Yes, the Auto Server-Side Validation is still no use.
Like in all previous versions of Chronoforms / Chronoengine,
they are still denying the importance of Server-Side Validation, which is unbelievable.
Sice many many ( many )peaple using that extensions have no clues of scription, they are really leaving those ppl alone with potentiol danger.
It's just like giving lil children grenades to play with, and then saying: well , it's ure fault if u cannot handle it right.
I really don't understand that attitude. As if it was that mich to do.
So also this time, we have no Serverside-Validation , ince the so called one, implemented script does not work in any ways. It obviously was NEVER EVER tested !
But actually the errors are quite quick to correct, since it's ALMOST working.
Basically and incidentially one lil mistake makes the code useless and blocking normal functionality, which is quite easy to correct.
OK, right ahead to the solutions:
they implemented the regex-tests like this ( example avalidation of alphanumeric ):
- Code: Select all
function validate_alphanumeric($str, $form){
return preg_match('/^[a-z0-9 ._-]+$/i', $str);
}
but they should actually look like that:
- Code: Select all
function validate_alphanumeric($str, $form){
return preg_match('/^[a-z0-9 ._-]+$/i', $form->data[$str]);
}
Easyest way to make all those validations to work:
Search-and-Replace all "$str)" with "$form->data[$str])".
Second issue is the validation of required and not-empty -fields.
I've changed my code FROM:
- Code: Select all
function validate_required($str, $form){
if(!isset($form->data[$str])){
return false;
}else{
return true;
}
}
function validate_not_empty($str, $form){
return preg_match('/[^.*]/', $str);
}
TO:
- Code: Select all
function validate_required($str, $form){
if(!isset($form->data[$str]) || empty($form->data[$str]) || trim($form->data[$str]) == '' ){
return false;
}else{
return true;
}
}
function validate_not_empty($str, $form){
return (!isset($str) || empty($str) || trim($str) == '' ) ? false : true;
}
u may have better solutions.
the Last thing i just happend to sumble upon is a problem with the logic with error-message-output:
A field might be validated by several rules sequentially, for example: first check if empty, then check if correct format.
But the logic over-rides the output of the previous test. This might leads to errormessages that might for a user seem sensless and confusing ( depending of course on what u've set ass error-messages in the backend ):
For instance: textfield , validation-rules: 1.not-empty, 2.required, 3.alphanumeric-chars-only
Case: user has left field empty, your errormessage for not-alpha "No special Characters here please!"
So in this case, the user didn't do imput, but the system tells him now " no special-chars here!", since it's the output for the last failing test for that field.
So as a solution for this, i've changed my code FROM ( line 26 ):
- Code: Select all
if(!$result){
$this->events['fail'] = 1;
$form->validation_errors[trim($field)] = $params->get($rule.'_error');
//return false;
}
TO:
- Code: Select all
if(!$result){
$this->events['fail'] = 1;
// set error message for field ( but only if not yet set 4 that field ) :
if(
!isset($form->validation_errors[trim($field)]) ||
empty($form->validation_errors[trim($field)]) ||
trim($form->validation_errors[trim($field)]) == '' ){
$form->validation_errors[trim($field)] = $params->get($rule.'_error');
//return false;
}
}
Hope that helps sum of you.
cheers
P.S.: I hardly ever re-ready my comments, although i almost know there's sum load of typos innit.
It's just: as long it's not in the code per se, i just don't care !! :S It should still very well be readable 4 ppl with normal IQ.
And thanx Dennis! (my swiss webdesign guru
http://lab5.ch) 4 helping me out on this quite a bit.
