validation, Cake will let you do that. You create a function that
checks the values (comparing to the DB in your case), and if it's not
valid, your custom validation method simply returns false, and Cake's
validation mechanism takes over, providing whatever textual feedback
is necessary to the user (if any). I'm not entirely sure if you want
or need this, but I thought I'd let you know in case you aren't
already using it.
On Apr 30, 11:58 am, "Dave Maharaj :: WidePixels.com"
<d...@widepixels.com> wrote:
> Yes... the goal is to secure the form (the checkbox values) so an end user
> can not modify the values and submit...All values submitted are checked
> against possible values in the db...so if they don't exist we know someone
> was messing with the form. So that's all done and working.... then it was
> just a matter of selecting the fields that were allowed to have data saved
> to them so if a user tried to add text field or something to the form it
> would not save that 'extra' data.
>
> The validation is set ('numeric') since its a HABTM table its saving id,
> user id , program_id
>
> That was all...sorry for the confusion
>
> Dave
>
>
>
> -----Original Message-----
> From: Brendon Kozlowski [mailto:Brendon...@hotmail.com]
> Sent: April-30-09 11:48 AM
> To: CakePHP
> Subject: Re: Compare Array - GOT IT!
>
> Ah, okay I understand what you mean now. It looks like you're doing this in
> the model; am I correct on that? It should probably be set as a custom
> validation for the particular field(s) you are concerned about. Since you
> didn't paste all of your code (you don't need to) I'll just hope that's what
> you're doing. :) If not, you can find that information in the cookbook:http://book.cakephp.org/view/150/Custom-Validation-Rules
>
> If you're not already, you may also want to use the Security Component.
>
> On Apr 29, 10:11 pm, "Dave Maharaj :: WidePixels.com"
> <d...@widepixels.com> wrote:
> > No no...not giving them the ability to edit the form...install Firebug
> > and anyone can edit a form...I am trying to prevent them from editing the
> form.
>
> > I can see the form and use firebug to see the vales in the form
> > checkboxes...value = 1 =3 = so on..... I can change the values with
> > Firebug to 599 799 899 or what ever ...so what I am doing is verify
> > that if someone is being cleaver and changes the values to something
> > that it could not possably be then it will not save anything and the
> > logged in users account is supspended because the ony way the form
> > would not save is if someone was messing with it and submited bad
> > data.(the form is only checkboxes)
>
> > -----Original Message-----
> > From: Brendon Kozlowski [mailto:Brendon...@hotmail.com]
> > Sent: April-29-09 11:15 PM
> > To: CakePHP
> > Subject: Re: Compare Array - GOT IT!
>
> > I don't believe this is necessary in the first place. Why are you
> > giving someone the ability to edit the form that shouldn't be? That's
> > the first issue I see. Secondly, why are you passing values to be
> > saved if you don't want them overwritten? That's the 2nd issue.
> > Thirdly, why are you even rendering them as form elements rather than
> > simple text within a paragraph tag instead? That'd be the third issue I
> see.
>
> > Although you are accomplishing what you want to do, I don't believe
> > you should be trying to do it in the first place as a more elegant
> > (albeit possibly more difficult to grasp?) solution is available.
>
> > On Apr 29, 4:52 pm, "Dave Maharaj :: WidePixels.com"
> > <d...@widepixels.com> wrote:
> > > I figured it out.
>
> > > //list of possible keys
> > > $keys =
> > > $this->User->$model_name->find('list', array('fields' => 'id', 'order'
> > > => 'id ASC'));
> > > debug($keys);
>
> > > $submitted =
> > > $this->data[$model_name][$model_name];
>
> > > debug($this->data[$model_name][$model_name]);
>
> > > $results = array_diff($submitted,
> > > $keys);
> > > debug($results);
>
> > > So if a "evil" user tries to change the value in a form and submits,
> > > the value is checked against possible values in the databsae....if
> > > not found we know someone was doing something they should not have been
> doing.
>
> > > I am using this for a form that only has checkboxes so it works for me.
>
> > > Any flaws?
>
> > > Thanks,
>
> > > Dave
>
> > > -----Original Message-----
> > > From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
> > > Sent: April-29-09 6:14 PM
> > > To: cake-php@googlegroups.com
> > > Subject: re: Compare Array
>
> > > I am trying to do the same type thing with comparing an array. I am
> > > using this for a security set up so a user can not change values of
> > > a form so I get the list of possible keys
>
> > > //list of possible keys
> > > $keys = $this->User->$model_name->find('list', array('fields'
> > > => 'id', 'order' => 'id ASC'));
> > > debug($keys);
>
> > > Array
> > > (
> > > [1] => 1
> > > [2] => 2
> > > [3] => 3
> > > [4] => 4
> > > [5] => 5
> > > [6] => 6
> > > )
>
> > > // values submitted by user
> > > $submitted = $this->data[$model_name][$model_name];
> > > debug($this->data[$model_name][$model_name]);
>
> > > Array
> > > (
> > > [0] => 3
> > > [1] => 5
> > > [2] => 6
> > > [3] => 1
> > > )
>
> > > //how to compare vales against submitted values?
> > > $results = array_udiff_assoc($keys, array($submitted));
> > > debug($results);
>
> > > But i need to compare the keys with the submitted data and that
> > > where i am stuck. I need to check that the submitted values have a
> > > match with the possible values in the database.
>
> > > Can someone point out my error or suggestions?
>
> > > Thanks,
>
> > > Dave- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment