How do we validate signup fields server-side?

Discussion in 'aMember Pro v.4' started by maximize, Jun 5, 2012.

  1. maximize

    maximize Member

    Joined:
    Mar 5, 2007
    Messages:
    108
    I'd like to do some additional validation with a custom function on signup field data on the server-side, not client-side javascript. I don't see a way to do that except using the userBeforeInsert hook. But, that doesn't seem right to me. Its not clear how to add validation rules to HTML_QF2. Can anyone point me in the right direction?

    Thanks
    maximize, Jun 5, 2012
    #1
  2. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,279
    You should use onValidateSavedForm event. It accepts signup form values and form itself.
    And it is called when signup form is being validated:
    $event = new Am_Event_ValidateSavedForm($this->form->getValue(), $this->form);
    Am_Di::getInstance()->hook->call($event);
    if ($errors = $event->getErrors())
    {
    $this->form->setError($errors[0]);
    return false;
    }
    return true;
    alexander, Jun 6, 2012
    #2
  3. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    site.php code
    PHP:
    // note - this works for both signup and profile forms
    function myValidateSavedForm(Am_Event_ValidateSavedForm $event)
    {
               $vars $event->getForm()->getValue(); // all form vars as array
               if ($vars['login'] == 'hacker')
                     $event->addError('We do not allow haCkerZ to signup');
    }
    Am_Di::getInstance()->hook->add(Am_Event::VALIDATE_SAVED_FORM'myValidateSavedForm');
     
    alex, Jun 6, 2012
    #3
  4. maximize

    maximize Member

    Joined:
    Mar 5, 2007
    Messages:
    108
    Thank you... Using $event->getForm()->isSignup() is the best way to know which form I'm validating? I have a situation where I only want to validate the signup form and not the profile form for fraud detection.
    maximize, Jun 6, 2012
    #4
  5. alex

    alex aMember Pro Customer Staff Member

    Joined:
    Jan 24, 2004
    Messages:
    6,021
    right condition for this case is
    PHP:
    if (! $event->getForm() instanceof Am_Form_Signup) return;
    alex, Jun 6, 2012
    #5
  6. maximize

    maximize Member

    Joined:
    Mar 5, 2007
    Messages:
    108
    Perfect, thank you
    maximize, Jun 6, 2012
    #6
  7. bfritton

    bfritton Certified aMember Developer

    Joined:
    Oct 26, 2009
    Messages:
    54
    If you are writing your own module or enhancing another to provide post-submit form validation, this code works well. It lets you iterate through an array of disallowed characters for any of the form vars you choose.

    PHP:
    /**
        * Checks certain signup variables to ensure they do not contain
        * invalid or disallowed characters.
        *
        * @param Am_Event_ValidateSavedForm $event
        * @return array $err|null
        */
            function onValidateSavedForm(Am_Event_ValidateSavedForm $event){
                $vars $event->getForm()->getValue();
     
                // If form vars don't contain a 'pass' element, skip over validation
                if (!array_key_exists('pass'$vars)) {
                return;
            }
     
                $err '';
                // Check password
                $disallowedChars = array('&''\'''"''>''<');
            foreach (    $disallowedChars as $disallowed) {
                if(    strpos($vars['pass'], $disallowed) !== false){
                        $err .= "<br />Password may not contain character: ".$disallowed;
                }
            }
                // If there is at least one error, add it so the form returns with the error
                if ($err) {
                    $event->addError($err);
            }
        }
    bfritton, Dec 21, 2012
    #7

Share This Page