Appnitro Software Forums » MachForm 2

feature request: Adding a new field type: username

Started 3 years ago by jgowell | 3 posts |


  1. jgowell
    Member

    I'd like to use MachForm on our server which is accessed over HTTPS and has page access protected by an apache authentication filter. In PHP the authenticated username is available as $_SERVER['REMOTE_USER']; I'd like to allow form managers to make forms that capture this data.

    form makers should be able to add the "user name" field to the form,
    the field it should draw the value form the $_SERVER['REMOTE_USER']

    As other fields have per type options, this type should have options specific to its type.
    Display (?) [] yes [] no

    Regardless of whether the values is displayed, the entry from the user should not be trusted, the usernmae should be read (possible again) on the actual submission (so that a user that manipulates the DOM cannot pretend to have another or NULL username).

    Possibly other servers can access a authenticated user name in another way -- documenting where to specify the PHP code to draw the username into the save routine may allow alternate setups to leverage this same feature.

    Posted 3 years ago #

  2. jgowell
    Member

    oops, found the search after the post.....

    Anybody who has a similar interest, read this linked post:
    http://www.appnitro.com/forums/topic/integration-with-existing-authentication

    I'll post another follow-up shortly with how I adapted what I read at the above URL for a more general solution (at least for me)

    Posted 3 years ago #

  3. jgowell
    Member

    Ok, so I found where "admin" functions are handled for submission: post-functions.

    //if this is private fields and not logged-in as admin, bypass operation below, just supply the default value if any
			if(($element_info[$element_id]['is_private'] == 1) && empty($_SESSION['logged_in'])){
				if(!empty($element_info[$element_id]['default_value'])){
					$table_data['element_'.$element_id] = $element_info[$element_id]['default_value'];
				}
				continue;
			}

    I added an ELSEIF before the continue to catch my case. I did not want to worry about this survey ID that field ID. So, knowing that we have a uniquely named authentication login field, I can tell my form makers add "uniqname" to any form you want, and the system will insert the logged in username when the person submits. Only admins can see/change that value.

    //if this is private fields and not logged-in as admin, bypass operation below, just supply the default value if any
                        if(($element_info[$element_id]['is_private'] == 1) && empty($_SESSION['logged_in'])){
                                if(!empty($element_info[$element_id]['default_value'])){
                                        $table_data['element_'.$element_id] = $element_info[$element_id]['default_value'];
                                } elseif ($element_info[$element_id]['title'] == 'uniqname') {
                                        $table_data['element_'.$element_id] = $_SERVER['REMOTE_USER'];
                                }
                                continue;
                        }
    Posted 3 years ago #

RSS feed for this topic

Reply