HTML and CSS Reference
In-Depth Information
Setting Up and Checking for Valid Actions
Earlier in this chapter you set up the abstract
Controller
class, which has a property called
$actions
. This property
will be used by both the
Room
and
Question
controllers to define an array of actions and their corresponding methods.
Each controller will have its own distinct actions, so the array will need to be declared in the constructor of the
Controller
class. A sample controller with an action might look like this:
class Example extends Controller
{
public function __construct( $options )
{
parent::__construct($options);
$this->model = new Example_Model;
$this->actions = array(
'action-one' => 'say_foo',
);
if (array_key_exists($options[0], $this->actions)) {
$this->handle_form_submission($options[0]);
exit;
}
else {
// If we get here, no valid form was submitted...
}
}
/* get_title() and output_view() would go here */
}
The important bits above have been bolded. For now, ignore the
new Example_Model
bit; we'll go over that
in a few pages.
The
$actions
array is set up as a key-value pair, where the key is the name of the action (which is triggered by
virtue of the submission URI), and the value is the name of the method that will process the form.
The constructor adds an
if...else
check to see whether a valid form submission URI was reached. If so, it
triggers the as-yet unwritten
handle_form_submission()
method.
To trigger an action, the form would need to submit to a URI that had the class name, a forward slash, and
then the action:
<form action="
http://rwa.local/example/action-one">...</form
>
The method to process the action needs to be added to this class as well, but we'll cover that a little later in
this section.
Preventing Duplicate or Fraudulent Submissions
To prevent erroneous, duplicate, or fraudulent form submissions, you need to implement a
nonce
—or
n
umber used
once
—to make sure that every form submission is both from a valid form and being submitted for the first time.
Search WWH ::
Custom Search