I built my own registration form and when I try to register users it doesn't react. Everything with FOSUserBundle works good. Also when I use the default FOSUserBundle registration form it works and it saves all the data in my table. Should I use only the default form from FOSUserBundle or what?
Here is my form that I made:
<form action="{{ path('fos_user_registration_register') }}" method="post">
<p>
<input type="text" name="name"/>
</p>
<p>
<input type="text" name="surname" />
</p>
<p>
<input type="text" name="email" />
</p>
<p>
<input type="password" name="password"/>
</p>
<p>
<input type="submit" name="submit" value="Sign up"/>
</p>
</form>
Read documentation how you can override registration controller if you need extend functionality. Or you can just override standard form to add additional fields.
You need to pass the registration form from the controller ( if you are overriding the controller ) to the view in order to have the csrf token available. Otherwise the form will not validate.
In order to overwrite FOSUserBundle's standard registration form use bundle inheritance.
Please read FOSUserBundle's documentation chapter Overriding Default FOSUserBundle Forms.
If you just want to add "name" and "surname" to your user entity, add the properties and the mapping information and afterwards add the fields to the overriden form class. then override the registration form template provided by FOSUserBundle if you need further changes in there.
Related
I've an aspx form with a form tag as below and this form tag contains some sensitive info with hidden fields
<form id="payment_confirmation" target="myFrame" action='https://testsecureacceptance.cybersource.com/embedded/pay' method="post"/>
<input type="hidden" name="access_key" value="sensitivevalue1">
<input type="hidden" name="profile_id" value="sensitivevalue2">
<input type="hidden" name="transaction_uuid" value="<% Response.Write(getUUID()); %>">
<input type="hidden" name="signed_field_names" value="sensitivevalue3">
<input type="hidden" name="unsigned_field_names" value="card_type,card_number,card_expiry_date">
<input type="hidden" name="signed_date_time" value="<% Response.Write(getUTCDateTime()); %>">
<input type="hidden" name="locale" value="en">
<input type="submit" id="submit" name="submit" value="Submit"/>
</form>
When i click "Submit" it successfully post the values and user is "redirected" into the "https://testsecureacceptance.cybersource.com/embedded/pay" form but those hidden fields values are exposed to users (when they inspect the page). I can encrypt them but is there any other way i can post values and redirect from backend where values will not be exposed to users?
Thanks
In short, no. Hidden fields are only hidden from view on the screen and will always be available be available when viewing the source of the page when you are using web forms like this. You can use the viewstate, which will encode the fields and make them harder to read, but if it is truly sensitive information, you will need to properly encrypt that information.
Hope that helps.
ASP.NET MVC Core if that makes any difference
Is there a simple way to disable some field validators in a model or view under certain cases?
Most information on the web looks to be from the ASP.NET Forms era.
I could not find too many things to try out but, this looks to not do the trick.
<label asp-for="Files.PromoImage" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="Files.PromoImage" class="form-control" />
#if (Model.Content.NewArticle)
{
<span asp-validation-for="Files.PromoImage" class="text-danger"></span>
}
</div>
<div class="col-md-8">
<div asp-validation-summary="ValidationSummary.All" class="text-danger"></div>
</div>
<input asp-for="Files.PromoImage"/> will generate validation span and data-required attribute if the PromoImage property is marked with the [Required] attribute. You can check the generated html in the browser.
The easiest way to achieve what you want is to remove the [Required] attribute in the model and have something like this in the view:
#if (Model.Content.NewArticle)
{
<input class="form-control" data-val="true"
data-val-required="The PromoImage field is required." name="Files.PromoImage"
placeholder="Promo Image" type="text" value="">
}
else
{
<input asp-for="Files.PromoImage" class="form-control"/>
}
Then again on the server, in your post action method, you have to do a manual validation for the PromoImage property.
Not so trivial but more elegant approach is to extend the MVC and jQuery validation with your own validation attribute and jQuery validator, e.g. [RequiredIf]. The API is slightly different in ASP.NET Core 1.0, but here is an example: Custom validation
I am using Plone 4.3 and the diazo bootstrap theme and want to use the site-search-form to pass the searchterms including two search-options to another site (catalog) via get method.
To achieve this I have modified the plone.searchbox template and changed some content of it:
<div id="portal-searchbox"
i18n:domain="plone"
tal:define="navigation_root_url view/navigation_root_url;
search_input_id view/search_input_id;">
<form id="searchGadget_form" method="get" enctype="application/x-www-form-urlencoded" accept-charset="utf-8" action="http://www.thecatalogadress.net/opensearch">
<div class="LSBox">
<input name="LOCATION"
type="hidden"
value="HAGENBIB" />
<input name="SG1.SG.HAGENBIB:SGHagenvk"
type="hidden"
value="on" />
<input name="QUERY_alAL"
type="text"
size="18"
value=""
title="Finden"
class="searchField" />
<input class="searchButton"
type="submit"
value="search"
i18n:attributes="value label_search;" />
<div class="LSResult" id="LSResult"><div class="LSShadow" id="LSShadow"></div></div>
</div>
</form>
</div>
By now the search term is passed, but the two input-options are not introduced in the URL thus the query in the catalog doesn't work.
The result I need as URL is http://www.thecatalogadress.net/opensearch?LOCATION=HAGENBIB&SG1.SG.HAGENBIB:SGHagenvk=on&QUERY_alAL=test
As I am new to plone I wanted to ask for a hint, where to look at or what to change in order to add the two input-options to the URL.
I think you're probably forgetting to add the proper ZCML directives for the override on the template take place.
Take a look at this tutorial on Overriding Viewlets.
Is there a opportunity to delete the div-container, which RoR creates ?
Input:
<%= form_for #user, :as => :user, :url => user_sign_in_path(#user) do |f| %>
<p>
Output:
<form accept-charset="UTF-8" action="/user/sign_in" class="new_user" id="new_user" method="post">
<div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓" /><input name="authenticity_token" type="hidden" value="MT0OhRtfupZvi28m7bFN31JdZXyiFCGisbENml4cdcg=" /></div>
<p>
<div style="margin:0;padding:0;display:inline">
I don't want that!
It's normal that there are two hidden-text-inputs?
<input name="utf8" type="hidden" value="✓" /><input name="authenticity_token" type="hidden" value="MT0OhRtfupZvi28m7bFN31JdZXyiFCGisbENml4cdcg=" />
This is default behavior of form_for. Here's an official explanation for this:
HTML contains something extra: a div element with two hidden input
elements inside. This div is important, because the form cannot be
successfully submitted without it. The first input element with name
utf8 enforces browsers to properly respect your form's character
encoding and is generated for all forms whether their actions are
"GET" or "POST". The second input element with name authenticity_token
is a security feature of Rails called cross-site request forgery
protection, and form helpers generate it for every non-GET form
(provided that this security feature is enabled).
You can read more about this in the Security Guide.
I am new in wordpress. I have an wordpress site where Admin can add post.But when he will add a post, a GET method submission should be also done to appspot http://jhal-muri.appspot.com/sendAll?emailId=emailid&mssg=msg .
How can I do that? I know that I have to change the add_post options in admin panel of wordpress But I don't know how to do.
For Wordpress
You can declare the form as POST. Then, construct your URL string as http://jhal-muri.appspot.com/sendAll?emailId=emailid&mssg=msg where emailId and mssg parameters will automatically become GET. The rest of the input names and values will become POST.
Sample Code
<form method="post" acion="http://jhal-muri.appspot.com/sendAll?emailId=emailid&mssg=msg">
<input type="text" value="" name="emailId" />
<input type="text" value="" name="msg" />
<input type="submit" name="submit" value="Send All" />
</form>