Welcome Guest, Not a member yet? Register   Sign In
Beginner needs help with form
#1

[eluser]Glowfox[/eluser]
Hi there guys! I am a beginner to CodeIgniter but I have years experience with PHP. I am honestly completely confused. I purchase a user login system from CodeCanyon called Uzy. It uses CodeIgniter as a framework. I was hoping it would help make my current PHP website more secure than before, but it has honestly been the biggest headache trying to re-write all my old PHP scripts to work with CodeIgniter because I have zero CodeIgniter experience. I am almost ready to switch back to my old system and just leave it at that.

I have tried watching tutorials and reading up on it, but because I used this premade user login system, everything looks different in the tutorials. I just cannot seem to wrap my head around how to make it work, but I know it is probably some really stupid mistake I made somewhere.

My current problem is I have been working on this form for a week now and I cannot get in touch with the person who created the user login system to ask them for help. I wonder if anyone could help me with this because I have tried everything I can possibly think of. I believe the issue is with my model page, but I cannot find the error because of my lack of experience.

The form is supposed to just add new data to a section in the database called "pets". Instead it is putting all the form data into the URL of the website when I hit the submit button. I also have some Javascript which is supposed to check to see if the pet's registered name is already taken. It is supposed to check if "rname" is already matched in the database. Instead when I hit the button it does nothing.

My thoughts are after playing with it to try to fix it is the system is not connecting to the "pets" section of the database at all for some reason. It connects to the "users" section on the same database fine though.

Any suggestions or help someone could give me would be great at this point. I am clueless as to what to do. If anyone has some tutorials I could read also that would hopefully make sense to me, that would great.

Here is the controller page called adopt.php:

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Adopt extends CI_Controller
{

public function __construct()
{
  parent::__construct();
  $this->load->model("adopt_model");
  $this->load->model("ip_model");
  if (!$this->user->loggedin) {
   $this->template->error(
    lang("error_1")
   );
  }
}

public function index()
{
if ($this->settings->info->adopt) {
   $this->template->error(lang("error_87"));
  }
  $this->template->loadExternal(
   '[removed][removed]'
                        
  );
                
                  $this->template->loadExternal(
   '[removed][removed]'
                        
  );
                



  // IP Block check
  if ($this->ip_model->checkIpIsBlocked($_SERVER['REMOTE_ADDR'])) {
   $this->template->error(
    lang("error_11")
   );
  }
  
  

  $rname = "";
  $name = "";
  $gender = "";
  $breed = "";
  $color = "";
  $mark = "";
                $fail = "";

  if (isset($_POST['s'])) {
   $rname = $this->input->post("rname", true);
   $name = $this->common->nohtml(
    $this->input->post("name", true));
                 $gender = intval($this->input->post("gender", true));
   $breed = intval($this->input->post("breed", true));
   $color = intval($this->input->post("color", true));
                        $mark = intval($this->input->post("mark", true));
   $captcha = $this->input->post("captcha", true);
  


   if(strlen($rname) < 3) $fail = lang("ctn_113");

   if(!preg_match("/^[a-z0-9_]+$/i", $rname)) $fail = lang("ctn_114");

   if(!$this->adopt_model->check_rname_is_free($rname)) $fail = lang("ctn_115");

   if ($captcha != $_SESSION['sc']) {
    $fail = lang("error_2");
   }


   if (strlen($rname) > 200) {
    $fail = lang("error_50");
   }

   if (empty($rname)) $fail = lang("error_53");

   if (empty($name)) {
    $fail = lang("error_51");
   }
                        if (empty($fail)) {
    // Passed all checks
    
    $this->adopt_model->registerUser(
     $rname, $name, $gender, $breed, $color, $mark
    );
    $this->session->set_flashdata("globalmsg", lang("success_14"));
    redirect(base_url("kennel"));
   }
  }


  $this->load->helper("captcha");
  $rand = rand(4000,100000);
  $_SESSION['sc'] = $rand;
  $vals = array(
      'word' => $rand,
      'img_path' => './images/captcha/',
      'img_url' => base_url() . 'images/captcha/',
      'img_width' => 150,
      'img_height' => 30,
      'expiration' => 7200
      );

  $cap = create_captcha($vals);
  $this->template->loadContent("adopt/index.php", array(
   "cap" => $cap,
   "rname" => $rname,
   "name" => $name,
   "gender" => $gender,
   "breed" => $breed,
   "color" => $color,
   "mark" => $mark,
      'fail' => $fail));
    
}
}

Here is the model called adopt_model.php:

Code:
&lt;?php

class Adopt_Model extends CI_Model
{

public function registerUser($name, $rname, $gender, $breed, $color,
$mark
) {
  $this->db->insert("pets",
   array(
    "name" => $name,
    "rname" => $rname,
    "gender" => $gender,
    "breed" => $breed,
    "color" => $color,
    "mark" => $mark
    
   )
  );
}



public function check_rname_is_free($rname) {
  $s=$this->db->where("rname", $rname)->get("pets");
  if($s->num_rows() > 0) {
   return false;
  } else {
   return true;
  }
}

public function add_rname($userid, $rname) {
  $this->db->where("ownerid", $userid)->update("pets", array("rname" => $rname));
}

}

?&gt;

#2

[eluser]Tim Brownlaw[/eluser]
Hi there - I've only had a very quick glance at this...

So one thing that stuck out is...
Quote:The form is supposed to just add new data to a section in the database called “pets”. Instead it is putting all the form data into the URL of the website when I hit the submit button
That smells like your Form is being submitted with method="get" and not method="post".

I'd be going over the code with a fine tooth comb and commenting as much as you can as you go along... Looking up things that are unfamiliar in the users guide in the process.

You can still employ your usual debug techniques - working back from the HTML Source for the Forms etc in the browser and seeing if everything is ok. And plonking var_dumps around the place ( the ole fashioned ways still work well Smile )

Do you use an IDE of any kind? They can certainly help.

It's kind of a high expectation to leap from a non framework background and then throw an existing project into one. It's just like how you eat an elephant... one bite at a time!

Although I personally regard CI as one of the simpler Frameworks to learn on and definitely worth the effort... I Only say that because if you come from a traditional OOP background, CI does some of the more mundane stuff plus some heavy lifting while letting you go on about your business... In fact if you do OOP you've probably already come up with a similar system. But why reinvent the wheel!

I'll keep checking in and see how you are going. If you discover anything let us know.

Cheers
#3

[eluser]Glowfox[/eluser]
Thank you Tim for your reply.

I had a similar thought about the "get" function and that seemed to be the easiest fix except I took this coding from an already working form elsewhere on the site (written by the original coder) and I only changed the form HTML, plus the controller, model, and view name to what they are now and instead of dropping the information into "users", it should place it into "pets" now. I have literally changed very few things.

The only thing I can think is the person who coded it may have a page somewhere that is telling my website what sections of the database it can access and which it cannot and since I added this "pets" section to the database myself, it wouldn't be there. I have looked everywhere for a file like that though and I cannot find it. So, I thought maybe I was just wrong on that hunch and I just coded it wrong somehow.

The only thing remotely like a "get" function I have is this:

Code:
public function check_rname_is_free($rname) {
  $s=$this->db->where("rname", $rname)->get("pets");
  if($s->num_rows() > 0) {
   return false;
  } else {
   return true;
  }
}

But that section is talking to the Javascript which is supposed to check "pets" in the database to see if the registered name is already taken. It should not be trying to insert anything into the database itself. It is just checking to see if the name is already in the database.

And no, I do not use an IDE. I will look into to trying that next.

As for it being a high expectation, it probably is. I am normally a fairly quick learner and I just thought (for whatever reason) it couldn't be that hard to learn. From what I can get CodeIgniter to do, I love and I feel it works better. So, I am having a hard time just giving up and returning to the old way. It is hard to go from having a project you coded yourself completely to not being able to get a form to work though. LOL

Thank you for the advice!
#4

[eluser]CroNiX[/eluser]
You should post the form iteself.

What Tim meant by "get" is how you SEND the form, which is the METHOD in the form opening tag. It's using the get method, which sends the form parameters via the URL like ?name=something&[email protected]. You want to send using the POST method since that's what your app is checking for.

Code:
&lt;form accept-charset="utf-8" method="post" action="http://yoursite.com/adopt"&gt;

I'd also look into using the form helper, which simplifies it to just:
Code:
&lt;?=form_open('adopt'); ?&gt;
#5

[eluser]Glowfox[/eluser]
CroNix, my form opening tag was just the following:

Code:
&lt;form name='adopt' class='form-horizontal'&gt;

I changed it to this just to see if it made a difference:

Code:
&lt;form accept-charset='utf-8' name='adopt' class='form-horizontal' method='post' action='&lt;?php echo base_url('adopt') ?&gt;'&gt;

I am not sure why it was trying to use the "get" method. I understood what Tim was saying, but I don't know why it is trying to use that method. I added in what you suggested and now I am getting an error (The action you have requested is not allowed.). So, at least it is trying to do something now, but I will need to search for the error and see where it is coming from. I will post again once I have figure it out where it is coming from.
#6

[eluser]CroNiX[/eluser]
Because with HTML forms, "get" is the default method unless you specify.

That error message is because you most likely have CSRF protection enabled, but not including the CSRF token in your form. If you use the form helper with form_open(), it does it for you. I'd really urge you to use the form helpers that are available. It will help you in the long run and you also have to write a lot less code, generally.
#7

[eluser]CroNiX[/eluser]
I believe to add it manually, it would be something like:
Code:
&lt;input type="hidden" name="&lt;?=$this-&gt;security-&gt;get_csrf_token_name(); ?&gt;" value="&lt;?=$this-&gt;security-&gt;get_csrf_hash(); ?&gt;">

But if you simply just did:
Code:
&lt;?=form_open('adopt', array('class' => 'form-horizontal', 'name' => 'adopt')); ?&gt;

it would create something like:
Code:
&lt;form accept-charset="utf-8" name="adopt" class="form-horizontal" method="post" action="http://yoursite.com/adopt"&gt;
&lt;input type="hidden" name="the_csrf_name" value="the_csrf_value"&gt;
#8

[eluser]Glowfox[/eluser]
Hi Cronix! Tim helped me via Skype and your fix worked. There was a couple of other things going on with the script I bought too. Thank you for your help!
#9

[eluser]Tim Brownlaw[/eluser]
Yep, CroNiX The Ole form_open() did the trick on that issue.

So Cheers for that!




Theme © iAndrew 2016 - Forum software by © MyBB