Select List Selected via URL?

By Rusty - December 17, 2010 - edited: December 17, 2010

I put this in here, because it's something that I'm tinkering around with that's part of the Signup / Profile bits of the Membership Plugin.

I am curious if it is possible by including bits into the URL, to automatically Select an Option from a list.

I realize that the Signup and Profile pages use POST, not GET, so that's kinda out the window.

I want to take a select list (prefreably a multi-select), created in the CMS, and then by passing a URL string through/to it, auto-magically have certain options selected.

I need to figure out a way to remove the capability of the user (who is signing up) from the form, and hopefully pass the pre-selected options on to the form. This way they'll be sent to the form, and Options will be pre-selected, but they won't be able to change those options (unless they get really good at guessing the URL bits).

My first thought was perhaps to create a Multi-List section exclusively for the options that I wish pre-selected.

Then in the User Accounts section have the Options populate from the Multi-List Section editor. Then maybe try to use URL querying to select the options I want... but I'm still not sure how to keep the options selected when we POST the form.... >.< I'm confused. [crazy]

I'm trying to figure out a way to have certain options dynamically pre-selected with out resorting to statically coding the Options list and having certain ones have selected="selected" ya know? That's the whole point of it all, being able to be dynamic.
Rusty

Re: [Rusty] Select List Selected via URL?

By Chris - December 17, 2010

Hi Rusty,

It's difficult for me to come up with an example without a concrete use case, but here are my thoughts:

The simplest solution would be to pass through your query string with a hidden field, like this:

<input type="hidden" name="secret" value="<?php echo htmlspecialchars(@$_REQUEST['secret']); ?>"/>

I would use this approach and output a list field separately (with disabled="disabled".)

Of course, it's still possible to alter hidden fields, so the next step in securing things would be to only accept certain values before saving; next, you could encode (or encrypt) the value so that it would be difficult for people to guess other valid values.

Does that help? Please let me know if you have any questions.
All the best,
Chris

Re: [Rusty] Select List Selected via URL?

By Chris - December 20, 2010

You'll want to use "state[]" as your field name so that PHP properly interprets the multi-value nature of your <select/>. Changes in red:

<?php $fieldname = 'state'; ?>
<?php $idCounter = 0; ?>
<select name="<?php echo $fieldname ?>[]">
<?php foreach (getListOptions('accounts', $fieldname) as $value => $label): ?>
<?php $id = "$fieldname." . ++$idCounter; ?>
<option id="<?php echo $id ?>"
value="<?php echo htmlspecialchars($value) ?>" <?php selectedIf(array_search($value, @$_REQUEST[$fieldname]) !== false, true); ?> />
<?php echo htmlspecialchars($value) ?>
</option>
<?php endforeach ?>
</select>


When you go to save the value, you can get the value to pass to mysql_escape like this:

$state = "\t" . implode("\t", @$_REQUEST['state']) . "\t";

That's the format that CMS Builder uses to store multi-value list fields: a tab-separated and padded list of values.

With another small change, you can set the <select/> to be disabled if the current user isn't an admin like this:

<select name="<?php echo $fieldname ?>[]" <? echo @$CURRENT_USER['isAdmin'] ? '' : 'DISABLED="DISABLED"' ?>>

However, it's trivial for users to bypass that. If you want something more resilient, you'll want to encode or encrypt the selection and pass it through.

I hope this helps! Please let me know if you have any questions.


How can I get a cool user icon/picture/avatar under my name. Didn't see the functionality for that in the "Edit Profile" section of the Forums.


I believe those are reserved for staff, sorry!


Thanks for the awesome support you, & Jason always provide. You're my nerd-core-coding heroes! (And I mean that as a good thing).


Thanks for the kind words. :) We love to help!
All the best,
Chris