Changes in new formulize?

Submitted by sadistiko on Tue, 06/09/2009 - 3:22pm

Is there some changes in this part of code in new formulize?

if(isset($_POST) AND $entry_id == "new") {
global $formulize_allWrittenEntryIds;
$entry_id = $formulize_allWrittenEntryIds[1][0];

On new site with latest SVN version of formulize I have error when I click Save button:

Error: the data you submitted could not be saved in the database.

$formulize_allWrittenEntryIds[1][0];

In this part 1 is ID of form, and I have only one form in formulize, but it all the time I get this error. I can put text in form if I use original form input from formulize and I can get all that saved data in another pagework page that is used for presentation of that infos. So, it must be something in that code.

‹ Formulize and Anonymous Entries IT Department Applications Database ›

Comments

Where is that code?

Submitted by Julian Egelstaff on Tue, 06/09/2009 - 7:35pm.

Hi there,

I don't recognize that code. Where is it located? What exactly are you doing when the error comes up? What is the URL at the time?

--Julian

I know the code now, but I don't have an answer

Submitted by Julian Egelstaff on Thu, 06/11/2009 - 5:54am.

Hello,

Now I realize the code is from this thread:

How to costmize form?
http://www.freeformsolutions.ca/en/node/573

I don't see why you would get an error though with a new version of Formulize....unless it has to do with the token check. The "Error: the data you submitted could not be saved in the database." message means that the saving of data in readelements.php failed. And there is part of that code that checks to see if the XOOPS security token is valid. There is a module preference in Formulize to turn off the token for Formulize

So try going to the Formulize preferences, and change the preference so you do NOT use the XOOPS security token. Maybe that will solve the problem.

This might suddenly be an issue because you installed a local firewall recently? And it blocks your referrer information. And in some situations, that will cause the XOOPS to fail. You could also just turn off the referrer check...there's code in the xoopssecurity.php file, in the class folder I think, that checks the referrer. If you change it so the function always returns true, then the referrer check won't matter.

Let us know how it goes.

--Julian

...

Submitted by sadistiko on Thu, 06/11/2009 - 5:55am.

URL is:

http://sabunike-uvn.hr/modules/pageworks/index.php?page=1

and I enter text in fields, click Save and get error

security token was problem

Submitted by sadistiko on Fri, 06/12/2009 - 1:38pm.

Use the security token system to validate form submissions? option in formulize was my problem, when I turn off this option I can save data in DB.
It looks that option was turned off by default in last version I have on my older site.

How do I turn off the security token system for just 1 page?

Submitted by ecandym on Fri, 05/21/2010 - 3:58am.

Hi

I'm making a Pageworks page using displayElement for the layout, rather than displayForm.

It only saves to the database if I turn off the security token system.

How can I turn off the security token system for just one Pageworks page? I'd rather keep the cross-site scripting protection for the other pages.

Is there a command I can use in php in the pageworks page to turn it off?

Thanks.

Andy

Maybe better to add the token to the form?

Submitted by Julian Egelstaff on Tue, 05/25/2010 - 9:35am.

Hello, thanks for the post, interesting situation you've got there.

I would suggest adding a XOOPS security token to the form, that way there shouldn't be a problem. To do that, I think it would require a hack to pageworks....ideally this should be a configurable module preference in pageworks....pageworks is likely to be merged into Formulize as "custom screens" before that happens, unless someone wants to pick up this ball and run with it.

Anyway.....

To add some code to Pageworks that adds a XOOPS security token to the form that it renders, and so the security check should pass, find this code in the modules/pageworks/index.php file:

if((strstr($pagedata[0]['page_template'], "displayElement(") OR strstr($pagedata[0]['page_template'], "displayGrid(")) AND !strstr($pagedata[0]['page_template'], "<form")) {
  $thistime = microtime();
  print "<form name=\"elementdisplayform_$thistime\" action=" . getCurrentUrl() . " method=post>\n";
}

And add this code right before the closing }

if(isset($GLOBALS['xoopsSecurity'])) {
  print $GLOBALS['xoopsSecurity']->getTokenHTML();
}

That should do it.

Conversely, if you do want to just turn off the check for a single pageworks page, so that data will be saved no matter what on that page, then you can find this code in modules/formulize/include/readelements.php:

if(count($formulize_elementData) > 0 ) { // do security check if it looks like we're going to be writing things...
  $cururl = getCurrentURL();

And add another IF condition based on the URL, something like this:

if(count($formulize_elementData) > 0) { // do security check if it looks like we're going to be writing things...
  $cururl = getCurrentURL();
  if($cururl != "http://www.mysite.com/modules/pageworks/index.php?page=3") {
     // rest of the code goes here
  }
}

So basically make all the rest of the code in that section conditional upon the URL not being page 3 (in this example). If the URL is for page 3, then skip the security check.

Does this make sense? Let me know if you have questions and how it works out. Thanks,

--Julian

How do I turn off the security token system for just 1 page?

Submitted by ecandym on Wed, 05/26/2010 - 1:10am.

Hi

Thanks Julian, we implemented your first piece of code and it works fine.

Thanks

Andy