Profile plugin: saving data, protect access

phlampe 25 May, 2010
Hello All !

I'm slowly climbing the learning curve for Joomla and ChronoForms :-)

Today, I'm setting up a Profile page for my user detail data, that was previously entered by a ChronoForm linked to a detail data table and to the internal user table of Joomla (with the Registration plugin), and I have some questions about things that don't really work as I thought (or understood with my poor only neuron still able to function):

1. I had to duplicate my initial registration form, because when I enabled the profile plugin and then tried to access the form with the syntax "&chronoformname=inscription&user_id=99" in the URL, I got a "cannot re-register a user a second time " kind of error
2. on the duplicate form (called "profil"), I removed some of the validation checks (like passwords), added some hidden fields (like email and username, so I could send them back by e-mail), and when I click the "Validate" button, the result is sent by email, but the data isn't saved in the table. What did I miss or remove that I shouldn't have ?
3. my profile form is accessible directly by it's URL, bypassing all logged-in checks: try it: Profil 163. It's a test site, so don't worry, it's test data. I guess I can add some php code at the beginning of the form code to be sure my user is connected before displaying the form, but I'd need some pointers here.
4. I also don't know how to create a dynamic user dependent menu item that would send the user on it's profile page when clicking on it, since the user_id parameter value is Joomla's user id (like the "your details" in the user menu. Is there a way to pass this parameter from a menu item ?

Thanks for your help,
phlampe 25 May, 2010
About question2, I just noticed that in fact the form added each time my data at the end of the table, duplicating each row with my updates, except for the user id.

So I'll check my form code, and the way the cf_user_id is passed around. Something must be wrong in there.

phlampe 25 May, 2010
I fixed my problem #2 by adding hidden fields in the form to keep and save back both cf_id and cf_user_id.

But I have a layout problem now: I fixed it by adding the following block of code for each hidden fields (there are 4 of them):

<div class="form_item">
  <div class="form_element cf_textbox">
    <input id="hidden_01" name="username" type="hidden" value="{username}/>
  <div class="cfclear"> </div>

This code comes from copy/paste of other parts of code in the form (since I'm far from being a master of php/css...). But it results in a big blank space appearing where the hidden fields are, of 4 equivalent blank lines.

If I just use instead (nod divs, no classes):
<input id="hidden_01" name="username" type="hidden" value="{username}/>

other things don't work (like the background turns gray, or the form doesn't validate anymore, ...). So I reverted to the ugly but working code.

5. So how can I remove those blank lines ?

I'd appreciate any idea or comment :-)
GreyHead 25 May, 2010
Hi phlampe,

You're missing a quote around the value, the hidden input needs to be
<input id="hidden_01" name="username" type="hidden" value="{username}" />

phlampe 27 May, 2010
Thanks a lot for your answer, Greyhead, (and I hate myself for letting such a dumb mistake get through).

So that answers my questions 2 and 5, but what about 3 and 4 ?

For #4 (accessing the profile from a menu), I looked around in ChronoForm, and was wondering if I couldn't do it with the profile plugin default values and a bit of PHP code: if I set on the profile plugin parameter page the "Evaluate Code" on, where can I write that bit of php that would set my 'Request' parameter to the current (and logged) user id ? And that could at the same time provide an answer to my question #3 by refusing access to this page if the user isn't logged in that same bit of php.

GreyHead 27 May, 2010
Hi Paul-Henri,

You can pick up the user Id at the beginning of the form html, it doesn't need to be in the menu URL:
if ( !$mainframe->isSite() ) {return;}
$user = & JFactory::getUser();
if ( !$user->id ) {
// the user id is then in $user->id
. . .

phlampe 28 May, 2010
Thanks again for your help, Greyhead.

Here's what I added after your code snippet to check if the user is connected and redirect the page to his profile if needed, particularly if there's no user_id provided in the URL :

/* if the user id in the url is different from the logged one, redirect to user's profile page */
if ($_GET['user_id'] != $user->id) {

This topic is locked and no more replies can be posted.