HTML5 and Codeigniter for form validation

Form validation where all fields are required. The email field uses an extra syntax and dns check. This script is currently live at: www.why-guy.com/site/contact


CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases. To enable this edit application/config/config.php file and set:

$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;

Controller example:

/**
	 * contact form
	 */
	public function contact(){
		$formsubject = date("Y-m-d H:i:s")." | ".
		$_SERVER['REMOTE_ADDR']." | why-guy.com/site/contact";
		$this->load->helper(array('form', 'url'));
		$this->load->library('form_validation');
		$this->form_validation->set_rules('name', 'Name', 'trim|required|min_length[3]|max_length[50]');
		$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|callback_email_check');
		$this->form_validation->set_rules('comment', 'Comment', 'trim|required|min_length[5]|max_length[120]');

		
		if ($this->form_validation->run() == FALSE){
			//FAIL form rules are not met, reload the form
			$data = array("page_title"		=>	"contact me",
						  "form_subject"	=>  $formsubject,
						  "form_button"		=> 	"<button type=\"submit\" class=\"btn btn-success\">Send the form</button>");

			}elseif($this->form_validation->run() == TRUE ){
			//SUCCES form rules are met, send the email
			$name 	 = trim(addslashes($_POST['name']));
			$email 	 = trim(addslashes($_POST['email']));
			$comment = trim(addslashes($_POST['comment']));
			$message = "name: ".$name."\n\n".
					   "email: ".$email."\n\n".
					   "comment: ".$comment;

			$this->load->library('email');
			$this->email->from('noreply@why-guy.com', 'site mail');
			$this->email->to('guy@why-guy.com');
			$this->email->subject($formsubject);
			$this->email->message($message);
			$this->email->send();
			
			$data = array("page_title"	=>	"contact me",
						  "form_subject"=>  $formsubject,
						  "form_button"	=> 	"<button type=\"submit\" class=\"btn btn-success\" disabled>Send the form</button> Thank you, your form is send  ");
		}
		$this->parser->parse('templates/header',$data);
		$this->parser->parse('site/contact',$data);
		$this->parser->parse('templates/footer',$data);
	}
	
	
	/*
	 * domain checker used for the contact form (above)
	 */
	 public function email_check($str){
		$domainname = explode("@",$str);
		if (dns_get_record($domainname['1']) == FALSE){
			$this->form_validation->set_message('email_check', 'The {field} field contains a invalid domainname');
            return FALSE;
		}
    
        else{
			return TRUE;
		}
		
	}

If you use the form helper the form_open() function will automatically insert a hidden csrf field in your forms.

View example:


<div class="col-md-2"></div>
<div class="col-md-8 panel">
	
	<ul>
		<h2>Please fillout the contact form (all fields are  required).</h2>
		<?php echo form_open('/site/contact'); ?>
		<div class="form-group">
			<label for="exampleInputEmail1">Name<?php echo form_error('name', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?></label>
			<input type="name" name="name" class="form-control" id="Username" placeholder="Your name" value="<?php echo set_value('name'); ?>" required>
		</div>
		<div class="form-group">
			<label for="exampleInputEmail1">Email<?php echo form_error('email', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?></label>
			<input type="email" name="email" class="form-control" id="inputEmail" placeholder="Your email" value="<?php echo set_value('email'); ?>" required>
		</div>
		<div class="form-group">
			<label for="exampleInputEmail1">Subject</label>
			<input type="text" name="subject" class="form-control" id="subject"  value="{form_subject}" required disabled>
		</div>
		<div class="form-group">
			<label for="comment">Comment:</label><?php echo form_error('comment', '<div class="alert alert-danger fade in"><a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>', '</div>'); ?>
			<textarea name="comment" class="form-control" rows="5" id="comment" placeholder="Your comment" required ><?php echo set_value('comment'); ?></textarea>
		</div>
		{form_button}
	</form>
	</ul>
</div>
<div class="col-md-2"></div>

why-guy add:

Last Tweets: