Jump to:

23370 Posts in 18160 Topics by 2864 members

General Questions

SilverStripe Forums » General Questions » Store session inside Controller

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 271 Views
  • folibis
    Avatar
    Community Member
    10 Posts

    Store session inside Controller Link to this post

    http://www.sspaste.com/paste/show/529d15c90b2f7

    I have a Controller with 2 functions - PostForm() and doPost(), to show form and to handle POST action accordingly. In my form I want to add my own field, something like captcha. I store current time in session and add this value to the form as hidden field.
    After posting the form I compare session and POST values. But in my case these values always different. After some logging I found that after posting the form, PostForm() called just before doPost() to obtain form fields, I guess, so my session value rewrited.
    And my question - how can I avoid this behavior? To store session in some private place? or to add condition based on URL?
    All advices are welcome!

  • Devlin
    Avatar
    Community Member
    215 Posts

    Re: Store session inside Controller Link to this post

    First, the submit method won't be called unless all fields are validated... So the your goal should be to create a new MyCaptchaField class and add your logic and validation there.

    Something like:

    class MyCaptchaField extends HiddenField {
       function FieldHolder() {
          $field = parent::FieldHolder();
          // add logic
          return $field;
       }

       function validate($validator) {
          // add logic
          return true;
       }
    }

    Or to avoid your issue, you'll need to check if the field has a value of your previous form submit first.

    $captchaField = new HiddenField("captcha");
    if (!$captchaField->Value()) {
       $captcha = time();
       Session::set('captcha',$captcha);
       $captchaField->setValue($captcha);
    }

    But I've to advise to you, that what you're trying to accomplish is already covered by the security token... which you disabled.

  • folibis
    Avatar
    Community Member
    10 Posts

    Re: Store session inside Controller Link to this post

    Thank you Devlin for you interest.
    In my case security token is not enough just because is it not difficult to parse it by some spam engine. I want to disallow comments posted in 60 sec after page was loaded. so I store time in session and check it on form sibmittion. Hidden field here is not so necessary, just one more verification.
    Let's say there is no hidden field, just session.

  • folibis
    Avatar
    Community Member
    10 Posts

    Re: Store session inside Controller Link to this post

    Ok, I did it with dirty hack:

    public function PostForm() {
    if(strpos($_SERVER["REQUEST_URI"],"PostForm") === false) {
    Session::set("captcha",$captcha);
    }
    ...
    }

    271 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.