCielo[/eluser]
if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload('image') )
{}else{}
  • El Forum
    Guest
  •  
#6
07-11-2012, 01:44 AM

[eluser]LuckyFella73[/eluser]
Quote:if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload(‘image’) )
{}else{}

Though that would work as well one advantage of using callback functions
when validating a form is that you can easily set appropiate error messages
using the build-in functionality (form_validation class).

Code:
$this->form_validation->set_message('_name_callback_function', $this->upload->display_errors());
// or custom message:
$this->form_validation->set_message('_name_callback_function', 'Something went wrong with you selected file');
  • El Forum
    Guest
  •  
#7
07-11-2012, 11:05 AM

[eluser]JuanitoDelCielo[/eluser]
[quote author="LuckyFella73" date="1341996244"]
Quote:if ($this->form_validation->run() == FALSE or ! $this->upload->do_upload(‘image’) )
{}else{}

Though that would work as well one advantage of using callback functions
when validating a form is that you can easily set appropiate error messages
using the build-in functionality (form_validation class).

Code:
$this->form_validation->set_message('_name_callback_function', $this->upload->display_errors());
// or custom message:
$this->form_validation->set_message('_name_callback_function', 'Something went wrong with you selected file');
[/quote]

True & Sweet, I love your solution! I'll use it from now!
  • El Forum
    Guest
  •  
#8
07-11-2012, 02:29 PM

[eluser]cyberjunkie[/eluser]
@luckyfella73, have you tested the validation? I have and it doesn't seem to work work. Validation uses $_POST not $_FILE. I think a workaround is hard to implement than just using the file validation.
  • El Forum
    Guest
  •  
#9
07-11-2012, 02:53 PM

[eluser]CroNiX[/eluser]
You can access $_FILE directly from within a callback rule, and perform the entire upload validation there as well...
  • El Forum
    Guest
  •  
#10
07-11-2012, 02:58 PM

[eluser]cyberjunkie[/eluser]
for some reason it's not displaying form errors...

Code:
function _do_upload()
{
  $username = $this->tank_auth->get_username();
  
  $config['upload_path'] = './uploads/avatars/';
  $config['allowed_types'] = 'jpg|png';
  $config['file_name'] = $username . '_avatar';
  $config['overwrite'] = TRUE; //overwrite user avatar
  $config['max_size'] = '800'; //in KB

  $this->load->library('upload', $config);

  if (! $this->upload->do_upload())
  {
   $this->form_validation->set_message('_do_upload', $this->upload->display_errors());
   return FALSE;
  }
return TRUE
}

function

Code:
function upload_avatar()
{
  $this->form_validation->set_rules('userfile', 'File', 'callback__do_upload');

  if ($this->form_validation->run() == FALSE)
  {
   //load view
   $this->template->build('member/settings/upload_avatar');
  
  }
  else
  {
   //Add image path to database
                        $avatar = $this->upload->file_name; //out of scope
   $user_id = $this->tank_auth->get_user_id();
   $this->Settings_model->update_avatar($avatar, $user_id);
   $this->session->set_flashdata('success', 'Profile image uploaded!');
  
   redirect('/settings/crop_avatar');
  }
  
  
    }




Theme © iAndrew 2016 - Forum software by © MyBB