Reputation: 674
How to disable direct access to callback functions?
<? if ( ! defined('BASEPATH')) exit();
class Registration extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->model('registration_model');
}
public function index() {
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'E-mail', 'trim|required|valid_email|callback_email_available');
if($this->form_validation->run() == FALSE) {
$this->load->view('registration');
} else {
$this->registration_model->add_user();
}
}
# Check E-mail
public function email_available($email) {
$this->db->select('email');
$this->db->where('email', $email);
$query = $this->db->get('users');
$result = $query->row();
if(!empty($result)) {
$this->form_validation->set_message('email_available', 'This e-mail belongs to another user.');
return FALSE;
} else {
return TRUE;
}
}
}
?>
I have a registration form with Form Validation. And I have a callback function to validate email uniqueness.
All code works fine, but I can directly access to callback function with errors
examle.com/registration/email_available
A PHP Error was encountered
Severity: Warning
Message: Missing argument 1 for Registration::email_available()
Filename: controllers/registration.php
A PHP Error was encountered
Severity: Notice
Message: Undefined variable: email
Filename: controllers/registration.php
How can I deny direct access to callback function?
Upvotes: 5
Views: 1629
Answers (2)
Reputation: 7388
My suggestion is to tuck your validation rules into a separate file. CodeIgniter supports this by allowing you to save validation configurations in config/form_validation.php. Take a look at the Form Validation Documentation, specifically the section labelled Saving Sets of Validation Rules to a Config File.
Your controller's index:
public function index() {
$this->load->library('form_validation');
if($this->form_validation->run('submit_registration') == FALSE) {
$this->load->view('registration');
}
else{
$this->registration_model->add_user();
}
}
config/form_validation.php
$config = array
(
'submit_registration' => array
(
array(
'field' => 'email',
'label' => 'Email',
'rules' => 'trim|required|valid_email|email_available'
),
array(
'field' => 'username',
'label' => 'Username',
'rules' => 'required|alpha_numeric|etc'
)
),
'some_other_submission' => array(
array(
'field' => 'somefield',
'label' => 'SomeField',
'rules' => 'some|rules'
),
array(
'field' => 'getit',
'label' => 'Get The Point?',
'rules' => 'trim'
)
)
);
libraries/MY_Form_validation.php
class MY_Form_validation extends CI_Form_validation
{
function __construct($config = array()){
parent::__construct($config);
}
function email_available($email){
$CI =& get_instance();
//check your database with the $CI variable...
if(email_exists) return TRUE;
else return FALSE;
}
}
Upvotes: 1
Reputation: 9858
You can prefix the method name with an _ to deny access through HTTP request.
Upvotes: 6
Related Questions
- Prevent access controller methods directly from URL in Codeigniter
- Codeigniter - Restricting direct access to controller functions from URL call
- Callback function returning false CodeIgniter
- How to use callback function in codeigniter
- Defining Callback function in codeigniter
- Codiginter prevent direct access to method used by form action
- how to deny access to controller functions in codeigniter framework
- Codeigniter 2 - Callback function in My_Controller
- CodeIgniter Callback Problem
- How can I limit access to specific functions in CodeIgniter?