wiki | forum | trac | otrs | joomla | tech blog | mailman | bewelcome Branches: test.bw | alpha.bw | www.bw Participate: download | get involved

Platform PT - Handler_Post

Usually, a HTML form is used to send new entries for textfields or numbers to the server. This data is made available in the global $_POST array. (If register_globals is enabled on the server, all keys and values from this array are registered as vars. Since this is not a good idea and deprecated on top, a handler for POST-data is used.) It's situated in /lib/handler/posthandler.lib.php and like nearly all classes in this framework it employs the singleton design.

Init

To get access of the Post-vars you have to register your wish beforehand, that means the time you generate the html form. You set a Callback key (or id) and a Callback function (class and method). The callback key is really a key, you could use whatever you like, as long it is unique. But better stick to this: 

  $callbackId = PFunctions::hex2base64(sha1(__METHOD__));

You have to include this Id in your form in a hidden input field, set name to the Id and value something you like, "1" will do: 

  <input type="hidden" name="<?=$callbackId;?>" value="1"/>

This hidden field later on makes the connection between your registered callback and the form you prepared. It's a good habit to use the current method, so you got everything together in one spot. You may set the Callback function differently, if you think that's better. (E.g. one for creating the form, one for checking the sent values etc) 

 //now tell the PPostHandler which callback method to call//
 I made it a habit to always use the same method
 PPostHandler::setCallback($callbackId, __CLASS__, __FUNCTION__);

Processing

The Callback handler is called everytime the framework is called (=always) and it checks if $_POST array is filled. If your Callback Id is present in the array the registered Controller Class is instantiated and the method called. You can detect in your handling method whether it is called by the Posthandler by checking PPostHandler::isHandling(). 

  if (PPostHandler::isHandling()) {
  //process and save the sent POST data
  } else{
  //generate default values and form
  }

Now, to the interesting part, the data retrieval. You just do a 

 $vars = PPostHandler::getVars($callbackId);

and you got the POST vars in the $vars array. NOTE: Values are already stripslashes()ed and trim()ed !

As long you can be sure that your controller method is not called by another callback handler, you can use getVars() without a Callback Id. The singleton stores the last acessed key (by POST transmission). But, it is always a better and safer way to use it as in the example above.

Clean-up

It's like cooking at home, you have to do the clean-up afterwards manually by calling 

 //explicit garbage collection//
 use _after_ you have gathered the vars
 PPostHandler::clearVars($callbackId);

If you do not the values are stored there until the session is destroyed.

Redirecting

You are free to return a URL (absolute or relative, your choice) where the user is immediately redirected thereafter. If you don't provide a URL, the redirect goes to the calling URL. This also happens if no or a non registered Callback Id is present in $_POST array. Keep an eye on your class architecture, it shouldnt need to have any other method (except construct, which is called automatically) to be called before your handling function can work.

The benefit

First off, this procedure might seem complicated, but it has several advantages:

  • chance of POST-var manipulation is lowered (only the Class that wants to have the data gets it)
  • clear division of reponsibilities
  • it removes the annoying "If you reload the page, POST data is sent again?" browser message and thus
  • raises data integrety, no forum post can be sent twice again, unwittingly.
Trac Customization: trac stylesheet
SourceForge.net Logo