1,399 thoughts on “Zebra_Form, a jQuery augmented PHP library for creating and validating HTML forms

  1. KennyG

    Another bug :
    After add_error(), when error is displayed, if you close the error, if you have a texarea with characters counter, the counter is not aligned with the rest of the form.

    Firefox 18.0.2, Linux Ubuntu

    1. Stefan Gabos Post author

      that is because the counter is absolutely positioned. i’ll find a fix for that, too.
      thanks!

  2. Andreas

    Hi Stefan,

    I’m trying to use a form with a captcha. Everything works smoothly, except with Chrome (version 24.0.1312.57 m).

    I keep getting the ‘csrf_detected’ error message. If I disable the CSRF protection or use a HTTPS address, the problem disappears. I tested with many different browsers, it works everywhere.

    Here is an example code:

    require('path/to/Zebra_Form.php');
    $form = new Zebra_Form('form');
    	
    $form->add('captcha', 'my_captcha', 'my_text');
    $obj = $form->add('text', 'my_text');
    $obj->set_rule(array(
      "captcha" => array("error", "Not human!"),
    ));
    
    $form->add('submit', 'btnsubmit', 'Submit');
    $form->validate();
    $form->render();

    Thanks in advance !

    1. Stefan Gabos Post author

      maybe it’s from one of the extensions you have installed…try disabling all your extensions and then enabling them one-by-one to see what is causing the problem

    2. Stefan Gabos Post author

      there must be more to it as I also have that Chrome extension and even though it adds some HTML to the page it doesn’t break my forms…are you using the latest version of both Zebra_From and the validator?

    3. Stefan Gabos Post author

      it’s because you have “autorun” option checked for the validator, which seems that somehow alters the session data and thus when the form is submitted the token in the hidden field does not match the token in the session…i recommend not using the autorun option from the validator which is a waste of resources both for you (do you *really* need to validate every time you reload your pages?) as well as for the W3C validator service.

    4. Andreas

      Thank you very much ! Good detective skills 😉

      Do you think it’s a “bug” from the extension or an unavoidable side effect ? Since the extension is quite popular and “autorun” is activated by default, I wonder if it could be a problem.

    5. Stefan Gabos Post author

      I don’t know how the extension is working so I am unable to help you further. Also, I don’t think it’s a bug from the extension, but I do think it’s an avoidable side effect that the extension’s creator can fix, but that’s really up to him.

  3. Søren

    Is it possible to make a dividing of the formular, so one could group some fields- instead of making a new template

    Like a

    //EVENTTITEL
    $form->add('label', 'label_event_titel', 'event_titel', $txt["event_titel"].':');
    $obj = $form->add('text', 'event_titel', '', array('size' => '40','tabindex' => '1'));
    $obj->set_rule(array('required' => array('error', $errtxt["event_titel"]) ));
    $obj = $form->add('note','note_event_titel','event_titel',$hint["event_titel"]);
    //EVENT STARTDATO
    $form->add('label', 'label_dp-1', 'dp-1', $txt["dp-1"].':');
    $date = & $form->add('date', 'dp-1','',array('tabindex' => '2'));
    $date->set_rule(array('required' => array('error', $errtxt["dp-1"]),'date' =>  array('error', $errtxt["date"])));
    $date->inside(true);
    $date->format('d-m-Y');
    $obj = $form->add('note','note_dp-1','dp-1',$hint["dp-1"]);
    //STARTTID
    $form->add('label', 'label_timer1', 'timer1', $txt["timer1"].':');
    $obj = $form->add('time', 'timer1', '', array(
    'format'    =>  'hm',
    'hours'     =>  array(0, 1, 2, 3, 4, 5, 6,7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23),
    'minutes'   =>  array(0, 15, 30, 45),
    'tabindex' => '3'
    ));
    $obj = $form->add('note','note_timer1','timer1',$hint["timer1"]);
    //EVENT SLUTDATO
    $form->add('label', 'label_dp-2', 'dp-2', $txt["dp-2"].':');
    $date = & $form->add('date', 'dp-2','',array('tabindex' => '4'));
    $date->set_rule(array('date' =>  array('error', $errtxt["date"])));
    $date->inside(true);
    $date->format('d-m-Y');
    $obj = $form->add('note','note_dp-2','dp-2',$hint["dp-2"]);
    
    //EVENTTITEL
    $form->add('label', 'label_event_titel', 'event_titel', $txt["event_titel"].':');
    $obj = $form->add('text', 'event_titel', '', array('size' => '40','tabindex' => '1'));
    $obj->set_rule(array('required' => array('error', $errtxt["event_titel"]) ));
    $obj = $form->add('note','note_event_titel','event_titel',$hint["event_titel"]);
    //EVENT STARTDATO
    $form->add('label', 'label_dp-1', 'dp-1', $txt["dp-1"].':');
    $date = & $form->add('date', 'dp-1','',array('tabindex' => '2'));
    $date->set_rule(array('required' => array('error', $errtxt["dp-1"]),'date' =>  array('error', $errtxt["date"])));
    $date->inside(true);
    $date->format('d-m-Y');
    $obj = $form->add('note','note_dp-1','dp-1',$hint["dp-1"]);
    //STARTTID
    $form->add('label', 'label_timer1', 'timer1', $txt["timer1"].':');
    $obj = $form->add('time', 'timer1', '', array(
    'format'    =>  'hm',
    'hours'     =>  array(0, 1, 2, 3, 4, 5, 6,7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23),
    'minutes'   =>  array(0, 15, 30, 45),
    'tabindex' => '3'
    ));
    $obj = $form->add('note','note_timer1','timer1',$hint["timer1"]);
    //EVENT SLUTDATO
    $form->add('label', 'label_dp-2', 'dp-2', $txt["dp-2"].':');
    $date = & $form->add('date', 'dp-2','',array('tabindex' => '4'));
    $date->set_rule(array('date' =>  array('error', $errtxt["date"])));
    $date->inside(true);
    $date->format('d-m-Y');
    $obj = $form->add('note','note_dp-2','dp-2',$hint["dp-2"]);
    1. Søren

      I know the above are equal fields, but a kind of dividing with a line or some thing else – without making a template

    2. Stefan Gabos Post author

      nope. you should really build custom templates for anything else other than simple forms.

  4. Søren

    I got the following error

    Cannot unset string offsets in File.php on line 123

    I got it when i did this:

    $obj = $form->add('file', 'pdf', $pdfen, array('tabindex' => '8'));

    but not when i do this

    $obj = $form->add('file', 'pdf', '', array('tabindex' => '8'));
    1. Stefan Gabos Post author

      as stated in the documentation, “file” controls have only 2 arguments: id and an array of attributes; and also file controls cannot have a default value as it would be a security risk; this is not a behavior of the library but of the browsers.

  5. Søren

    When i change the day names, month names etc in english language file it doesnt have any effect

    'days'          => array('Søndag','Mandag','Tirsdag','Onsdag','Torsdag','Fredag','Lørdag'),

    it stille writes the english day names

  6. Stefan

    If there are objects which will be toggled (e.g. via jQuery) and so the document gets longer, the datepicker button and other elements stay at the same place. They don’t go with the actual height!

    1. Stefan

      And also, if i use URL as rule, the required_protocol only works serverside – NOT Client Side!

    2. Stefan Gabos Post author

      you’ll have to use the DatePicker’s “update” method for that. i will probably fix this issue in the next release

  7. Arne Tarara

    Hi Stefan,

    I found a behaviour in your Zebra_Form::Date->_is_form_valid(), which seems to intended on some cases, but leads to unexpected behaviour.

    I define a Date control, which takes following restction:

    $obj->format('Y-m-d');

    Thus expecting, that a date of the form “2013.02.01” validates, but the following two should fail:
    – “2013.02 .01”
    – “2013.02.01 ”
    (Notice the extra spaces)

    However, since you are running:

    preg_replace('/\s/', '', preg_quote($this->attributes['format']));

    All the whitespaces get removed.

    In my subsequent code, I run

    DateTime::createFromFormat($date, 'Y-m-d');

    which fails, cause the date is mal-formatted.

    However, I do not really understand why you have this in the first place, since either you force exact match, or you don’t. But making this whitespace-omitting rule does not make sense to me.

    So consider this not directly a bug report, but more of an improvement suggestions, cause I think validation should be more strict than have unexpected false-true validation.

    The case you mention in your comments “M d Y, H:i” and to fix the extra whitespace between “,” and “H:i” seems irrelevant to me, since no designer forces a user to enter this manually, it is always set through a datepicker.

    Best Regards,

    Arne

    1. Stefan Gabos Post author

      there seems to be a bug in there, indeed, but it’s not from the lines you mention – white space gets trimmed there just for preparing the regular expression used to validate the date, and the actual variable that you are looking for is $regexp (it’s ready at line 989) and it’s perfect 🙂 the problem is that on line 1011 i *really* remove white spaces from the date and that’s what’s causing the problems. i’ll have this fixed in the next version. thank you!

  8. Stefan

    If I create an SELECT field with the option to select multiple fields and create optiongroups, how is it possible to give the actual options a different value? – I wasn’t able to find something about this.

    1. Stefan
      // Get All Categories + Subcategories into an associative array to display them afterwards!
      $categories = mCategoryQuery::create()->filterByParent(NULL)->orderByName()->find();
      foreach($categories as $category){
        $subCategories = mCategoryQuery::create()->filterByParent($category->getId())->orderByName()->find();
        $cntr = 0;
        foreach($subCategories as $subCategory){
          $categoriesSelection[$category->getName()][$cntr] = array($subCategory->getId() => $subCategory->getName());
          $cntr++;
        }
      }
      
      $mpaAddCompany->add('label', 'label_cCategories', 'companyCategories', 'Kategorien');
      $mpaAddCompanyObj = & $mpaAddCompany->add('select', 'companyCategories[]', '', array('multiple' => 'multiple'));
      $mpaAddCompanyObj->add_options(
      $categoriesSelection
      );

      but my output looks like this:

      I mean, with this Code it is that the value is different than the text, but these Optgroups are very disturbing.

    2. Stefan Gabos Post author

      Again, you can find this in the documentation

      $obj = $form->add('select', 'myselect', '', array('multiple' => 'multiple'));
      $obj->add_options(array(
        'Group 1'   =>  array(
          0 => 'Option 1',
          1 => 'Option 2',
          2 => 'Option 3',
        ),
        'Group 2'   =>  array(
          'a' => 'Option 1',
          'b' => 'Option 2',
          'c' => 'Option 3',
        ),
      ));
  9. Stefan

    Another Question. Is it possible to deactivate htmlentites on the $_POST? Because this will destroy my whole Database Records.

  10. Stefan

    If using the upload rule, i always recieve my error message, despite the fact, that the directory named in the rule is existent and has 0777 permission. The strange thing is, that it worked once in the beginning. And i can’t figure out what’s going on.

    1. Stefan Gabos Post author

      the library is unable to correctly determine the paths, but it is something that I already fixed (hopefully), you’ll just have to wait until early next week for the next release…

    2. Stefan

      Hi, right now i found out something odd, and i can’t determine wheter it’s because of Zebra_Form or my hoster.
      The thing is, that I tested the upload funtion again, and voíla it’s working. And the next second i try the same again and badumm, it ain’t working anymore.
      My guess is, it has something to do with the TMP folder, where the file is uploaded to (FROM where i/zebra_form recieves the file).
      Maybe you can help me with that. Again. =)

    3. Stefan

      First. I was able to exclude my hoster as source of the error’s.
      Second, i found an inconsistency in your documentation.

      At the beginning of the rule “upload” there is written:

      'upload' => array($upload_path, $file_name, $permissions, $error_block, $error_message)

      but then in the example $permissions is never considered.

      Maybe something in my code is wrong ?!

      $mpaAddCompanyObj = & $mpaAddCompany->add('file', 'companyLogo');
      $mpaAddCompanyObj->set_rule(array(
        'upload' => array('temp', 'dsafsdfsd', '0777', 'error', 'Ordnerfehler!')
      ));
    4. Stefan

      Sorry for this many comments xD
      I was able to determine when it wont work. The path is not correctly determined if i use /index.php?id=5 but if i just use /?id=5, it works. Kind of odd.

      Maybe you can fix it. Thank you.

    5. Stefan Gabos Post author

      thanks Stefan for all the feedback!
      the bug with the uploads is hopefully already fixed, you’ll just have to wait for the next release, which is due this week.
      also, i will fix the documentation and the example, and I’ll have to have a better look because I wasn’t using permissions at all, so I was doing it wrong! 🙂

  11. KennyG

    Hi there,
    I have a question about security features in Zebra_form. Is Zebra_form 100% secure from new fields added manually ? For example, I add some fields dynamically in my PHP code :
    add('text', 'blablabla'); } ?>
    If someone adds “blablabla” field (or any other random field) with any debugger inside the form, am I sure that Zebra_form will detect a SPAM attack and invalidate the post ? Or should I always check if (is_something() && isset($_POST['blablabla']) { /*INSERT INTO SGDB*/ }

    Thank you !

    1. Stefan Gabos Post author

      – the library will not detect a SPAM attack, nor will it detect that a field was inserted in the form;
      – when processing data, you should rely only on the fields that you yourself added to the form (so there should be no problems if a malicious user adds 100 random fields to the form)
      – all the fields that you added to the form will have to pass all validation rules; so, to take your example, if you have your “blablabla” element in the form and a malicious user injects another “blablabla” element into the DOM, after the original one, when the form will be submitted, the values from the injected one will overwrite the values of the original but still, all the rules will apply
      – this library does both server- and client-side validation, so you can even disable JavaScript and the rules defined will still be enforced

  12. Gilbert

    when i try your example above how to use zebra_form

    and modify the render

    $form->render();

    to

    $form->render(‘vertical’, true);

    it doesn’t have an output.

    i am expecting that it will return a value so what i did is

    $sample = $form->render(‘vertical’, true);

    echo $sample;

    please help me about this.

    I will appreciate for any help, thank you.

    1. Stefan Gabos Post author

      $form->render(‘vertical’, true) results in an error but you have error reporting set too low…
      as per the documentation, you have to use either ‘*vertical’ (with the “*”), ‘*horizontal’ or the path to a custom template. in your case, the library was trying to load a custom template called “vertical.php”…

    2. Gilbert

      Thank you very much for the quick response, i really appreciate it.

      BTW do you have an offline documentation for Zebra_Form that i can download?

  13. cokri

    i get error “File could not be uploaded! ” when upload file from form registration ,please help me

    Any something wrong with these code?

    my scripts:

    ///////ABSTRACT FILE////////////////////////////////////////////////////////
    $form->add(‘label’, ‘label_upload’, ‘upload’, ‘Your Abstract file (Must be Pdf file):’);
    $obj = & $form->add(‘file’, ‘upload’);

    // $obj is a reference to a control
    $obj->set_rule(array(
    ‘required’ => array(‘error’,’Upload Abstract file must be attach’),
    ‘upload’ => array(
    ‘tmp’, // path to upload file to
    ZEBRA_FORM_UPLOAD_RANDOM_NAMES, // upload file with random-generated name
    ‘error’, // variable to add the error message to
    ‘File could not be uploaded!’) // error message if value doesn’t
    ‘filesize’ => array(
    ‘1048576’, // maximum allowed file size (in bytes), this values set with 1mb
    ‘error’, // variable to add the error message to
    ‘File size must not exceed 1MB!’), // error message if value doesn’t validate
    ‘filetype’ => array(
    ‘pdf’, // allow only PDF files to be uploaded
    ‘error’, // variable to add the error message to
    ‘Not a valid pdf file!’ // error message if value doesn’t validate
    )

  14. Gilbert

    why i was always getting the error message after validating the form using $form->validate()

    There was a problem with your submission!
    Possible causes may be that the submission has taken too long, or it represents a duplicate request.
    Please try again.

    Thank you

  15. Patrick Heneghan

    Hi Stefan, really enjoying using Zebra_Form, thank you 🙂

    Quick question: After $form->validate() has been called, how should I get hold of the sanitised value of a particular control? E.g. if I have a form field object $my_date, what should I call?

    My guess is:
    $my_date->value;

    …but this is not clear from the documentation. Can you confirm? Thanks.

    1. Stefan Gabos Post author

      the sanitized values are in the $_POST super-global.
      so, it’s $_POST[‘my_date’]

Comments are closed.