02-01-2019, 12:24 PM
(02-01-2019, 03:29 AM)TheCj Wrote: Hi,Hi from Florida! It's kind of funny because I haven't been asked that question in a while, but I just answered it yesterday.
Just a quick one, would anyone know the best way if using the form builder to include the UserId/UserName (automatically) as a hidden field of the account that submitted the form, ideally not something that someone could use the dev tools in Chrome etc to spoof/change.
What I am basically trying to do is to use the stripe subscription system to allow paying users (have not implemented this yet) to add entries to the database.
From their account on a separate page they will then be able to find their own entries and edit/update/delete them should they have a need.
The latter I imagine would be easy based on pulling a list database queries based on their UserName/UserId etc.
If I have to manually create a form then no problem, just trying to avoid re-inventing the wheel in case this is already built in and I am missing something.
Have had a look in the forms.php and imagine I can add the required function in there BUT as embedded C programmer rather than PHP, I want to make sure I am not opening some vunerability up with that so treading very carefully.
Also there appears to be a bug on the Form Creator, setting the Radio buttons as required is ignored and has no required==1 value unlike the checkbox function.
Thanks as always from the UK
Chris
So regarding the other things like sticking more info in secretly, there are ways to do that.
So basically, you can create the other form fields that you want to create normally and then you go to the views thing and make a "view" of just the form fields that you actually want to show. The instead of displaying the form, you display the view.
So one of the things with doing hidden form fields is that the user can change them in the chrome inspector. They can't do that with the "logged in" info that you have when someone logs in. So I'll give you a quick example. Let's say that you want to store the username.
Add a field with the column name username
Don't show that column in the view
Display the view.
Then when you do the form processing do...
if(!empty($_POST)){
$response = preProcessForm();
if($response['form_valid'] == true){
$response['fields']['username']=$user->data()->username;
$response = postProcessForm();
}
}
This is pulling in the username from the database instead of anything that they can alter. In fact, you can refer to any item in the users table with $user->data()->columNameFromTheDatabase
Anyway, please don't hesitate to ask for help if anything doesn't make sense.