Zend Framework 2 - Including a variable in a form action - forms

My login form may be called with a re-direct query and I am wondering if there is a simple way to include this in the subsequent post action.
The use case is for SSO login.
My normal login route is:
/customer/login
and when called from a third party client becomes:
/customer/login?redirectTo=http://www.example.com
My login action:
public function loginAction()
{
$prg = $this->prg();
if ($prg instanceof Response) {
return $prg;
} elseif ($prg === false) {
return new ViewModel(['form' => $this->loginForm]);
}
This loads my view and I currently define my action as so:
$form = $this->form;
$form->setAttribute('action', $this->url());
Now when the action is called, I am losing the redirectTo parameter.
So my question is this, is it possible to update the action to include the re-direct url so that when a user clicks to login, it is posted back to my form?
thanks!
EDIT -
Obviously I can create a redirectTo route in the configs and test on the initial call to the page for the existence of such a route and include this in the form. My question however is whether or not this can be done automagically simply from the viewscript.

To generate query string arguments from the view helper, you need to assign them as the third argument using the query key. Please refer to the ZF2 docs http://framework.zend.com/manual/current/en/modules/zend.view.helpers.url.html
$form->setAttribute('action', $this->url('application', array('action' => 'login'), array('query' => array('redirectTo' => 'http://www.example.com,))));

$form->setAttribute('action', $this->url('login', [
'query' => [
'redirectTo' => $this->params()->fromQuery('redirectTo')
]
]);
Where 'login' is the name of the login route.
See Url View Helper

Well my solution is not as elegant as I hoped it would be. I wanted to avoid using the controller for the query params. As #Stanimir pointed out, the view helpers are in fact, to help with view so my original idea was unfounded.
This is an end to end of what I have put together:
Controller:
$redirect_url = $this->params()->fromQuery('redirectTo',null);
Returns this to view on initial load:
return new ViewModel( ['form' => $this->loginForm , 'redirect_url' => $redirect_url] );
View
$form->setAttribute(
'action',
$this->url(
'customer/login', [] ,
[ 'query'=>
[ 'redirectTo' => $this->redirect_url ]
]
)
);

Related

Drupal Node comment redirection when validation fail

I've been banging my head on this trying to find a solution, searching all around for something that would work, but I got no chance.
I have a "dashboard" where users have a list of event they took part in where they can rate/comment the event. I'ts basically a custom comment form for a node that is not displaying on the node page itself. The user click on an icon in their dashboard next to the event they want to comment, they get to the form, fill it and it returns them back to the dashboard. The return is adding parameters with a custom submit function and using the redirect function to make sure the user return to the proper tab in their dashboard.
function custom_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'comment_node_event_form') {
$form['#submit'][] = 'customcomment_form_submit';
}
}
function customcomment_form_submit($form, &$form_state) {
if($form['#form_id']=='comment_node_event_form'){
$pos = strpos($_SERVER['HTTP_REFERER'], 'qt-dashboard');
if ($pos !== FALSE) {
$form_state['redirect'] = array(
'dashboard',
array(
'query' => array(
'qt-dashboard' => '2',
'qt-dashboard_event' => '2',
),));
}else{
$form_state['redirect'] = array(
'dashboard',
array(
'query' => array(
'qt-dashboard' => '2',
'qt-dashboard_event' => '1',
),));
}
}
}
This portion is working as it should and expected. The problem is when form validation fails, it send the comment form error message and form to refill to the node page instead of staying where it is.
I found that if I set the #action with the link where my comment form is, it does send the fail to the proper page
$form['#action']='/rating_comment/'.$form['#node']->vid.'?destination=dashboard&qt-dashboard=2&qt-dashboard_event=2';
But, doing so break the redirect when successfully submitting the form and it doesn't take the parameter in the redirect..it basically send the user directly to dashboard and scrapes the parameter. Now there might be a better solution for form validation fail to stay on the same page and that is pretty much what I am looking for.
Thanks
Looks like this form isn’t in your module - and you’re altering the other module.
Now, when the validate function gets invoked at the end you can check for failure and if there is failure cancel processing/redirect etc.
$form_state['no_redirect'] = FALSE:
Also, you can use the error function to check for errors and if so cancel the rest. This goes inside validate method.
if (form_get_errors()) { return FALSE ; }
// .. Otherwise, process validation
Check out the following
https://drupal.stackexchange.com/questions/170815/is-it-possible-to-stop-a-webform-form-during-submission
https://drupal.stackexchange.com/questions/5861/how-to-redirect-to-a-page-after-submitting-a-form

Yii2 Redirect to previous page after update

I have a application where after update user should be redirected to previous page from pagination.
let's say there is a gridview and user is at page 3. Then he update some record at that page. There should be a redirect to index page 3. What if, while user is updating record, before save, he opens another controller/action in new tab. Then ReturnUrl is now that new action and after save the record he is updating, he is redirected to that new url.
I've tried to set in every action "index" Url::remember(); and then in action "update" - return $this->goBack().
Also return $this->redirect(Yii::$app->request->referrer);, but it stays at same page.
There is a way to store every index URL in session, but in large project that means many sessions.
You could provide the returnUrl to the link, say:
Url::to(['update','id'=>$model->url,'returnUrl'=> Yii::$app->request->url]);
Then in your controller, use $this->request->queryParams['returnUrl'] to redirect to the previousUrl.
To take it one step further, to always provide the returnUrl, you could extend the Url Helper class:
namespace app\helpers;
use yii\helpers;
class Url extends yii\helpers\Url
public function toRouteAndReturn($route, array $params = [], $scheme = false) {
$params['returnUrl'] = Yii::$app->request->url;
return parent::toRoute($route,$params,$scheme);
}
You could provide in your main config:
'on afterAction' => function($event) {
if(!Yii::$app->getResponse()->isSent && !empty(Yii::$app->getRequest()->queryParams['returnUrl']) {
Yii::$app->getResponse()->redirect(Yii::$app->getRequest()->queryParams['returnUrl']);
}
}
Then you could use app\helpers\Url::toRouteAndReturn() instead of yii\helpers\Url::toRoute() to have it return to the previous url.
You can try below Solution.
First in your index page, get current page url and encode it.
$current_url=base64_encode(\Yii::$app->request->getUrl());
Append this url with your update link as below.
'urlCreator' => function ($action, $model, $key, $index) use ($current_url) {
if ($action === 'update') {
$url = Yii::$app->request->baseUrl . '/controllerName/update?id=' . $model->id.'&prev='.$current_url;
return $url;
}
// ......
}
In Controller, in Update method decode url as below and use for redirection.
public function actionUpdate($id)
{
$model = $this->findModel($id);
$prev=base64_decode($_REQUEST['prev']);
// ......
return $this->redirect($prev); // you will redirect from where update method is called
// ......
}
Isn't it quite easy to pass page param into your update url (<model/update>) like <model>/update?id=<id>&page=<page>?
in your index.php view, edit your ActionColumn as follow:
[
'class' => 'yii\grid\ActionColumn',
'urlCreator' => function ($action, $model, $key, $index) {
return \yii\helpers\Url::to([$action, 'id' => $model->id, 'page' => Yii::$app->request->getQueryParam('page', null)]);
},
],
As you can see, I'm getting page param from request url and pass it to models' action buttons
And when you click to update model, the page that we entered from is stored/placed in url.
Controller:
public function actionUpdate($id, $page = null)
{
$model = $this->findModel($id);
...
if($model->save()) {
return $this->redirect(['index', 'page' => $page]);
}
...
}
Finally, after we successfully update the model, the action redirects us to previous index page.

CSRF field is missing when I embed my form with a requestAction in CakePHP 3

I want to embed a contact form in multiple places on my website.
I developed a contact form in a contact() function within my MessagesController.php:
// MessagesController.php
public function contact()
{
$this->set('title', 'Contact');
$message = $this->Messages->newEntity();
... // shortened for brevity
$this->set(compact('message'));
$this->set('_serialize', ['message']);
}
I loaded the CSRF component in the initialize() function of the AppController.php:
// AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
... // shortened for brevity
}
The form is rendered with a contact.ctp and it works fine.
I followed CakePHP's cookbook which suggests using requestAction() within an element, then echoing the element where I want it:
// contact_form.ctp
<?php
echo $this->requestAction(
['controller' => 'Messages', 'action' => 'contact']
);
?>
And:
// home.ctp
<?= $this->element('contact_form'); ?>
The problem is that the form is rendered fine, but the CSRF hidden field is missing. It should be automatically added to the form since the CSRF component is called in the AppController.php.
I guess either using an element with a requestAction() isn't the solution for this particular case, or I am doing something wrong.
Any ideas? Thanks in advance for the input!
Request parameters need to be passed manually
requestAction() uses a new \Cake\Network\Request instance, and it doesn't pass the _Token and _csrf parameters to it, so that's why things break.
While you could pass them yourself via the $extra argument, like
$this->requestAction(
['controller' => 'Messages', 'action' => 'contact'],
[
'_Token' => $this->request->param('_Token'),
'_csrf' => $this->request->param('_csrf')
]
);
Use a cell instead
I would suggest using a cell instead, which is way more lightweight than requesting an action, also it operates in the current request and thus will work with the CSRF component out of the box.
You'd pretty much just need to copy your controller action code (as far as the code is concerned that you are showing), and add a loadModel() call to load the Messages table, something like
src/View/Cell/ContactFormCell.php
namespace App\View\Cell;
use Cake\View\Cell;
class ContactFormCell extends Cell
{
public function display()
{
$this->loadModel('Messages');
$this->set('title', 'Contact');
$message = $this->Messages->newEntity();
// ... shortened for brevity
$this->set(compact('message'));
$this->set('_serialize', ['message']);
}
}
Create the form in the corresponding cell template
src/Template/Cell/ContactForm/display.ctp
<?php
echo $this->Form->create(
/* ... */,
// The URL needs to be set explicitly, as the form is being
// created in the context of the current request
['url' => ['controller' => 'Messages', 'action' => 'contact']]
);
// ...
And then wherever you want to place the form, just use <?= $this->cell('ContactForm') ?>.
See also
API > \Cake\Routing\RequestActionTrait::requestAction()
Cookbook > Views > Cells

YII : How to redirect in afterAction under component controller class "CController"

I need your help to resolve my issue. I'm stuck here from approx 3-4 hours.
I made custom roles and permissions to every user. I have executed the code under component controller class's function afterAction. But if user don't have the access of the clicked action then it should be redirect to error page. When i use redirect function it says Cannot modify header information - headers already sent. I will be highly thankful if anyone can help me out. Here is my code
if (isset(yii::app()->user->id)) {
$controller = yii::app()->controller->id;
$action = yii::app()->controller->action->id;
$noAuthControllerAction = array();
$noAuthControllerAction[] = 'site/index';
$controllerAction = $controller . '/' . $action;
if (!in_array($controllerAction, $noAuthControllerAction)) {
$isAllowed = $this->isAllowed($controller, $action);
if (!$isAllowed) {
$this->redirect(array('site/denied'));
}
}
}
parent::afterAction($action);
Always use accessRules() in your controller for roles and permissions for more information see Yii Documentation for authentication and authorization
In your controller
A basic role-based access control looks like this :
array('allow', // allow authenticated owner users to perform the following actions.
'actions' => array('sales', 'export', 'invoice', 'payment'),
'users' => array('#'),
'roles' => array('owner'),
),
A custom expression role-based access control looks like this : (This is what you need)
array('deny', // deny authenticated owner users to perform the following actions if store is not yet selected.
'actions' => array('sales', 'export', 'invoice', 'payment'),
'users' => array('#'),
'roles' => array('owner'),
'deniedCallback' => function() {
Yii::app()->controller->redirect(array('/store/location'));
},
'expression' => '!Yii::app()->user->isStoreSelected()',
),
'expression' is your rule, and if rule is not met then 'deniedCallback' will redirect you to desired 'controller/action' in this case '/store/location'.
Also don't use
$this->redirect(array('site/denied')) for error handling, instead use
throw new CHttpException(401,'Access denied.');
This is the right way to handle errors in Yii. If you want to customize your error page please refer to Error Handling
afterAction runs after action is rendered. This is the cause of your error.
Use beforeAction event for that. Do you know RBAC? RBAC can help you.
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control
You could use accessControl for limit action uses to roles.

Zend adding parameter to URL before generating view

The title might be misleading but I'm trying to do something very simple but cant figure it out.
Lets say I have a Question controller and show action and question id is the primary key with which I look up question details - so the URL looks like this
http://www.example.com/question/show/question_id/101
This works fine - So when the view is generated - the URL appears as shown above.
Now in the show action, what I want to do is, append the question title (which i get from database) to the URL - so when the view is generated - the URL shows up as
http://www.example.com/question/show/question_id/101/how-to-make-muffins
Its like on Stack overflow - if you take any question page - say
http://stackoverflow.com/questions/5451200/
and hit enter
The question title gets appended to the url as
http://stackoverflow.com/questions/5451200/make-seo-sensitive-url-avoid-id-zend-framework
Thanks a lot
You will have to add a custom route to your router, unless you can live with an url like:
www.example.com/question/show/question_id/101/{paramName}/how-to-make-muffins
You also, if you want to ensure that this parameter is always showing up, need to check if the parameter is set in the controller and issue a redirect if it is missing.
So, in your bootstrap file:
class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
{
public function _initRoutes ()
{
// Ensure that the FrontController has been bootstrapped:
$this->bootstrap('FrontController');
$fc = $this->getResource('FrontController');
/* #var $router Zend_Controller_Router_Rewrite */
$router = $fc->getRouter();
$router->addRoutes( array (
'question' => new Zend_Controller_Router_Route (
/* :controller and :action are special parameters, and corresponds to
* the controller and action that will be executed.
* We also say that we should have two additional parameters:
* :question_id and :title. Finally, we say that anything else in
* the url should be mapped by the standard {name}/{value}
*/
':controller/:action/:question_id/:title/*',
// This argument provides the default values for the route. We want
// to allow empty titles, so we set the default value to an empty
// string
array (
'controller' => 'question',
'action' => 'show',
'title' => ''
),
// This arguments contains the contraints for the route parameters.
// In this case, we say that question_id must consist of 1 or more
// digits and nothing else.
array (
'question_id' => '\d+'
)
)
));
}
}
Now that you have this route, you can use it in your views like so:
<?php echo $this->url(
array(
'question_id' => $this->question['id'],
'title' => $this->question['title']
),
'question'
);
// Will output something like: /question/show/123/my-question-title
?>
In your controller, you need to ensure that the title-parameter is set, or redirect to itself with the title set if not:
public function showAction ()
{
$question = $this->getQuestion($this->_getParam('question_id'));
if(!$this->_getParam('title', false)) {
$this->_helper->Redirector
->setCode(301) // Tell the client that this resource is permanently
// residing under the full URL
->gotoRouteAndExit(
array(
'question_id' => $question['id'],
'title' => $question['title']
)
);
}
[... Rest of your code ...]
}
This is done using a 301 redirect.
Fetch the question, filter out and/or replace URL-illegal characters, then construct the new URL. Pass it to the Redirector helper (in your controller: $this->_redirect($newURL);)