Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Preventing custom form validation function from being accessed via a URL
Preventing custom form validation function from being accessed via a URL
  • Offline CINewb
    Member
  • ***
  • Posts: 79
    Threads: 17
    Joined: Apr 2016
    Reputation: 3
#1
05-04-2016, 03:25 AM
(This post was last modified: 05-04-2016, 03:32 AM by CINewb.)

When you create a custom validation rule within a controller, it is accessible via the browser, which in most cases you wouldn't want.  You can't make the callback function private, it seems CI needs it to be public.

I've therefore reverted to this:


PHP Code:
$this->form_validation->set_message('_my_custom_rule''Your input failed the custom rule');
$this->form_validation->set_rules('email''Email''callback__my_custom_rule' );

public function _my_custom_rule$value ) {
    // Do something here and return true or false



The underscore at the front of the function name prevents it being called via the browser.  However, it doesn't seem as elegant using an underscore in the set_message() and set_rules() methods.

I know this is pedantic, but is this the best way?  On Stackoverflow I did see an answer which involved creating a new class/library which extends the CI Validation class, but this seemed like an overkill.

Thanks
Reply
  • Offline keulu
    Amazing Member
  • ***
  • Posts: 82
    Threads: 8
    Joined: Feb 2015
    Reputation: 4
#2
05-04-2016, 03:29 AM
(This post was last modified: 05-04-2016, 03:33 AM by keulu.)

can't you call a private check_form method from your public route ?

Edit : My Bad... didn't see you asked for custom validation method. Your can create a form_validation_helper


<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

function city_check($postfield){
global $CI;
if ($postfield == '0'){
$CI->form_validation->set_message('city_check', 'Need city');
return FALSE;
}else{
return TRUE;
}
}


// in your controller
$this->load->helper('form_validation');
$this->form_validation->set_rules('email', 'Email', 'callback_city_check' );
Reply
  • Offline CINewb
    Member
  • ***
  • Posts: 79
    Threads: 17
    Joined: Apr 2016
    Reputation: 3
#3
05-04-2016, 04:00 AM
(This post was last modified: 05-04-2016, 04:00 AM by CINewb.)

(05-04-2016, 03:29 AM)keulu Wrote: <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

function city_check($postfield){
global $CI;
if ($postfield == '0'){
$CI->form_validation->set_message('city_check', 'Need city');
return FALSE;
}else{
return TRUE;
}
}


// in your controller
$this->load->helper('form_validation');
$this->form_validation->set_rules('email', 'Email', 'callback_city_check' );

Thanks.  The only thing is, my custom form validation method is currently in a controller, and it calls a method from the related model.  If I create a helper this would need to be generic, and not related to the controller/model in question.

Here's what my validation method looks like at the moment:


PHP Code:
public function check_loggedin() {
        if ( $this->user_model->is_loggedin() ) {
            return true;
        }
        return false;

Reply
  • Offline keulu
    Amazing Member
  • ***
  • Posts: 82
    Threads: 8
    Joined: Feb 2015
    Reputation: 4
#4
05-04-2016, 04:28 AM

call $CI->user_model. it should work if you model is loaded before or autoloaded.

public function check_loggedin() {
global $CI;
if ( $CI->user_model->is_loggedin() ) {
return true;
}
return false;
}
Reply
  • Offline keulu
    Amazing Member
  • ***
  • Posts: 82
    Threads: 8
    Joined: Feb 2015
    Reputation: 4
#5
05-04-2016, 04:32 AM

And set your custom message just before your "return false;".
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#6
05-09-2016, 03:58 AM

(05-04-2016, 03:25 AM)CINewb Wrote: When you create a custom validation rule within a controller, it is accessible via the browser, which in most cases you wouldn't want.  You can't make the callback function private, it seems CI needs it to be public.

I've therefore reverted to this:


PHP Code:
$this->form_validation->set_message('_my_custom_rule''Your input failed the custom rule');
$this->form_validation->set_rules('email''Email''callback__my_custom_rule' );

public function _my_custom_rule$value ) {
    // Do something here and return true or false



The underscore at the front of the function name prevents it being called via the browser.  However, it doesn't seem as elegant using an underscore in the set_message() and set_rules() methods.

I know this is pedantic, but is this the best way?  On Stackoverflow I did see an answer which involved creating a new class/library which extends the CI Validation class, but this seemed like an overkill.

Thanks

If the simplest solution doesn't seem elegant to you and you think the more sophisticated one is overkill, I'm afraid you'd never be satisfied ... Smile

There is one more way - creating explicit routes to block those methods from being triggered, but that is real overkill.
Reply
  • Offline cartalot
    You Can't Fax Glitter
  • ****
  • Posts: 356
    Threads: 13
    Joined: Nov 2014
    Reputation: 17
#7
05-09-2016, 09:24 AM

Put your custom validation in a model. A model can call another model. in my occasionally humble opinion all validation should happen in models to keep the controller as thin as possible. in my not so humble opinion every method in a controller should be private unless its ok for it to be accessible via the url, because that is basic security.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB