#1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,672
    Rep Power
    171

    Show form if user has not filled the from


    Hi

    I have a form in a webpage where members fill and I store them into the database. After insert I redirect them to see "packages and deals".

    I need to add a feature that if the member has alreay filled the form, they won't need to refill it.

    I don't want to have a login system.

    What would be the proper solution? I already thought of something that might work.

    I can create very long life sessions and set a few things in config like this:

    PHP Code:
    if($form_success)
         {
               
    $newdata = array('Visited' => TRUE);
               
    $this->session->set_userdata($newdata);
         }

    //Config

    $config['sess_cookie_name']        = 'members_visit_254';
    $config['sess_expiration']        = 7200000;
    $config['sess_expire_on_close']    = FALSE;
    $config['sess_encrypt_cookie']    = FALSE;
    $config['sess_use_database']    = FALSE;
    $config['sess_table_name']        = 'ci_sessions';
    $config['sess_match_ip']        = FALSE;
    $config['sess_match_useragent']    = TRUE;
    $config['sess_time_to_update']    = 300


    Please show me example of proper way of this.

    Thank you
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,451
    Rep Power
    1751
    And if they use another computer?
    And if they use a public computer at, say, a library?
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  4. #3
  5. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,672
    Rep Power
    171
    Originally Posted by SimonJM
    And if they use another computer?
    And if they use a public computer at, say, a library?
    I know. Thats what the client wants. Is this way proper?
  6. #4
  7. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,953
    Rep Power
    4033
    Without a login system, the best/only thing to do really would be to just set a cookie with some token that identifies the form information. Whenever someone visits the page check for that cookie and recall the form info associated with the token.

    Do not just try and extend the lifetime of your $_SESSION variables by fiddling with it's settings. Set a completely different cookie using setcookie() and check for it in $_COOKIE. Keep $_SESSION for what it's intended, a single session that goes away when the browser closes.

    You'll want to provide some method for the user to ignore/erase their existing form and re-fill it if they so choose, to handle situations such as public computers.
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  8. #5
  9. Known to taste like chicken
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Location
    In front of my computer
    Posts
    399
    Rep Power
    312
    I would be wary of anything like this. I would stress to the client that the correct way of handling this would be with people creating an account.

    You can get creative with the account creation. Instead of explicitly asking for account info and then asking for them to fill out the questionaire, make the account creation part of the questionaire process, nice and seamless. Dont worry about email confirmation or any of that, make it dead easy to create an account. They will get a heap of spammers create accounts no doubt, but if there is no way they can contribute content to the site, it wont matter.

    If there is ANY personal info at all, I would refuse to do it based solely on a cookie on ethical grounds. As much as users may not want to sign up, they will probably value their privacy more than they hate forms.
    "Take thy beak from out my heart, and take thy form from off my door" - Homer J Simpson / Edgar Allan Poe

    Looking for a project Idea?
  10. #6
  11. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,672
    Rep Power
    171
    Originally Posted by sir_drinxalot
    Dont worry about email confirmation or any of that, make it dead easy to create an account. They will get a heap of spammers create accounts no doubt, but if there is no way they can contribute content to the site, it wont matter.

    If there is ANY personal info at all, I would refuse to do it based solely on a cookie on ethical grounds. As much as users may not want to sign up, they will probably value their privacy more than they hate forms.
    I'd like to see what Northie things of this.
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    well, you do you think of it?

    In my opinion, the underlying problem is that you break user expections. Everybody understands a classical registration: You sign up, the server collects your data, and when you log in, you have access to your account. This is simple and intuitive. It's clear that your data gets stored permanently.

    Your idea is not intutive. You unaskedly store the data I entered into the form, and when somebody visits the page again, you restore my data. Let's hope the somebody is me and not the next guy in line of the internet café.

    I think there's a smarter way of doing this -- like the one suggest by sir_drinxalot. What I would do is try to come up with better alternatives and then simply talk with the customer about potential issues and solutions.

    If you have to do it, be aware that you must generate strong random IDs. You don't want people to browse through the form data of all users.
    Last edited by Jacques1; September 26th, 2013 at 07:38 PM.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  14. #8
  15. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    When I first read this thread the other day, the only reliable way of doing this is by making the user identify themselves first...ie a registration and log in system.

    You are trying to be an expert in this field, but you are lacking the diligence required when taking customer requirements on board. It is your responsibility to inform your clients not just about what is and isn't possible but also about the right way of doing things and the legal implications of doing it wrong

    Comments on this post

    • sir_drinxalot agrees
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]

IMN logo majestic logo threadwatch logo seochat tools logo