| # |
Aug 9th 2008, 08:08 |
TheBig |
I always use to go to the bakery early in the morning, I always find fresh brioches :) |
| # |
Aug 9th 2008, 08:08 |
Wisp |
http://bin.cakephp.org/view/1951625533 |
| # |
Aug 9th 2008, 08:07 |
TheBig |
right, I'll check it... |
| # |
Aug 9th 2008, 08:07 |
[TSK] |
lqdice__: Indeed. I don't just check the ID. I tend to lean to the paranoid side and check EVERYTHING which might be risky, and aye. I do use the security component. Like it a lot. :) |
| # |
Aug 9th 2008, 08:07 |
lqdice__ |
TheBig: ok that method can work then .. there is also a wizard component in the bakery if you are doing step-by-step forms and things like that |
| # |
Aug 9th 2008, 08:06 |
lqdice__ |
[TSK]: just remember you should always check the ID to make sure its valid if you are doing something like users editing something that is access protected.. cause ppl can in the add form inject an ID and force an edit.. what you can do to prevent this is also using security component (which can be a pain but makes your forms secure) |
| # |
Aug 9th 2008, 08:06 |
TheBig |
I've a user registration form, in case of success of registration you go to a page which contains a form for inviting people by mail |
| # |
Aug 9th 2008, 08:06 |
Wisp |
hello all |
| # |
Aug 9th 2008, 08:05 |
lqdice__ |
im asking what you are doing because you are probably reinventing the wheel |
| # |
Aug 9th 2008, 08:05 |
lqdice__ |
TheBig: are you making like a wizard? |
| # |
Aug 9th 2008, 08:05 |
TheBig |
and then check (and unset) at the second page... |
| # |
Aug 9th 2008, 08:05 |
kamalcom |
yes, the difference, is that the edit view contain a hidden input named id |
| # |
Aug 9th 2008, 08:04 |
TheBig |
lqdice__, it works fine, in user register, i make $this->Session->write('invite.allow', true'); |
| # |
Aug 9th 2008, 08:04 |
[TSK] |
lqdice__: Ah. So, it WAS as simple as I'd thought, just not the exact means to go about it that I had thought from looking at the API docs. TYVM. :) |
| # |
Aug 9th 2008, 08:04 |
lqdice__ |
the add/edit view can be almost identical w/ the exception of the id field |
| # |
Aug 9th 2008, 08:04 |
lqdice__ |
[TSK]: $this->render('edit') |
| # |
Aug 9th 2008, 08:01 |
[TSK] |
Hi. I remember reading somewhere about re-using the edit view for the add action, but I cannot for the life of me find any information on this anymore. I suspected that it might be something simple like setting $this->view = "edit" in the add action, but that errors out, so I'm guessing that might not be it after all. So, my question is simply this. How do I choose an alternate view template other than the default from a particular ac |
| # |
Aug 9th 2008, 08:00 |
lqdice__ |
is it form submission? |
| # |
Aug 9th 2008, 08:00 |
lqdice__ |
what are you trying to do ? |
| # |
Aug 9th 2008, 07:58 |
TheBig |
So the best way is use session, of cuorse... |
| # |
Aug 9th 2008, 07:58 |
lqdice__ |
refer is a header sent by the client |
| # |
Aug 9th 2008, 07:57 |
NetersLandreau |
TheBig: initial research proves lqdice__ is correct.. do not trust referring page as reported by apache |
| # |
Aug 9th 2008, 07:57 |
kamalcom |
Hi francky06l |
| # |
Aug 9th 2008, 07:57 |
TheBig |
I've a registration page, after that you can invite people... Would like to prevent people using that page for spamming |
| # |
Aug 9th 2008, 07:56 |
francky06l |
Hi bakers |
| # |
Aug 9th 2008, 07:56 |
TheBig |
NetersLandreau, yes, is that what i'd like |
| # |
Aug 9th 2008, 07:54 |
Anon323 |
I have a form, one input. Saving to database works. Now I want to save the datetime in the database, but not having an datetime input field. how can I manipulate $this->data to add the datetime? |
| # |
Aug 9th 2008, 07:54 |
NetersLandreau |
hmm.. i guess i need to do some research on how apache sets the refering page.. i didn't realize you could fake it |
| # |
Aug 9th 2008, 07:52 |
cl0s_ |
yes true |
| # |
Aug 9th 2008, 07:52 |
lqdice__ |
otherwise they can go page1.. some other page.. page2 and it still works |
| # |
Aug 9th 2008, 07:51 |
lqdice__ |
but to guarantee they are coming from page1 you also need to unset the key if they go anywhere else |
| # |
Aug 9th 2008, 07:51 |
cl0s_ |
page1 - set the session... page2- check for the session if not there redirect to page 1 else execute code, delete the session.. |
| # |
Aug 9th 2008, 07:51 |
lqdice__ |
there is very little you can do to guarantee that one page was sent from another.. what are you trying to do exactly? |
| # |
Aug 9th 2008, 07:49 |
cl0s_ |
yea i think a session would work best there.. but again thats not gauranteed.. |
| # |
Aug 9th 2008, 07:49 |
lqdice__ |
its not guaranteed.. its sent by the user.. they can fake it and some browsers dont require sending it |
| # |
Aug 9th 2008, 07:48 |
lqdice__ |
refererr should not be used like that |
| # |
Aug 9th 2008, 07:48 |
NetersLandreau |
TheBig: check the referrer and only allow certain ones? |
| # |
Aug 9th 2008, 07:47 |
lqdice__ |
TheBig: its hard to guarantee that |
| # |
Aug 9th 2008, 07:47 |
TheBig |
btw, can I restrict the access to a page only if reached by an other page? |
| # |
Aug 9th 2008, 07:47 |
lqdice__ |
good morning :) |
| # |
Aug 9th 2008, 07:46 |
TheBig |
zeen. I was in doubt what I was able to use session only when logged, but simply I was storing empty data... :( me idiot :) |