Capturing $_SERVER variables to form elements « HTML Form Builder Online , PHP Form Creator

This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

Capturing $_SERVER variables to form elements

Started 11 years ago by rodp | 2 posts |

rodp
Member

Hi -- I know this top has been covered in the past, but I think some things have changed in version 3.5. I have Machform installation that is behind our institution's single-signon authentication system. I'd like to be able to capture specific server login variables.

Form creators would create forms with fields that match the server variables we want to capture. If the form field title matches the server variable name, we want to store it's value. Ideally these values would be stored in admin-only fields, but if necessary we can store them in user fields and hide those form elements with CSS. Is there a place we could add code something like this:

if($element->title == 'MYSERVERVAR'){
$element->default_value = htmlspecialchars(mf_sanitize($_SERVER['MYSERVERVAR']),ENT_QUOTES);
}

Is there a way to do something like this in custom_hooks.php?

Thanks again for a great product!

Posted 11 years ago #
rodp
Member

Finally got this working. If anyone else wants to set Admin-only fields using a $_SERVER variable or some other value. In includes/post_fuctions.php around line 404, insert additional admin values in the block:

//if this is private fields and not logged-in as admin, bypass operation below, just supply the default value if any
if(($element_info[$element_id]['is_private'] == 1) && empty($_SESSION['mf_logged_in'])){
if(!empty($element_info[$element_id]['default_value'])){
$table_data['element_'.$element_id] = $element_info[$element_id]['default_value'];
}
//continue;
//}
// **********************************************************************************************************************
// SET Admin field to $_SERVER variable if corresponding form element exists
// **********************************************************************************************************************
if ($element_info[$element_id]['title'] == 'SPECIAL_FIELD') {
$table_data['element_'.$element_id] = $_SERVER['SPECIAL_FIELD'];
}
if ($element_info[$element_id]['title'] == 'REMOTE_USER') {
$table_data['element_'.$element_id] = $_SERVER['REMOTE_USER'];
}
continue;
}

Hope this is helpful to someone -- it may be useful when you don't want to pass sensitive data in the querystring to populate a form. Note that this will work for regular users, but $_SERVER values will not be set for logged-in admins. You could also only submit values for specific form IDs, but we wanted this to work for all forms that use certain field names.

Rod

Posted 11 years ago #

RSS feed for this topic

Reply

You must log in to post.