Forums

Hello!

My company uses ChronoEngine to easily create forms. I've been asked to integrate an API call to register the user to a remote service. I have to generate the password and send it via email. My idea was to use the "Custom Server Side Validation" in order to do everything and, in case of success, add the generated password to the form data, which should then be sent along the usual info (name, username, password etc).

I've got a problem and a concern:

1. even if I use the PHP tag to start and end the code, when I submit the form I see the code being printed and not being executed. I tried with the following code:

<?php
var_dump($form);
return false;
?>

2. if I write the $form data, will it be available in the email template? i.e. adding a new field.

Thanks

Hi elegosSSD,

Code in the Custom Server Side Validation action should be executed if it is valid PHP. But note that dumping $form will give you many many lines of output and probably isn't what you want.

The Event Switcher action might be more useful, or my Unique ID [GH] action which will generate a unique random string ideally suited to use as a password.

If you add a value to the $form->data array e,g, $form->data['password'] = 'xxx'; then that will be available to the Email template.

Bob

Bob

Hello Bob,

thanks for answering. I was trying to dump the form data to watch what was in there. Isn't that code valid? I'm not joking, there are only those lines. I've noticed that refreshing the page and editing the validation code again, the starting and ending PHP tags are gone. May be this the problem why it's not being executed? Maybe a Joomla function is silently stripping them off? The editor is simply a textarea, I think it's something to do with the database saving (if I reopen the configuration without refreshing, starting/ending tags are still there).

Also, if I use an Event Switcher, is it possible to show some errors, like "Username already taken" etc?

Thanks

P.S.
Doesn't ChromoEngine exposes events that can be accessed via a plugin, like User's onUserBeforeUpdate?

Hi elegosSSD,

If the <php ?> tags are being stripped that looks like something else on your site or server. I built a little test form using your code and it dumps the $form object to the screen.

If you are doing validation then, yes use the Custom Serverside Validation action, there probably is no advantage in using the Event Switcher in that case.

There are no exposed events - but what do you actually need to do?

Bob

Hello Bob,

I actually need to use the form to register the user to the web application which resides on another server. This implies sending several API requests (check for company existance, user existance, email already been used etc) and, if everything is ok, register the user to the remote web app. Eventually if the user is being created, write a record in the Joomla database (for marketing purposes only) and send to the user the username and password to access the external web app.

That's why I asked if it exposed events, as it's better (for me) to work on a file in an IDE, rather than writing code in a textarea (I still can, copy/pasting the code in the textarea).

I'm worried about the tags being stripped though... may it be a Joomla setting, or most probably an external plugin? I'm not very familiar with this CMS.

Thank you very much

Hi elegosSSD,

I don't much like the textarea so I use included files in them and edit the included file with - in my case - Sublime Text 3. It makes life much easier once the code is more than a few lines.

I keep included files in a /components/com_chronoforms5/includes/form_name/ folder and include with this PHP

<?php
include (JPATH_SITE.'/components/com_chronoforms5/includes/'.$form->form['Form']['title'].'/load_js.js');
?>

- change the file name to suit.

Similarly if I'm using and API library that might work with several forms I add that into /components/com_chronoforms5/extras/library_name/ and require the needed files into the included file.

Joomla! doesn't strip tags in any 'standard' configuration. I've seen it once or twice (out of hundreds of sites) when there are 'security' components on the site or the server that go through and strip out anything they don't like the look of. You either have to turn then component off or whitelist the ChronoForms folders in some way - sorry I can't be more specific.

I would start by looking at the installed plug-ins and seeing if any of them look like possible candidates.

Bob

Thank you Bob,

I really appreciate your help! I know you can't be more specific (obviously).

Last question: being the APIs protected via authentication (and I don't want to expose the credentials via JavaScript), is it possible to include a PHP file like you showed me which lets the validation form fail?

Thanks🙂

Hi elegosSSD,

You can include a PHP file* in an Custom Serverside Validation action (or an Event Switcher). The only small problem is one of scope, You can't do the 'return' from an included file. Instead I set a form variable in the included file e,g,

<?php
if ( some condition ) {
  $form->data['return'] = 'xxx';
} else {
  $form->data['return'] = 'yyy';
}
?>

then the code in the text area looks like

<?php
include (JPATH_SITE.'/components/com_chronoforms5/includes/'.$form->form['Form']['title'].'/file_name.php');
return $form->data['return'];
?>

Bob

* I happen to have a macro which creates the include code with a load_js.js file name - that will only work in a Load JS action, in most cases you want a PHP file.