This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Is it possible to enable server-side validation for the comment form? Except for the optional captcha, as far as I can tell it now only relies on client-side validation with JavaScript. Since that is easily turned off, somebody can keep flooding the comments with empty user names and blank comments.
I completely agree. A site I have made has been hit by people submitting or posting forms from outside of the interface, there seems to be no documentation at all on how to make the response on the server side look through the form, and send the user back to the form with the stuff they typed in already visible and an error message at the top.
The few examples on here assume the form was correct, post to the database, send an email, then redirect to a congratulations type message! Come on people, post a decent example for the rest of us.
there seems to be no documentation at all on how to make the response on the server side look through the form, and send the user back to the form with the stuff they typed in already visible and an error message at the top.
If you pass a RequiredFields object to a form http://doc.silverstripe.org/doku.php?id=tutorial:3-forms&s=requiredfields#form_validation then SilverStripe with handle both the Server Side and Client Side validation.
As well as server side handling you can pass an error message back to the form by calling the method addErrorMessage() to your form object with the error message and then a redirect back.
function doSomeForm($data, $form) {
...
// 1st parameter is the field name you want the message to appear above.
// Message is included by default at the top of the form
$form->addErrorMessage('Message', 'This is an error message');
return Director::redirectBack();
...Bert - good point with the server side validation. Not sure why this is missing. The comments system is due for a refactor including being changed into jquery for 2.5 and I would love to see comments spun out into a separate module. This issue is being tracked - http://open.silverstripe.org/ticket/2782
I don't like dredging up an old thread, but this one captures, the same issue that I'm dealing with. We are using the RequiredFields with our form, as you suggest, Willr, but people who have scripting turned off in the browser are still able to submit blank forms. Any other ideas how to make this work without having to wait until 2.4.0 is released? Any good examples out there?
Hankster - if you use RequiredFields it should implement both client side validation and server side validation. Comment form doesn't as it doesn't use the RequiredFields and instead does its own thing but on any form which does use RequiredFields.
I can't seem to make that work. If I turn off scripting in either IE or Firefox, the form submits without error and the email is sent. I'm using 2.3.6.
My code looks like this:
<?php
/**
* Defines the TestContactForm page type
*/
class TestContactForm extends Page
{
}
class TestContactForm_Controller extends Page_Controller
{
function Form()
{
$fields = new FieldSet
(
new TextField( "name", "Name:", "", 100 ),
new EmailField( "email", "Email:", "", 100 ),
new TextField( "asunto", "Subject:", "", 100 ),
new TextareaField( "comment", "Comment:", 5, 50 )
);
// Create actions
$actions = new FieldSet(
new FormAction('submit', 'Enviar')
);
//Create validator
$validator = new RequiredFields('name', 'email', 'asunto', 'comment');
return new Form($this, "ProcessForm", $fields, $actions, $validator);
}
///////////////////////////////////////////////////////////////////////////////
function ProcessForm()
{
//setup fixed addresses
$toHenry = "henry@mydomain.org";
//set email subject line
$subject = "New test email";
$email = new Email();
$email->to = $toHenry ;
$email->subject = $subject. ' - testing';
$email->from = $toHenry ;
$email->setTemplate("ContactPageEmail");
$email->populateTemplate($data);
$email->send();
Director::redirectBack();
}
}
?>This works fine when client side scripting is allowed. Any ideas as to what I'm doing wrong?
In your form code your action is pointing to a submit function but you have no submit function, instead ProcessForm.
You need to make the following changes...
return new Form($this, "Form", $fields, $actions, $validator); This is the name of the function of your form, not the process function. So change ProcessForm to Form like above
function ProcessForm() Should be
function submit($data, $form) As your form action points to a 'submit' function. You also need $data for the data and $form as parameters in your process function.
I was soo close, but yet so far. That works beautifully.
Thanks, Willr!
