public function testFormSigning()
{
$uid = (string) crc32(__FILE__ . '_' . (__LINE__ + 3));
$csrf = sha1(session_id());
$form = new \Gajus\Dora\Form();
$this->assertSame($form->getUid(), $uid);
$this->assertSame(preg_replace('/[^a-b]/', '', '<input type="hidden" name="gajus[dora][uid]" value="' . $uid . '"><input type="hidden" name="gajus[dora][csrf]" value="' . $csrf . '">'), preg_replace('/[^a-b]/', '', $form->sign()));
}
$form = new \Gajus\Dora\Form($_POST);
// Note that "bar" input has a default value:
// $form->input('bar', ['value' => mt_rand(1000,9999)])
// However, when you submit the form, this value is overwritten.
// Form signature is used to generate UID and CSRF tokens.
// UID is used to identify instance of the form that's submitted.
// Form signature is generated using $form->sign().
if ($form->isSubmitted()) {
header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}
?>
<form action="" method="post">
<?php
echo $form->input('foo');
?>
<?php
echo $form->input('bar', ['value' => mt_rand(1000, 9999)]);
?>
<div class="button-group">
<?php
echo $form->input('action[submit]', ['type' => 'submit', 'value' => 'Submit'], null, null);
?>
</div>
<?php
echo $form->sign();
?>
</form>
