HTML and CSS Reference
In-Depth Information
protected function check_nonce( )
{
if (
isset($_SESSION['nonce']) && !empty($_SESSION['nonce'])
&& isset($_POST['nonce']) && !empty($_POST['nonce'])
&& $_SESSION['nonce']===$_POST['nonce']
) {
$_SESSION['nonce'] = NULL;
return TRUE;
} else {
return FALSE;
}
}
/**
* Performs basic input sanitization on a given string
*
* @param $dirty string The string to be sanitized
* @return string The sanitized string
*/
protected function sanitize( $dirty )
{
return htmlentities(strip_tags($dirty), ENT_QUOTES);
}
This method checks three criteria:
•
That the nonce was stored in the session
•
That the nonce was submitted with the form
•
That the nonces in the session and form are identical
If all three conditions are met, the nonce is removed from the session (so the form cannot be submitted again
successfully) and Boolean
TRUE
is returned to signify a successful nonce check.
Writing the Form Handling Methods
To actually process the form submissions, you need three methods:
•
The first will check the nonce, execute the action handler method, and redirect the user to the
proper location, pending success or failure.
•
The second is the aforementioned action handler, which actually processes the submitted
form data.
•
The third is the model method, which takes the processed data from the action handler and
manipulates the database accordingly.
Adding the Main Form Handling Method
The first method, which will reside in
system/core/class.controller.inc.php
, will be called
handle_form_submission()
. It accepts one parameter: the action.
Search WWH ::
Custom Search