add this to each form's configure() method, that you want to have flood
protected (I expect that you want to protect this way (form) of entering
data from flooding, and not the model itself):
$this->validatorSchema->setPostValidator(new CombValidator(null,
array(), array('invalid' => 'Flooding is not acceptable')));
and put the CombValidator in the lib dir:
class CombValidator extends sfValidatorSchema {
protected function doClean($values) {
if ($isFlood){
throw new sfValidatorError($this, 'invalid');
}
}
}
Am 29.05.2010 06:17, schrieb comb:
> Hey & Thanks! Yeah it's more clean like you describe to do it in
> processForm or the isValid for the form classes, but then I have to
> add this validation to each model-actions-class/model-form, that I
> want to be flood-protected. Isn't there a way to prevent code-
> duplication by using the preInsert hooks or something else? (DRY-
> principle)
> (That's maybe what the thread is about... best practice regarding DRY
> or not DRY).
>
> On 28 Mai, 14:24, Tom Ptacnik <to...@tomor.cz> wrote:
>> If you want to redirect back to the filled form when user don't wait
>> enough, then I think the best solution would be to do this validation
>> in the moment as classic validation of the form fields.
>>
>> I suggest to create some class for this validation ...
>> FloodProtector.class.php
>> then create some method testFlood() maybe static maybe not :)
>>
>> And I see two options:
>>
>> Option 1)
>> Do this validation in the form object. For example in the method
>> isValid()
>> .. overwrite it ..
>>
>> public function isValid()
>> {
>> if (FloodProtector::testFlood())
>> {
>> .. set error message somehow
>> return false;
>> }
>>
>> return parent::isValid();
>>
>> }
>>
>> Option 2)
>> Check for this in the action next to the $form->isValid();
>>
>> protected function processForm(sfWebRequest $request, sfForm $form)
>> {
>> $form->bind($request->getParameter($form->getName()), $request-
>>
>>> getFiles($form->getName()));
>>
>> if ($form->isValid())
>> {
>> if (FloodProtector::testFlood())
>> {
>> $this->getUser()->setFlash('error', 'The item has not been saved
>> due to flood protection.');
>> }
>> else
>> {
>> ... classic process if form is valid
>> ...
>>
>> On 27 kvÄ›, 22:04, comb <sa...@gmx.net> wrote:
>>
>>> that works! =) It prevent's the insert itself and I know, how to
>>> redirect back to the form, but I cannot figure out, how to display the
>>> given form values from the invoker again. My form is always empty :-/
>>
>>> class FloodCheckListener extends Doctrine_Record_Listener
>>> {
>>> //...
>>> public function preInsert(Doctrine_Event $event)
>>> {
>>> if (sfContext::hasInstance())
>>> {
>>> if (true) // check user attributes and DB for
>>> flooding
>>> {
>>> $event->skipOperation(); // do not insert
>>>
>>> sfContext::getInstance()->getUser()->setFlash('error', 'You have
>>> to wait some time before you can post again!');
>>> $ref =
>>> sfContext::getInstance()->getRequest()->getReferer();
>>> if (empty($ref))
>>> {
>>> $ref = '@homepage';
>>> }
>>>
>>> sfContext::getInstance()->getController()->redirect($ref);
>>> // TODO how to submit the invoker-values to
>>> the form??
>>> die(); // cancel current route-execution
>>> }
>>> }
>>> }
>>
>>> }
>>
>>> This is very dirty and I don't know how to write this behavior in a
>>> better / cleaner way.
>>
>>> Any help would be appreciated.
>>
>>> Comb
>>
>>> On 27 Mai, 16:46, Daniel Lohse <annismcken...@googlemail.com> wrote:
>>
>>>> http://www.doctrine-project.org/projects/orm/1.2/docs/manual/event-li...
>>
>>>> scroll down a little bit to the line: $event->skipOperation();
>>
>>>> This should do what you want?
>>
>>>> Daniel
>>
>>>> On 27.05.2010, at 16:41, comb wrote:
>>
>>>>> Hey thanks, but it does not work :-(
>>>>> class FloodCheckListener extends Doctrine_Record_Listener
>>>>> {
>>>>> //...
>>>>> public function preInsert(Doctrine_Event $event)
>>>>> {
>>>>> return false;
>>>>> }
>>>>> }
>>>>> The record is saved anyway.
>>
>>>>> On 27 Mai, 16:26, Robert Schoenthal <seros...@googlemail.com> wrote:
>>>>>> he,
>>
>>>>>> try to "return false" in your preInsert Method, it think it should
>>>>>> work
>>
>>>>>> On May 27, 12:39 am, comb <sa...@gmx.net> wrote:
>>
>>>>>>> Hi,
>>
>>>>>>> i'm writing a CheckFloodable-Behavior.
>>>>>>> Before a new record is saved, I would like to prevent the insertion of
>>>>>>> the new record if the user did not wait long enough.
>>>>>>> It's very dirty since I use the sfContext::getInstance() quite much,
>>>>>>> but my question is, how would one prevent the insertion? is it ever
>>>>>>> possible`to prevent it within a listener or do I have to write a check
>>>>>>> in every new/create action if the model??
>>>>>>> I tried a redirection within the listener, but the record is inserted
>>>>>>> anyway...
>>
>>>>> --
>>>>> If you want to report a vulnerability issue on symfony, please send it to
>>>>> security at symfony-project.com
>>
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "symfony users" group.
>>>>> To post to this group, send email to symfony-users@googlegroups.com
>>>>> To unsubscribe from this group, send email to
>>>>> symfony-users+unsubscr...@googlegroups.com
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/symfony-users?hl=en
>>
>>
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
