Jump to:

22979 Posts in 11815 Topics by 2826 members

General Questions

SilverStripe Forums » General Questions » Server-side validation of the comment form

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1937 Views
  • Bert
    Avatar
    Community Member
    19 Posts

    Server-side validation of the comment form Link to this post

    Is it possible to enable server-side validation for the comment form? Except for the optional captcha, as far as I can tell it now only relies on client-side validation with JavaScript. Since that is easily turned off, somebody can keep flooding the comments with empty user names and blank comments.

  • Codetapper
    Avatar
    Community Member
    8 Posts

    Re: Server-side validation of the comment form Link to this post

    I completely agree. A site I have made has been hit by people submitting or posting forms from outside of the interface, there seems to be no documentation at all on how to make the response on the server side look through the form, and send the user back to the form with the stuff they typed in already visible and an error message at the top.

    The few examples on here assume the form was correct, post to the database, send an email, then redirect to a congratulations type message! Come on people, post a decent example for the rest of us.

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Server-side validation of the comment form Link to this post

    there seems to be no documentation at all on how to make the response on the server side look through the form, and send the user back to the form with the stuff they typed in already visible and an error message at the top.

    If you pass a RequiredFields object to a form http://doc.silverstripe.org/doku.php?id=tutorial:3-forms&s=requiredfields#form_validation then SilverStripe with handle both the Server Side and Client Side validation.

    As well as server side handling you can pass an error message back to the form by calling the method addErrorMessage() to your form object with the error message and then a redirect back.

    function doSomeForm($data, $form) {
    ...
    // 1st parameter is the field name you want the message to appear above.
    // Message is included by default at the top of the form
    $form->addErrorMessage('Message', 'This is an error message');
    return Director::redirectBack();
    ...

    Bert - good point with the server side validation. Not sure why this is missing. The comments system is due for a refactor including being changed into jquery for 2.5 and I would love to see comments spun out into a separate module. This issue is being tracked - http://open.silverstripe.org/ticket/2782

  • Hankster
    Avatar
    Community Member
    14 Posts

    Re: Server-side validation of the comment form Link to this post

    I don't like dredging up an old thread, but this one captures, the same issue that I'm dealing with. We are using the RequiredFields with our form, as you suggest, Willr, but people who have scripting turned off in the browser are still able to submit blank forms. Any other ideas how to make this work without having to wait until 2.4.0 is released? Any good examples out there?

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Server-side validation of the comment form Link to this post

    Hankster - if you use RequiredFields it should implement both client side validation and server side validation. Comment form doesn't as it doesn't use the RequiredFields and instead does its own thing but on any form which does use RequiredFields.

  • Hankster
    Avatar
    Community Member
    14 Posts

    Re: Server-side validation of the comment form Link to this post

    I can't seem to make that work. If I turn off scripting in either IE or Firefox, the form submits without error and the email is sent. I'm using 2.3.6.

    My code looks like this:

    <?php
    /**
    * Defines the TestContactForm page type
    */

    class TestContactForm extends Page
    {
    }

    class TestContactForm_Controller extends Page_Controller
    {

       function Form()
       {
          $fields = new FieldSet
          (
             new TextField( "name", "Name:", "", 100 ),
             new EmailField( "email", "Email:", "", 100 ),
             new TextField( "asunto", "Subject:", "", 100 ),
             new TextareaField( "comment", "Comment:", 5, 50 )
       );

        // Create actions
          $actions = new FieldSet(
             new FormAction('submit', 'Enviar')
          );

          //Create validator
           $validator = new RequiredFields('name', 'email', 'asunto', 'comment');

           return new Form($this, "ProcessForm", $fields, $actions, $validator);
       }

       ///////////////////////////////////////////////////////////////////////////////
       function ProcessForm()
       {
          //setup fixed addresses
          $toHenry = "henry@mydomain.org";

          //set email subject line
          $subject = "New test email";
          
          
             $email = new Email();
             $email->to = $toHenry ;
             $email->subject = $subject. ' - testing';
             $email->from = $toHenry ;
             $email->setTemplate("ContactPageEmail");
             $email->populateTemplate($data);
             $email->send();

          
          Director::redirectBack();
       }

    }

    ?>

    This works fine when client side scripting is allowed. Any ideas as to what I'm doing wrong?

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Server-side validation of the comment form Link to this post

    In your form code your action is pointing to a submit function but you have no submit function, instead ProcessForm.

    You need to make the following changes...

    return new Form($this, "Form", $fields, $actions, $validator);

    This is the name of the function of your form, not the process function. So change ProcessForm to Form like above

    function ProcessForm()

    Should be

    function submit($data, $form)

    As your form action points to a 'submit' function. You also need $data for the data and $form as parameters in your process function.

  • Hankster
    Avatar
    Community Member
    14 Posts

    Re: Server-side validation of the comment form Link to this post

    I was soo close, but yet so far. That works beautifully.

    Thanks, Willr!

    1937 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.