Log message #113383

# At Username Text
# Aug 9th 2008, 08:07 lqdice__ TheBig: ok that method can work then .. there is also a wizard component in the bakery if you are doing step-by-step forms and things like that
# Aug 9th 2008, 08:06 lqdice__ [TSK]: just remember you should always check the ID to make sure its valid if you are doing something like users editing something that is access protected.. cause ppl can in the add form inject an ID and force an edit.. what you can do to prevent this is also using security component (which can be a pain but makes your forms secure)
# Aug 9th 2008, 08:06 TheBig I've a user registration form, in case of success of registration you go to a page which contains a form for inviting people by mail
# Aug 9th 2008, 08:06 Wisp hello all
# Aug 9th 2008, 08:05 lqdice__ im asking what you are doing because you are probably reinventing the wheel
# Aug 9th 2008, 08:05 lqdice__ TheBig: are you making like a wizard?
# Aug 9th 2008, 08:05 TheBig and then check (and unset) at the second page...
# Aug 9th 2008, 08:05 kamalcom yes, the difference, is that the edit view contain a hidden input named id
# Aug 9th 2008, 08:04 TheBig lqdice__, it works fine, in user register, i make $this->Session->write('invite.allow', true');
# Aug 9th 2008, 08:04 [TSK] lqdice__: Ah. So, it WAS as simple as I'd thought, just not the exact means to go about it that I had thought from looking at the API docs. TYVM. :)
# Aug 9th 2008, 08:04 lqdice__ the add/edit view can be almost identical w/ the exception of the id field
# Aug 9th 2008, 08:04 lqdice__ [TSK]: $this->render('edit')
# Aug 9th 2008, 08:01 [TSK] Hi. I remember reading somewhere about re-using the edit view for the add action, but I cannot for the life of me find any information on this anymore. I suspected that it might be something simple like setting $this->view = "edit" in the add action, but that errors out, so I'm guessing that might not be it after all. So, my question is simply this. How do I choose an alternate view template other than the default from a particular ac
# Aug 9th 2008, 08:00 lqdice__ is it form submission?
# Aug 9th 2008, 08:00 lqdice__ what are you trying to do ?
# Aug 9th 2008, 07:58 TheBig So the best way is use session, of cuorse...
# Aug 9th 2008, 07:58 lqdice__ refer is a header sent by the client
# Aug 9th 2008, 07:57 NetersLandreau TheBig: initial research proves lqdice__ is correct.. do not trust referring page as reported by apache
# Aug 9th 2008, 07:57 kamalcom Hi francky06l
# Aug 9th 2008, 07:57 TheBig I've a registration page, after that you can invite people... Would like to prevent people using that page for spamming
# Aug 9th 2008, 07:56 francky06l Hi bakers
# Aug 9th 2008, 07:56 TheBig NetersLandreau, yes, is that what i'd like
# Aug 9th 2008, 07:54 Anon323 I have a form, one input. Saving to database works. Now I want to save the datetime in the database, but not having an datetime input field. how can I manipulate $this->data to add the datetime?
# Aug 9th 2008, 07:54 NetersLandreau hmm.. i guess i need to do some research on how apache sets the refering page.. i didn't realize you could fake it
# Aug 9th 2008, 07:52 cl0s_ yes true
# Aug 9th 2008, 07:52 lqdice__ otherwise they can go page1.. some other page.. page2 and it still works
# Aug 9th 2008, 07:51 lqdice__ but to guarantee they are coming from page1 you also need to unset the key if they go anywhere else
# Aug 9th 2008, 07:51 cl0s_ page1 - set the session... page2- check for the session if not there redirect to page 1 else execute code, delete the session..
# Aug 9th 2008, 07:51 lqdice__ there is very little you can do to guarantee that one page was sent from another.. what are you trying to do exactly?
# Aug 9th 2008, 07:49 cl0s_ yea i think a session would work best there.. but again thats not gauranteed..
# Aug 9th 2008, 07:49 lqdice__ its not guaranteed.. its sent by the user.. they can fake it and some browsers dont require sending it
# Aug 9th 2008, 07:48 lqdice__ refererr should not be used like that
# Aug 9th 2008, 07:48 NetersLandreau TheBig: check the referrer and only allow certain ones?
# Aug 9th 2008, 07:47 lqdice__ TheBig: its hard to guarantee that
# Aug 9th 2008, 07:47 TheBig btw, can I restrict the access to a page only if reached by an other page?
# Aug 9th 2008, 07:47 lqdice__ good morning :)
# Aug 9th 2008, 07:46 TheBig zeen. I was in doubt what I was able to use session only when logged, but simply I was storing empty data... :( me idiot :)
# Aug 9th 2008, 07:26 zeen punish me if i'm doing bad :)
# Aug 9th 2008, 07:25 zeen should be in there about sessions
# Aug 9th 2008, 07:23 TheBig like writing them in sessios, for example...
# Aug 9th 2008, 07:23 TheBig not using post or get