php - Accessing request obejct in zend (1.12) custom validator is legal? -


i using zend framework 1.12. have service validating token. service having 2 functions

  1. settoken: responsible generating token , store in session.
  2. validatetoken: responsible regenerating token , validate token stored in session.

current situation calling settoken() function while loading form , validatetoken() function called after form submission.

now want write zend custom validator. process.

here custom validator:

class my_validator_csrf extends zend_validate_abstract {     const invalid_token = 'invalid_token';      /**      * message templates      * @var array      */     protected $_messagetemplates = array(         self::invalid_token => "csrf_form_error",      );      /**      * generates , set token in session.      */     public function __construct()     {         $request = zend_controller_front::getinstance()->getrequest();          if (!$request->ispost()) {             $csrfvalidator = new website_service_csrfvalidator();             $csrfvalidator->settoken();         }     }      /**      * validates csrf token.      *       * @return boolean      */     public function isvalid($value)      {         $csrfvalidator = new website_service_csrfvalidator();          if (!$csrfvalidator->validatetoken()) {             $this->_error(self::invalid_token);             return false;         }          return false;     } } 

question: settoken() function must called while loading form , not after form submission. therefore checking if method not post , using front controller having request object there in form validator.

$request = zend_controller_front::getinstance()->getrequest();  if (!$request->ispost()) {     $csrfvalidator = new website_service_csrfvalidator();     $csrfvalidator->settoken(); } 

i not sure if legal or not. if not please suggest me way can achieve above scenario.

thanks in advance

you try (note: change 'send' submit button's id attribute value):

if ($request->getparam('send', false)) { // user submitted form   ... } else { // form not yet submitted   ... } 

an alternative option post form submission different url / action.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -