Thursday, April 30, 2009

RE: Compare Array - GOT IT!

Yes... the goal is to secure the form (the checkbox values) so an end user
can not modify the values and submit...All values submitted are checked
against possible values in the db...so if they don't exist we know someone
was messing with the form. So that's all done and working.... then it was
just a matter of selecting the fields that were allowed to have data saved
to them so if a user tried to add text field or something to the form it
would not save that 'extra' data.

The validation is set ('numeric') since its a HABTM table its saving id,
user id , program_id

That was all...sorry for the confusion

Dave

-----Original Message-----
From: Brendon Kozlowski [mailto:BrendonKoz@hotmail.com]
Sent: April-30-09 11:48 AM
To: CakePHP
Subject: Re: Compare Array - GOT IT!


Ah, okay I understand what you mean now. It looks like you're doing this in
the model; am I correct on that? It should probably be set as a custom
validation for the particular field(s) you are concerned about. Since you
didn't paste all of your code (you don't need to) I'll just hope that's what
you're doing. :) If not, you can find that information in the cookbook:
http://book.cakephp.org/view/150/Custom-Validation-Rules

If you're not already, you may also want to use the Security Component.

On Apr 29, 10:11 pm, "Dave Maharaj :: WidePixels.com"
<d...@widepixels.com> wrote:
> No no...not giving them the ability to edit the form...install Firebug
> and anyone can edit a form...I am trying to prevent them from editing the
form.
>
> I can see the form and use firebug to see the vales in the form
> checkboxes...value = 1 =3 = so on..... I can change the values with
> Firebug to 599 799 899 or what ever ...so what I am doing is verify
> that if someone is being cleaver and changes the values to something
> that it could not possably be then it will not save anything and the
> logged in users account is supspended because the ony way the form
> would not save is if someone was messing with it and submited bad
> data.(the form is only checkboxes)
>
>
>
> -----Original Message-----
> From: Brendon Kozlowski [mailto:Brendon...@hotmail.com]
> Sent: April-29-09 11:15 PM
> To: CakePHP
> Subject: Re: Compare Array - GOT IT!
>
> I don't believe this is necessary in the first place.  Why are you
> giving someone the ability to edit the form that shouldn't be?  That's
> the first issue I see.  Secondly, why are you passing values to be
> saved if you don't want them overwritten?  That's the 2nd issue.
> Thirdly, why are you even rendering them as form elements rather than
> simple text within a paragraph tag instead?  That'd be the third issue I
see.
>
> Although you are accomplishing what you want to do, I don't believe
> you should be trying to do it in the first place as a more elegant
> (albeit possibly more difficult to grasp?) solution is available.
>
> On Apr 29, 4:52 pm, "Dave Maharaj :: WidePixels.com"
> <d...@widepixels.com> wrote:
> > I figured it out.
>
> > //list of possible keys
> >                                  $keys =
> > $this->User->$model_name->find('list', array('fields' => 'id', 'order'
> > => 'id ASC'));
> >                                  debug($keys);
>
> >                                 $submitted =
> > $this->data[$model_name][$model_name];
>
> > debug($this->data[$model_name][$model_name]);
>
> >                                 $results = array_diff($submitted,
> > $keys);
> >                                 debug($results);
>
> > So if a "evil" user tries to change the value in a form and submits,
> > the value is checked against possible values in the databsae....if
> > not found we know someone was doing something they should not have been
doing.
>
> > I am using this for a form that only has checkboxes so it works for me.
>
> > Any flaws?
>
> > Thanks,
>
> > Dave
>
> > -----Original Message-----
> > From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
> > Sent: April-29-09 6:14 PM
> > To: cake-php@googlegroups.com
> > Subject: re: Compare Array
>
> > I am trying to do the same type thing with comparing an array. I am
> > using this for a security set up so a user can not change values of
> > a form so I get the list of possible keys
>
> > //list of possible keys
> >      $keys = $this->User->$model_name->find('list', array('fields'
> > => 'id', 'order' => 'id ASC'));
> >      debug($keys);
>
> > Array
> > (
> >     [1] => 1
> >     [2] => 2
> >     [3] => 3
> >     [4] => 4
> >     [5] => 5
> >     [6] => 6
> > )
>
> >     // values submitted by user
> >     $submitted =  $this->data[$model_name][$model_name];
> >     debug($this->data[$model_name][$model_name]);
>
> > Array
> > (
> >     [0] => 3
> >     [1] => 5
> >     [2] => 6
> >     [3] => 1
> > )
>
> >         //how to compare vales against submitted values?
> >     $results = array_udiff_assoc($keys, array($submitted));
> >     debug($results);
>
> > But i need to compare the keys with the submitted data and that
> > where i am stuck. I need to check that the submitted values have a
> > match with the possible values in the database.
>
> > Can someone point out my error or suggestions?
>
> > Thanks,
>
> > Dave- Hide quoted text -
>
> - Show quoted text -


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: