Select List Selected via URL?

4 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: December 20, 2010 (RSS)

Archived
Reply
Reply

By Rusty - December 17, 2010 - edited: December 17, 2010

I put this in here, because it's something that I'm tinkering around with that's part of the Signup / Profile bits of the Membership Plugin.

I am curious if it is possible by including bits into the URL, to automatically Select an Option from a list.

I realize that the Signup and Profile pages use POST, not GET, so that's kinda out the window.

I want to take a select list (prefreably a multi-select), created in the CMS, and then by passing a URL string through/to it, auto-magically have certain options selected.

I need to figure out a way to remove the capability of the user (who is signing up) from the form, and hopefully pass the pre-selected options on to the form. This way they'll be sent to the form, and Options will be pre-selected, but they won't be able to change those options (unless they get really good at guessing the URL bits).

My first thought was perhaps to create a Multi-List section exclusively for the options that I wish pre-selected.

Then in the User Accounts section have the Options populate from the Multi-List Section editor. Then maybe try to use URL querying to select the options I want... but I'm still not sure how to keep the options selected when we POST the form.... >.< I'm confused. [crazy]

I'm trying to figure out a way to have certain options dynamically pre-selected with out resorting to statically coding the Options list and having certain ones have selected="selected" ya know? That's the whole point of it all, being able to be dynamic.

Rusty

Re: [Rusty] Select List Selected via URL?

Archived
Reply
Reply

By Chris - December 17, 2010

Hi Rusty,

It's difficult for me to come up with an example without a concrete use case, but here are my thoughts:

The simplest solution would be to pass through your query string with a hidden field, like this:

<input type="hidden" name="secret" value="<?php echo htmlspecialchars(@$_REQUEST['secret']); ?>"/>

I would use this approach and output a list field separately (with disabled="disabled".)

Of course, it's still possible to alter hidden fields, so the next step in securing things would be to only accept certain values before saving; next, you could encode (or encrypt) the value so that it would be difficult for people to guess other valid values.

Does that help? Please let me know if you have any questions.

All the best,
Chris

Re: [chris] Select List Selected via URL?

Archived
Reply
Reply

By Rusty - December 17, 2010

Yeah it helps a bit, let me explain a bit further perhaps it will help.

I want to take a list which in regular HTML would look like this:

<form id="frmPreselect" name="frmPreselect">

  <select id="States" name="States">
    <option value="Ohio">Ohio</option>
    <option value="Washington">Washington</option>
    <option value="Idaho" selected="selected">Idaho</option>
    <option value="Udaho">Udaho</option>
  </select>

</form>

Now I'm using the following PHP code to pull up the entire list from the CMS Builder (where I use a regular select list, with options that I manually populated)

<?php $fieldname = 'state'; ?>
        <?php $idCounter = 0; ?>
        <select name="<?php echo $fieldname ?>">
          <?php foreach (getListOptions('accounts', $fieldname) as $value => $label): ?>
          <?php $id = "$fieldname." . ++$idCounter; ?>
          <option id="<?php echo $id ?>"
             value="<?php echo htmlspecialchars($value) ?>" <?php checkedIf(@$_REQUEST[$fieldname], $value) ?> />
          <?php echo htmlspecialchars($value) ?>
          </option>
          <?php endforeach?>
        </select>

Now... My goal is to figure out a way to dynamically...

a) Make a particular State Selected via a URL or some method other than hard coding it (and bypassing the select list altogether)

b) I don't want the user to be able to change the options, Adminator yes, User... no.

For now I'm making multiple versions of the signup form... eliminating the PHP populated Option Select list, and then hard coding the option in the PHP Code in the header via this.

mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET
          state		= '".mysql_escape("Idaho")."',

PS.

How can I get a cool user icon/picture/avatar under my name. Didn't see the functionality for that in the "Edit Profile" section of the Forums.

PPS.
Thanks for the awesome support you, & Jason always provide. You're my nerd-core-coding heroes! (And I mean that as a good thing).[cool]

Rusty

Re: [Rusty] Select List Selected via URL?

Archived
Reply
Reply

By Chris - December 20, 2010

You'll want to use "state[]" as your field name so that PHP properly interprets the multi-value nature of your <select/>. Changes in red:

<?php $fieldname = 'state'; ?> 
<?php $idCounter = 0; ?> 
<select name="<?php echo $fieldname ?>[]"> 
  <?php foreach (getListOptions('accounts', $fieldname) as $value => $label): ?> 
  <?php $id = "$fieldname." . ++$idCounter; ?> 
  <option id="<?php echo $id ?>" 
     value="<?php echo htmlspecialchars($value) ?>" <?php selectedIf(array_search($value, @$_REQUEST[$fieldname]) !== false, true); ?> /> 
  <?php echo htmlspecialchars($value) ?> 
  </option> 
  <?php endforeach ?> 
</select>

When you go to save the value, you can get the value to pass to mysql_escape like this:

$state = "\t" . implode("\t", @$_REQUEST['state']) . "\t";

That's the format that CMS Builder uses to store multi-value list fields: a tab-separated and padded list of values.

With another small change, you can set the <select/> to be disabled if the current user isn't an admin like this:

<select name="<?php echo $fieldname ?>[]" <? echo @$CURRENT_USER['isAdmin'] ? '' : 'DISABLED="DISABLED"' ?>>

However, it's trivial for users to bypass that. If you want something more resilient, you'll want to encode or encrypt the selection and pass it through.

I hope this helps! Please let me know if you have any questions.

How can I get a cool user icon/picture/avatar under my name. Didn't see the functionality for that in the "Edit Profile" section of the Forums.

I believe those are reserved for staff, sorry!

Thanks for the awesome support you, & Jason always provide. You're my nerd-core-coding heroes! (And I mean that as a good thing).

Thanks for the kind words. :) We love to help!

All the best,
Chris