Page 1 of 1
Quick and dirty, very ugly, form example
Posted: Sun Aug 05, 2007 3:29 pm
by calguy1000
Okay.... here you will find a simple example form that I put into one of my pages on my test site.
This was done purely as an example as to how to do inline forms in CMS Made Simple. of course things can get more complex.... but what it illustrates is that CMS Made Simple does not prevent you from coding your own forms, etc.
Notice I did not use a UDT. I did the code inline (remember to set the
use_smarty_php_tags variable to true in the config.php).
Code: Select all
{php}
$count = 5;
if( isset( $_REQUEST['submit'] ) )
{
if( isset( $_REQUEST['count'] ) ) {
$square = (float) $_REQUEST['count'];
$square = $square * $square;
echo "The Result is: $square<br/>";
}
}
{/php}
<form method="post" action="{$smarty.server.PHP_SELF}">
<label for="count">Count</label>:
<input name="count" type="text" maxlength="10" length="10" value="{php}echo $count;{/php}">
<input type="submit" name="submit" value="Go">
</form>
Maybe in a bit I'll do an example that opens another database connection because that has a sneaky little trick or two.
Re: Quick and dirty, very ugly, form example
Posted: Mon Aug 06, 2007 10:27 am
by Pierre M.
Thank you Calguy.
Newbies, please notice :
Calguy says it is dirty and very ugly. Indeed, the point is to demonstrate that CMS Made Simple does not prevent you from coding your own forms.
But know what you are doing : if you don't use UDTs and wide open the use_smarty_php_tags variable, you have to life trust anybody accessing your system. Don't set use_smarty_php_tags to true unless you want your site hacked.
BTW, before coding, anybody can try the FormBuilder and FormBrowser CMSms modules (although they can't do math).
Pierre M.
Re: Quick and dirty, very ugly, form example
Posted: Mon Aug 06, 2007 5:08 pm
by calguy1000
Here's the same form done as a single UDT.
Code: Select all
$count = 5;
if( isset( $_REQUEST['submit'] ) )
{
if( isset( $_REQUEST['count'] ) ) {
$square = (float) $_REQUEST['count'];
$square = $square * $square;
echo "The Result is: $square<br/>";
}
}
echo '<form method="post" action="'.$_SERVER['PHP_SELF'].'">';
echo '<label for="count">Count</label>';
echo "<input name=\"count\" type=\"text\" maxlength=\"10\" length=\"10\" value=\"$count\">";
echo '<input type="submit" name="submit" value="Go">';
echo '</form>';
Re: Quick and dirty, very ugly, form example
Posted: Tue Aug 14, 2007 3:32 pm
by hexdj
Thanks
Re: Quick and dirty, very ugly, form example
Posted: Tue Aug 14, 2007 4:51 pm
by calguy1000
No..... you just follow the instructions with each example.....
In the first example you have to turn on use_smarty_php_tags in config.php
In the second example, you just create the UDT, and call it with {my_udt_name} in your template or page content.
Re: Quick and dirty, very ugly, form example
Posted: Fri Aug 24, 2007 10:32 pm
by tyman00
Pierre M. wrote:
Newbies
That's me.
With your post are you saying that Calguy's first example leaves the forms open to hacking when you turn on PHP smarty tags or did you mean that anyone that has access to the admin panel can hack the site with PHP smarty tags turned on?
I am not using CMSMS for forms, but I am trying to learn PHP security and general web base security.
Where did you all learn about all the security? I read some documents and I get confused, any recommendations for a starting point for newbies interested in PHP/Web-programming security?
Re: Quick and dirty, very ugly, form example
Posted: Sat Aug 25, 2007 10:29 am
by Pierre M.
Hello,
Disclaimer : I'm not a security expert.
I "mean that anyone that has access to the admin panel can hack the site with PHP smarty tags turned on" because it allows to put unlimited code anywhere.
So using the FormBuilder module is safer than coding. My advice is to (safely) code only when you require a feature that out-of-the-box CMSms/modules can't do (e.g. math computations in the above example).
Pierre M.
Re: Quick and dirty, very ugly, form example
Posted: Sat Aug 25, 2007 1:38 pm
by tyman00
Ok, I already knew that. You had me worried that there was more security issues with Smarty PHP tags than just in the admin side.
Re: Quick and dirty, very ugly, form example
Posted: Sat Aug 25, 2007 1:59 pm
by bterkuile
Don't forget the good old javascript for doing calculations
Code: Select all
The square is: <span id="result"></span><br />
<input type="text" id="count" value="5"/><button onclick="$('result').innerHTML=$('count').value*$('count').value;">Go</button>
Re: Quick and dirty, very ugly, form example
Posted: Thu Feb 14, 2008 8:51 pm
by calguy1000
This example (done entirely in smarty) should work too.
Code: Select all
{if isset($smarty.post.submit)}
<p>Result = {$smarty.post.count * $smarty.post.count}</p>
{/if}
<form method="post" action="{$smarty.server.PHP_SELF}">
<label for="count">Count</label>:
<input name="count" type="text" maxlength="10" length="10" value="{php}echo $count;{/php}">
<input type="submit" name="submit" value="Go">
</form>
Re: Quick and dirty, very ugly, form example
Posted: Wed Jun 04, 2008 2:05 pm
by calguy1000
try taking the action= parameter out, so you just have ....