I will add a honeypot-field to the devise registration form (as a simple captcha). Where is the best place to check if data has been entered into this field?
If a bot has entered something into this field, he should be sent back to the index page without notification. As I am still far from being fluent in Rails, it would be helpful to see the syntax for this too.
I think the best place to do that is at the model, because it may be a business logic to accept only records from "verified humans".
You can create a validation method that does this:
class Comment < ActiveRecord::Base
validate :honeypot_absence
def honeypot_absence
record.errors.add :invisible_field, "You should not fill the invisible field" unless invisible.field.blank?
end
end
I had a similar issue with bots signing up via my Devise registration form so tackled it by doing the following:
Added a simple honeypot input to the view. (You will have needed to generate the views before you can do this - rails generate devise:views)
# app/views/devise/registrations/new.html.erb
<div class="form__honeypot">
If you see this, leave it blank. Only bots should see this
<input type="text" name="body" value="" />
</div>
Hid the field using CSS.
.form {
position: relative;
&__honeypot {
position: absolute;
visibility: hidden;
left: -5000px;
top: -5000px;
}
}
Generate the Devise controllers so you can tap into the create method.
rails g devise:controllers users -c=registrations
You can generate them all or just the one you need using the -c flag.
In the newly generated controller, added the following code:
# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_action :configure_sign_up_params, only: [:create]
def create
if params[:body].present?
return redirect_to root_path
end
super
end
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:body])
end
end
Essentially this is going to redirect anyone (hopefully bots), who populate the hidden field on the form, back to the root_url
Finally in the routes.rb, added the line let Devise know to use our generated controller to handle registrations.
# config/routes.rb
Rails.application.routes.draw do
devise_for :users, controllers: { registrations: 'users/registrations' }
end
Related
Sorry about quite silly question but after several days of searching I still don't have the answer and I'm realy stackoverfloved about it.
I have refinerycms extension. Like this:
$ rails generate refinery:engine shop name:string logo:image
I want it to be controlled from both backend and frontend of my application.
Have no problems with backend. (Thank you for refinerycms team.)
Have no problems with frontend when the form contains only "name". (Or any other attribute that doesn't have image type).
Have problems with image type attributes.
I don't want frontend user to have the same image editing form as backend users does.
I want the form to be smth like this:
<div class='field'>
<%= f.label :logo , "Logo"%>
<%= f.file_field :logo %>
</div>
And I want images loaded by frontend user to be saved with Refinery::Image.
I bet the problem is only in my frontend controller create action for shops, but I have no clue how it should be overwritten.
Thanks a lot for any suggestion.
In the controller, you will have to pass the 'logo' param to the model as a Refinery::Image instance. To do so, you create an instance of Refinery::Image and merge it to the model.
Example:
logo = Refinery::Image.create(image: params[:shop][:logo])
#shop = Refinery::Shops::Shop.create(params[:shop].merge({logo: logo}))
I have FE form with file_field (:logo) on FE and in my normal controller (not the admin one) I have this method to handle params from request:
def model_params
permitted = params.require(:model).permit!
permitted[:logo] = Refinery::Image.create(image: permitted[:logo])
return permitted
end
to permits params and create image form file.
And then in my create method:
def create
if (#new_beer = ::Refinery::Models::Model.create(model_params))
#do some stuff when it succeeds to create it
redirect_to SOMEWHERE
else
redirect_to SOMEWHERE, notice: "Something went wrong!"
end
end
Hope it can help! :)
I have a simple search form I want to reuse across multiple pages in my codeigniter application. For example, right now I have a search form in the sidebar and I'm planning on displaying that sidebar on the index, about, and other pages.
I want to have the form validation display errors on the same page the users submits the form from.
For example:
User is on About page.
User submits form with invalid data
User sees error in the sidebar on the About page
and
User is on Index page.
User submits form with invalid data
User sees error in the sidebar on the Index page
But I'd like to reuse that form validation logic. I just want it to display the error on whichever page the user posted from.
Any ideas how to do that? Sorry for the noob question, I'm pretty new to CI.
Here you have to think globally.
Step.1 : Make one view file : display.php
which contains :
<div id = "main">
<div id = "header">
[load header file here]
</div>
<?php
if(validation_errors() != '') {
?>
<div id = "error">
<?=validation_errors()?>
</div>
<?php
}
?>
<div id = "content">
<?=$page?>
</div>
<div id = "footer">
[load footer file here]
</div>
</div>
Step.2 : About us Page.(controlller)
.... Your data ....
at end of controller function
$data['page'] = 'aboutus';
$this->load->view('display',$data);
With regards to your comment on the above question you could use Flash data
With the assumption that you have the session library loaded, here is a helper function.
function last_page($page = null){
$ci = get_instance();
if($page === null)
return $ci->session->flashdata('last_page');
$ci->session->set_flashdata('last_page', $page);
}
then you can call last_page('about'); at the top of the about page, and then when you want to find out what the last page you were on was you can just call last_page(); with no params.
In the User Guide, there's different ways to configure sets/groups of rules. Then you can simply have something like:
if ($this->form_validation->run('signup') == FALSE)
{
$this->load->view('myform');
}
else
{
$this->load->view('formsuccess');
}
Which will run your "signup" group of validations. To me, this is the cleanest way to achieve reusable validation rules.
This is a perfectly valid question.
I'm not a PHP expert, nor a CI expert, but the fact is sometimes you want to post to a controller that didn't create the view from which you're posting. Which means posting back to itself is not going to work.
I came across this post on the Ellislab forum:
http://ellislab.com/forums/viewthread/217176/
On this page, There are 2 methods of going about it. Both of which use flashdata and both of which are totally valid, IMHO.
The first: create a helper function
http://ellislab.com/forums/viewreply/1003010/
The second: extend the CI_Form_Validation Class.
http://ellislab.com/forums/viewreply/1047536/
The second is the way I went as it seems cleanest although some may argue whether the form validation class should know anything about flash data.
I am using an application (a blog) written using the CodeIgniter framework and would like to search my blog from my browsers location bar by adding a string to the end of my blogs url like this:
http://mysite.com/blog/index.php/search...
As you can see in the example above I am not really sure how to format the rest of the url after the search part so I am hoping someone here might be able to point me in the right direction.
This is what the form looks like for the search box if that helps at all.
form class="searchform" action="http://mysite.com/blog/index.php/search" method="post">
<input id="searchtext" class="search_input" type="text" value="" name="searchtext">
<input type="submit" value="Search" name="Search">
</form>
Thx,
Mark
Since your form is posting to http://mysite.com/blog/index.php/search, I'm assuming this 'search' controller's default function is the one your are attempting to submit your data to. I think that the easiest way to do this would be to just grab the post data inside of the controller method you're posting to. Example:
function search()
{
$search_params = $this->input->post('search_text');
}
Then you would have whatever the user input stored as $search_params, and you can take actions from there. Am I misunderstanding what you're asking?
It seems like you're kind of discussing two different approaches. If you wanted to make a request to
mysite.com/blog/index.php/search&q=what_I_am_looking_for
This is going to call the search controllers default method (which is index by default). If you wanted to use the URL to pass parameters like that you would go to your function in the search controller and do:
print_r($this->input->get('q'));
This will print out "what_am_I_looking_for".
An easier approach in my opinion would be to:
1. Create a view called "search_view" with the HTML content you pasted above, and have the form "action" http://www.mysite.com/blog/index.php/test/search
Create a controller called "Test" that looks like the following:
class Test extends CI_Controller {
function search()
{
$search = $this->input->post('searchtext');
print_r($search);
}
public function display_search()
{
$this->load->view('search_view');
}
}
Visit http://www.mysite.com/blog/index.php/test/display_search in your browser. This should present you with the form you placed in search_view.php. Once the form is submitted, you should be sent to the search function and print out the variable $search, which will have whatever text you submitted on that form.
If this isn't what you were looking for then I am afraid I do not understand your question.
I am rather new to MVC applications, and one thing I am trying to accomplish is enabling or disabling stylesheets based on a Session value.
I have stylesheets referenced in my Site.Master page in this manner:
<%=Html.Stylesheet("~/styles/main.css", "string")%>
<%=Html.Stylesheet("~/styles/additions.css", "string")%>
Right now, for testing, I have been putting an if statement around the Html.Stylesheet tags saying:
<% if (Session["cssRule"] = "enableCss") { %>
<%=Html.Stylesheet("~/styles/main.css", "screen")%>
<%=Html.Stylesheet("~/styles/additions.css", "screen")%>
<%} %>
So if the 'cssRule' Session value is null, no CSS loads. Currently this is working fine, but it is not exactly what I am looking for. Right now I set the Session value in the Controller when the user logs in, but ultimately I need to set the value of the Session variable depending on if a user clicks the enable or disable button. Since I have been primarily using webforms for the past year and a half, I just want to drop a hyperlink and set an event for it, but alas, this is the future of MVC so I need to figure out how I can do something like this..
So my real question is how can I set the Session of the "cssRule" value by clicking a link using MVC?
I'll assume you want to use a standard link (not ajax) and that your main view is Index
Just add a method in your controller (pseudocode)
public ActionResult ToggleCSS()
{
if (Session["cssRule"] != null && Session["cssRule"] == "enableCSS")
{
Session["cssRule"] = "disableCSS";
}
else
{
Session["cssRule"] = "enableCSS";
}
return View("Index");
}
Then in your view, use
<%= Html.ActionLink("ToggleCSS", "ControllerName") %>
You can use lots of fancy different methods to obtain the same result; use ajax and relaod the page, or not, or redirect to a page listing css files to apply, etc... but this one should work :)
I've created custom form using FAPI for my site. And I place each control at specific location base on template provided by the designer. For instance -
<div id="myform">
<span>Enter Your Name : </span> <?php print drupal_render($form['name']); ?>
<span>Gender : </span><?php print drupal_render($form['gender_radio']); ?>
....
</div>
<?php print drupal_render($form['submit']); ?>
Here's my question - How do I enclose all the elements inside form tag? Is hardcoding the form tag inside the template file right way to do in drupal? or is it better to create in hook_form? But doing so would require me to add closing form tag at the end manually. Any suggestion would be highly appreciated.
Drupal - 6.x
It sounds like maybe you read about building individual fields, but skipped over some basic concepts of FAPI. In short, if you call the form with drupal_get_form(), you get the form container (and many of the benefits of using FAPI, e.g. tokens, validation, etc.) automatically. To handle the markup that goes around your form elements, you can then use #prefix, #suffix, and markup elements.
You can assemble the whole form from the outside in like you're doing, but there are few cases in which that would really be worthwhile. If you really want to do that, you basically want to copy what drupal_get_form() does to get the form wrapper added in a way that will work with FAPI.