custom transaction and date validation

Any tips and tricks that has to with the ADDT that doesn't fit into one of the other categories
piripacchio
Posts: 37
Joined: 2010-04-28 08:34

custom transaction and date validation

Post by piripacchio » 2015-09-11 16:49

[hope there is still someone using MX Kollection or Addt...!]
Hi all,
I have problems trying how to figure how to check for inserted value in a custom transaction.
In this transaction I have a date field.
The entered date have to conform to this restrictions:
- the entered date must be 7 days before the current date;
- the entered date must be less than 15 november 2015.

I created this variable in php:

Code: Select all

$mydate = KT_formatDate(date("Y-m-d", time() - 60*60*24*8));
then I changed this validation rule:

Code: Select all

$formValidation->addField("date_entered", true, "date", "date", "", "", "myerror");
to

Code: Select all

$formValidation->addField("date_entered", true, "date", "date", "", $mydate, "myerror");
This works as I expected but now how can add the other check (the entered date should be less than 15 november 2015)?

Thanks in advance for any help.

tony

User avatar
Fred
Site Admin
Posts: 491
Joined: 2010-02-15 12:10
Location: Armagh, Northern Ireland
Contact:

Re: custom transaction and date validation

Post by Fred » 2015-09-12 15:47

Hi Tony,
have you looked at the "Throw Error" behaviour?
You can access any of your variables and the build a condition that can validate as many values as you want.

piripacchio
Posts: 37
Joined: 2010-04-28 08:34

Re: custom transaction and date validation

Post by piripacchio » 2015-10-12 12:01

Hi Fred,
sorry to be late.
At last I used the throw error behaviour, as you suggested. Thank you very much.
But now I'm experiencing a strange behaviour of the validation trigger.
I'll try to explain what it happens:
the user need to fill a form that contains, among other fields, a date field.
The date field should verify that the user enter a date that is at least 7 days before the current date.
Example: today is 12 october 2015. You can insert a date that is not newer than 5 october. So, 4 october is a valid date.
So, I created a variable and assigned to it the current time less 7 days:

Code: Select all

<?php
  $chkdate = KT_formatDate(date("Y-m-d", time() - 60*60*24*8)); 
 ?>
Then, I modified the code of the validation trigger to this:

Code: Select all

$formValidation->addField("date_reg", true, "date", "date", "", $chkdate, "error message");
It seems to work and I get correct values on my db.
But I see some entries in the db that shouldn't be there.
Someone has been able to enter a date newer than the correct date?
In the db I've got a 2015-10-10 value, for example).

How can it be possible?
Is there a way to bypass form validation (other than disabling javascript)?
How can I secure this form?

TIA for any suggestion, Fred.

Tony

User avatar
Fred
Site Admin
Posts: 491
Joined: 2010-02-15 12:10
Location: Armagh, Northern Ireland
Contact:

Re: custom transaction and date validation

Post by Fred » 2015-10-12 12:28

Hi Tony,
The only way to secure the form 100% is with server side validation.
In broad terms, have the user submit the data using your normal client side validation then grab the data and feed them through a script on your server to validate. If anything is wrong redirect back to the form and repopulate pointing out where the mistake was.

piripacchio
Posts: 37
Joined: 2010-04-28 08:34

Re: custom transaction and date validation

Post by piripacchio » 2015-10-12 13:20

Thanks for the prompt reply, Fred,
can you point me in the right direction with serverside validation and ADDT validation?
I don't know anything about server side validation with ADDT.

TIA

tony

User avatar
Fred
Site Admin
Posts: 491
Joined: 2010-02-15 12:10
Location: Armagh, Northern Ireland
Contact:

Re: custom transaction and date validation

Post by Fred » 2015-10-12 15:04

Basically you not going to do the database update from the same page as where the form is.
On form submission you redirect to a page called form_validation.php (as an example) where you iterate through the POST variables comparing them against pre-defined parameters.

Code: Select all

if (isset($_POST['number'])) {
   if ($_POST['number'] > '1';) {
              // do something
           } else {
                    // send back
                    }
}
If everything comes out clear the other side and the data is "clean", insert it into the database.
Nothing fancy or spectacular about it. Just basic coding.
Probably not as basic as the above, but it will give you a place to start.

piripacchio
Posts: 37
Joined: 2010-04-28 08:34

Re: custom transaction and date validation

Post by piripacchio » 2015-10-12 15:38

Thanks Fred,
It's a good starting point.
Thanks again.
tony

Post Reply