Cross-Site Request Forgery (CSRF) form protection.
|
public addProtection ( $message = NULL ) : |
||
| return | ||
function createForm()
{
$form = new Form();
$form->addProtection('Detected robot activity.');
$c = $form->addContainer('frm');
$deliveryConstraints = $this->getDeliveryConstraints();
if ($deliveryConstraints) {
$c->addRadiolist(self::OPTION_DELIVERY, self::OPTION_DELIVERY, array_combine($deliveryConstraints, $deliveryConstraints))->setRequired()->setDefaultValue($this->getDelivery());
}
$paymentConstraints = $this->getPaymentConstraints();
if ($paymentConstraints) {
$c->addRadiolist(self::OPTION_PAYMENT, self::OPTION_PAYMENT, array_combine($paymentConstraints, $paymentConstraints))->setRequired()->setDefaultValue($this->getPayment());
}
$c->addText('delivery_name', 'delivery_name')->setRequired();
$c->addTextarea('delivery_address', 'delivery_address');
$c->addText('payment_name', 'payment_name');
$c->addTextarea('payment_address', 'payment_address');
$c->addText('payment_ic', 'payment_ic');
$c->addText('payment_dic', 'payment_dic');
if (!empty($this->config['allow_note'])) {
$c->addTextarea('note', 'note');
}
$c->setDefaults($this->getOptions());
$c->addSubmit('send', 'Save order');
if (isFormValid($form, 'submit-order')) {
$vals = $c->values;
if ($vals[self::OPTION_PAYMENT]) {
$this->setPayment($vals[self::OPTION_PAYMENT]);
}
if ($vals[self::OPTION_DELIVERY]) {
$this->setDelivery($vals[self::OPTION_DELIVERY]);
}
$this->setOptions((array) $vals + $this->getOptions());
wp_redirect('?');
}
return $form;
}
<?php
// Latte: {$Forms[contact]}
use Nette\Forms\Form;
$form = new Form();
$form->setRenderer(new \Nextras\Forms\Rendering\Bs3FormRenderer());
$form->addProtection('Detected robot activity.');
$c = $form->addContainer('frm');
$c->addText('email', 'Your email')->addCondition($form::FILLED)->addRule($form::EMAIL, 'Please fill in a valid e-mail address.');
$c->addTextarea('message', 'Message')->setRequired('Please fill in a message.');
$c->addSubmit('send', 'Send');
if (isFormValid($form, __FILE__)) {
dump($c->getValues());
}
return $form;
<?php
/**
* Nette\Forms Cross-Site Request Forgery (CSRF) protection example.
*/
require_once __DIR__ . '/../../Nette/loader.php';
use Nette\Forms\Form, Nette\Debug;
Debug::enable();
$form = new Form();
$form->addProtection('Security token did not match. Possible CSRF attack.', 3);
$form->addHidden('id')->setDefaultValue(123);
$form->addSubmit('submit', 'Delete item');
// Step 2: Check if form was submitted?
if ($form->isSubmitted()) {
// Step 2c: Check if form is valid
if ($form->isValid()) {
echo '<h2>Form was submitted and successfully validated</h2>';
$values = $form->getValues();
Debug::dump($values);
// this is the end, my friend :-)
if (empty($disableExit)) {
exit;
}
}
}
// Step 3: Render form
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="page-header">
<h1>
<i class="fa fa-plus"></i> Add a new station log
</h1>
</div>
<?php
use Nette\Forms\Form;
use Kdyby\BootstrapFormRenderer\BootstrapRenderer;
$form = new Form();
$form->setRenderer(new BootstrapRenderer());
$form->addProtection();
$form->addText('reporter', 'Nickname')->setAttribute('placeholder', 'anonymous')->setRequired();
date_default_timezone_set("UTC");
$form->addText('datetime', 'When')->setAttribute('placeholder', '2014-01-01 14:00')->setDefaultValue(date('Y-m-d H:i:s'))->setRequired();
$form->addText('station', 'Station designator')->setRequired()->setAttribute('placeholder', 'E11');
$form->addText('qrh', 'Frequency')->setRequired()->setAttribute('placeholder', '4625')->addRule(Form::FLOAT);
$form->addText('callnumber', 'Call # (leave empty if not captured)')->setAttribute('placeholder', '472 639 5 or 441/30');
$form->addText('callid', 'Call ID (leave empty if not captured)')->setAttribute('placeholder', '472 639 5 or 441/30');
$form->addText('gc', 'Group Count')->setAttribute('placeholder', '10');
$form->addTextArea('body', 'Message (leave empty if not captured)')->setAttribute('placeholder', '39715 12345');
$form->addSubmit('send', 'Add to our mighty database');
if ($form->isSuccess() && $form->isValid()) {
//die();
$f = $form->getValues();
//dump($f);
$arr = array('time' => $f['datetime'], 'station' => $f['station'], 'qrh' => $f['qrh'], 'call_number' => $f['callnumber'], 'call_id' => $f['callid'], 'gc' => $f['gc'], 'body' => $f['body'], 'reporter' => $f['reporter']);
dibi::query('insert into logs_new', $arr);
echo "Log has been added. Thank you.";
}
$form->render();
