Whats the best way to handle form validation?
Edit: Now that I think about it, after reading the "users" module in acp when there isn't a user existing, I could do a form submission to:
index.php?module=home/page&action=manage&edit=1&formsubmit=true
I could submit to the formsubmit page then if there are any errors dont update and run flash_message function & admin_redirect and display the errors accordingly.
Usually the structure of the ACP page is like this:
if($mybb->input['action'] == "myaction")
{
if($mybb->request_method == "post")
{
// validate
if(!$errors)
{
// do stuff, flash_message, admin_redirect
}
}
// output_inline_error
// output rest of page
}
You can take a look at any ACP page and see how it is handled... Simpler examples are probably editing post icons/smilies.
What about the verify post key.
What you need that for?
Its automatically generated with the form class
It is a security measure.
(2008-10-26, 08:11 AM)flash.tato Wrote: [ -> ]It is a security measure.
but its automatically generated so...
That is not automatically generated.
For getting it you should grab the post_code property of the $mybb object.
For veryfing it you should use
function verify_post_check($code, $silent=false)
tbh, if you guys don't do it all the time, hence the adding new post icons feature in the config[read the source (which I have been doing a lot of lately) if you don't believe me], then I don't see a point for me to handle it.
Also there is a automatically generated code unless the devs just say "Hey lets put something pointless in the form class". which I highly doubt they said.
<form action="index.php?module=home/page&action=manage&edit=1" method="post" id="manage">
<input type="hidden" name="my_post_key" value="c155095a9683b3e74d99dd6c741221df" />
Is called automatically when doing the following:
$form = new Form("index.php?module=home/page&action=manage&edit={$mybb->input['edit']}", "post", "manage");
I know I'm not crazy, but I'm pretty sure that code changes every time. Plus I read the source:
File: admin\inc\class_form.php
function __construct($script, $method, $id="", $allow_uploads=0, $name="", $return=false)
{
global $mybb;
$form = "<form action=\"{$script}\" method=\"{$method}\"";
if($allow_uploads != 0)
{
$form .= " enctype=\"multipart/form-data\"";
}
if($name != "")
{
$form .= " name=\"{$name}\"";
}
if($id != "")
{
$form .= " id=\"{$id}\"";
}
$form .= ">\n";
$form .= $this->generate_hidden_field("my_post_key", $mybb->post_code)."\n";
if($return == false)
{
echo $form;
}
else
{
$this->_return = true;
$this->construct_return = $form;
}
}
Pretty sure I know what I'm talking about when I say they are generating the code automatically.
It's is generated automatically but not checked automatically.
if($mybb->input['action'] == "myaction")
{
verify_post_check($mybb->input['my_post_key']);
if($mybb->request_method == "post")
{
// validate
if(!$errors)
{
// do stuff, flash_message, admin_redirect
}
}
// output_inline_error
// output rest of page
}