Hi!
I have a cactiveform, wich passes sensitive information, a password to an other system. How should i handle it, that it wont show up in the url of the next page?
Probably a very newb question, but i never faced this problem before.
Thanks!
Hi!
I have a cactiveform, wich passes sensitive information, a password to an other system. How should i handle it, that it wont show up in the url of the next page?
Probably a very newb question, but i never faced this problem before.
Thanks!
The common solution is to send the variables using the POST method and to use SSL for encryption.
Cheers,
Matt
In theory i am familiar with the POST/GET methods and the diference between them. Never had to use it before though. As far as i know the default in CActiveForm is POST. Why does the ‘password=blabla’ element shows up int my url then?
Can you post your view & controller code? Yes, POST is default and shouldn’t be displayed in the url.
Matt
my first controller action wich renders the view with the form
public function actionCreateDiff2($del1,$del2){
if(isset($_POST['yt0'])){
$objects = array_slice($_POST, 0, -3);
foreach ($objects as $obj){
if($obj!='e'){$objID=$obj;}
}
$username=$_POST['username'];
$password=$_POST['password'];
$this->redirect(array('diff','del1'=>$del1,'del2'=>$del2,'objID'=>$objID,'name'=>$username,'pass'=>$password));
}
$id1=TDelivery::model()->FindAllByAttributes(array('del_version'=>$del1));
$id1=$id1[0]['del_oid'];
$id2=TDelivery::model()->FindAllByAttributes(array('del_version'=>$del2));
$id2=$id2[0]['del_oid'];
$object1=TDeliveryToObject::model()->FindAllByAttributes(array('del_oid'=>$id1));
$i=0;
foreach($object1 as $obj1){$objects1[$i]=$obj1['obj_oid']; $i++; }
$object2=TDeliveryToObject::model()->FindAllByAttributes(array('del_oid'=>$id2));
$i=0;
foreach($object2 as $obj2){$objects2[$i]=$obj2['obj_oid']; $i++; }
if(isset($objects1)&&isset($objects2)){
$i=0;
foreach ($objects1 as $obj1){
foreach ($objects2 as $obj2){
if($obj1==$obj2){
//$result[$i]=$obj1;
$result[$i]=TObject::model()->FindAllByAttributes(array('obj_oid'=>$obj1));
$i++; }
}
}
if(isset($result)){ $this->render('createDiff2',array('list'=>$result));}
else {$this->render('createDiffError');}
}
my form:
<div class="form">
<?php $form=$this->beginWidget('CActiveForm', array(
'id'=>'tdelivery-form',
'enableAjaxValidation'=>false,
)); ?>
<div class="row">
<?php
echo "<table>";
$i=0;
foreach($list as $obj){
$i++;
echo "<tr><td>";
echo $obj[0]['obj_name'];
echo "</td><td>";
$name=$obj[0]['obj_name'];
$id=$obj[0]['obj_oid'];
echo $form->radioButton(TObject::model(),'obj_name',array('name'=>'doc'.$i ,'value'=>$id,'uncheckValue'=>'e'));
echo "</td></tr>";
}
echo "</table>";
?>
<?php $model =new LoginFormSVN;?>
<div class="row">
<?php echo $form->labelEx($model,'SVN username'); ?>
<?php echo $form->textField($model,'username',array('name'=>'username')); ?>
<?php echo $form->error($model,'username'); ?>
</div>
<div class="row">
<?php echo $form->labelEx($model,'SVN password'); ?>
<?php echo $form->passwordField($model,'password',array('name'=>'password')); ?>
<?php echo $form->error($model,'password'); ?>
</div>
<?php
//print_r($_POST);
echo CHtml::submitButton(); ?>
</div>
<?php $this->endWidget(); ?>
</div><!-- form -->
and the action wich works with the data from the above form:
public function actionDiff($del1,$del2,$objID,$name,$pass){
$obj=TObject::model()->FindAllByAttributes(array('obj_oid'=>$objID));
$pre1='myURL';
$path=$obj[0]['obj_url'];
$path1=$pre1.$path;
$action= 'svn info --username '.$name.' --password '.$pass.' '.$path1.'';
$action= 'svn info '.$path1.'';
$result = exec($action, $output);
$res=$output[7] ;
$res1=substr($res, 18);
$oldr=$res1;
$pre2='myURL';
$path=$obj[0]['obj_url'];
$path2=$pre2.$path;
$action= 'svn info --username '.$name.' --password '.$pass.' '.$path2.'';
$result = exec($action, $output);
$res=$output[7];
$res2=substr($res, 18);
$newr=$res2;
//oldpath manipulation an new
$path='/trunk/'.$path;
$path_real=str_replace('/','%2F',$path);
$final='myURLold_path='.$path_real.'&old='.$oldr.'&new_path='.$path_real.'&new='.$newr.'';
//echo $final;
$this->render('diff',array('link'=>$final));
}
So when this last action renders its view:
<?php
$this->breadcrumbs=array(
'deliveries'=>array('index'),
'diff deliveries'=>array('creatediff1'),
'link'
);
$this->menu=array(
//array('label'=>'List Delivery', 'url'=>array('index')),
array('label'=>'Create Delivery', 'url'=>array('create')),
array('label'=>'Manage Deliveries', 'url'=>array('admin')),
);
?>
<div class=row>
<?php
//echo $link;
echo '<a href="'.$link.'">Show diffs</a>';
//echo CHtml::linkButton('Link to diff',array('submit'=>$link))?>
</div>
i can see the password field in the url.
Mabe its a bit complicated . I am sure a veteran programmer would have a simpler solution.
So to sum upt its actiondiff1->_viewdiff1 (where the actual form is)->actiondiff->diff(where the password is seen in the url).
Thanks for your trouble!
Writing the last post made me review my program, and i realised, that the password in the url actually comes from the values given to the actiondiff function.
So the question now: how to give the variable from one action to another without showing int the url?
as the subject got sidetrailed i opened an other topic on the subject. http://www.yiiframework.com/forum/index.php?/topic/18128-redirect-with-post/page__p__89334__fromsearch__1#entry89334