Cross-Site Request Forgery (CSRF) form protection.
public addProtection ( $message = NULL ) : |
||
return |
function createForm() { $form = new Form(); $form->addProtection('Detected robot activity.'); $c = $form->addContainer('frm'); $deliveryConstraints = $this->getDeliveryConstraints(); if ($deliveryConstraints) { $c->addRadiolist(self::OPTION_DELIVERY, self::OPTION_DELIVERY, array_combine($deliveryConstraints, $deliveryConstraints))->setRequired()->setDefaultValue($this->getDelivery()); } $paymentConstraints = $this->getPaymentConstraints(); if ($paymentConstraints) { $c->addRadiolist(self::OPTION_PAYMENT, self::OPTION_PAYMENT, array_combine($paymentConstraints, $paymentConstraints))->setRequired()->setDefaultValue($this->getPayment()); } $c->addText('delivery_name', 'delivery_name')->setRequired(); $c->addTextarea('delivery_address', 'delivery_address'); $c->addText('payment_name', 'payment_name'); $c->addTextarea('payment_address', 'payment_address'); $c->addText('payment_ic', 'payment_ic'); $c->addText('payment_dic', 'payment_dic'); if (!empty($this->config['allow_note'])) { $c->addTextarea('note', 'note'); } $c->setDefaults($this->getOptions()); $c->addSubmit('send', 'Save order'); if (isFormValid($form, 'submit-order')) { $vals = $c->values; if ($vals[self::OPTION_PAYMENT]) { $this->setPayment($vals[self::OPTION_PAYMENT]); } if ($vals[self::OPTION_DELIVERY]) { $this->setDelivery($vals[self::OPTION_DELIVERY]); } $this->setOptions((array) $vals + $this->getOptions()); wp_redirect('?'); } return $form; }
<?php // Latte: {$Forms[contact]} use Nette\Forms\Form; $form = new Form(); $form->setRenderer(new \Nextras\Forms\Rendering\Bs3FormRenderer()); $form->addProtection('Detected robot activity.'); $c = $form->addContainer('frm'); $c->addText('email', 'Your email')->addCondition($form::FILLED)->addRule($form::EMAIL, 'Please fill in a valid e-mail address.'); $c->addTextarea('message', 'Message')->setRequired('Please fill in a message.'); $c->addSubmit('send', 'Send'); if (isFormValid($form, __FILE__)) { dump($c->getValues()); } return $form;
<?php /** * Nette\Forms Cross-Site Request Forgery (CSRF) protection example. */ require_once __DIR__ . '/../../Nette/loader.php'; use Nette\Forms\Form, Nette\Debug; Debug::enable(); $form = new Form(); $form->addProtection('Security token did not match. Possible CSRF attack.', 3); $form->addHidden('id')->setDefaultValue(123); $form->addSubmit('submit', 'Delete item'); // Step 2: Check if form was submitted? if ($form->isSubmitted()) { // Step 2c: Check if form is valid if ($form->isValid()) { echo '<h2>Form was submitted and successfully validated</h2>'; $values = $form->getValues(); Debug::dump($values); // this is the end, my friend :-) if (empty($disableExit)) { exit; } } } // Step 3: Render form ?> <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="page-header"> <h1> <i class="fa fa-plus"></i> Add a new station log </h1> </div> <?php use Nette\Forms\Form; use Kdyby\BootstrapFormRenderer\BootstrapRenderer; $form = new Form(); $form->setRenderer(new BootstrapRenderer()); $form->addProtection(); $form->addText('reporter', 'Nickname')->setAttribute('placeholder', 'anonymous')->setRequired(); date_default_timezone_set("UTC"); $form->addText('datetime', 'When')->setAttribute('placeholder', '2014-01-01 14:00')->setDefaultValue(date('Y-m-d H:i:s'))->setRequired(); $form->addText('station', 'Station designator')->setRequired()->setAttribute('placeholder', 'E11'); $form->addText('qrh', 'Frequency')->setRequired()->setAttribute('placeholder', '4625')->addRule(Form::FLOAT); $form->addText('callnumber', 'Call # (leave empty if not captured)')->setAttribute('placeholder', '472 639 5 or 441/30'); $form->addText('callid', 'Call ID (leave empty if not captured)')->setAttribute('placeholder', '472 639 5 or 441/30'); $form->addText('gc', 'Group Count')->setAttribute('placeholder', '10'); $form->addTextArea('body', 'Message (leave empty if not captured)')->setAttribute('placeholder', '39715 12345'); $form->addSubmit('send', 'Add to our mighty database'); if ($form->isSuccess() && $form->isValid()) { //die(); $f = $form->getValues(); //dump($f); $arr = array('time' => $f['datetime'], 'station' => $f['station'], 'qrh' => $f['qrh'], 'call_number' => $f['callnumber'], 'call_id' => $f['callid'], 'gc' => $f['gc'], 'body' => $f['body'], 'reporter' => $f['reporter']); dibi::query('insert into logs_new', $arr); echo "Log has been added. Thank you."; } $form->render();