It's probably a stupid question.
I have a form on a custom list that I hade to custom design (the form for editing). But because of the law (GDPR) I can't let the users see the list after they save the form.
One part is sloved by them entering in the form from a page with a direct link to it. But the relinking is not.
This is the original part that I figured I have to change
<SharePoint:SaveButton runat="server" ControlMode="New" id="savebutton2"/>
I changed It to this
<SharePoint:SaveButton RedirectUrl="http://www.google.com" runat="server" ControlMode="New" id="savebutton2"/>
This also hellped but It just retuns me to the same empty form.
Can you tell me what I have to change to get it to actualy link it to the redirect link?
As I understand your question, you want to redirect users to another site after they've submitted a form.
What I have done in the past is modify the URL of the new form so that instead of the new item url being : http://mysite/org/hr/Lists/Exit/Item/newifs.aspx?List=b5b9e317%2D4366%2D4557%2D8d29%2Db5dedc71a75a&Source=http%3A%2F%2Fmysite%2Forg%2Fhr%2FLists%2FExit%2FCompleted%2Easpx&RootFolder=&Web=a86f3198%2D79a6%2D4e7f%2Daa26%2D448559533df8
I change the address after &Source in the above URL to the other site. So, it would now look like this:
http://mysite/org/hr/Lists/Exit/Item/newifs.aspx?List=b5b9e317%2D4366%2D4557%2D8d29%2Db5dedc71a75a&Source=http://www.google.com
What will happen, form will open, they'll save, and once the form closes, it will direct them to Google. I didn't need to modify the OOB save buttons - it's a good deal cleaner and quicker!
Hope this helps.
To POST data to the server for an object, one must provide the object's ID for lookup. Where to include the ID and send it to the server is something that has been bugging me. There are three options I have in mind:
Include the ID as part of the URL
Include the ID as part of the POST data
Put the ID in query string (I'm not sure if query string is allowed when doing a POST)
I use python/django for my server end.
Someone please comment on which one I should go with and why. Thanks.
I'd do it via the URL in most cases, particularly if you are creating a view to display an object. Furthermore, I'd use the slug (if there is one) instead of an ID as it looks better in Google SERP, it makes more sense semantically, and it is more readable for users.
Remember that you can easily reverse object's urls using get_absolute_url(), the {% url ... %} tag and the reverse() function. You won't be able to avail of these if you use query strings or Posts to display your objects.
Regarding query strings/parameters; I usually go by the rule of constructing the queryset with my URL, but filtering it with parameters. i.e. If I want to see all posts tagged with something, I get the main queryset via the URL /posts/tagged/some_tag and then drill them down where necessary with parameters; /posts/tagged/some_tag?rating=2
Regarding POST data; this should only really apply when you are presenting a form to edit an object. I would still use the URL to find and display the form (i.e. /posts/my-post-slug/edit/) and I would use parameters to control any options or features (i.e. /posts/my-post/slug/edit/?highlight_required_fields=true) but all the fields of the form would be submitted via POST
for seo related reason in my project i have to trap certain search parameters within the url for the "beautiful url" thing.
The advanced search is composed by 7 parameters, 3 of which are location-related and are the ones interesting our seo consultant.
So, now i'm a bit confused. It's been a while since i started using django professionally, but never had to face an issue like this. Basically, the final url structure must be something like this:
/Italy/Lombardy/Milan/?price=100&miles=10&last_posted=2
and my urls.py is
'/(?P<country>\w+)/(?P<zone>\w+)/(?P<city>\w+)/$', SearchView.as_view()
now, what i'm not sure about is how should i specify my request in the form method to be able to use that exact url schema? POST or GET? And how can i compose the url for the "action" attribute dynamically while the user types? Is this even the correct solution? I'm really confused about it, any help would be really appreciated! Thanks!
you will have to change the action field of the form using script, yes. and set the method to GET, and include in the form only the fields appearing in the query string.
I have a situation where a user will be asked to enter their postal code, once they do then they are redirected to the site with content relevant to the postal code they've entered in. There will be categories etc. In a nutshell, the user will see content only relevant to their area.
PLAN --
I want to store their postal code in a cookie and re-use it every time they come back to the site, of course if there is no postal code they should be directed to enter it in a form. The form will be presented before any other content will be.
My questions are should I use a decorator for this and decorate the views with a custom decorator? Or should write middleware? if I write a custom middleware for this should I use process_request process_view, it seems to me process_request gets called on EVERY request, this may pose a problem.
Thanks!
JeffC
If you want to avoid repetition, you'll need to write a middleware. If it's on EVERY page as you say, and the ZIP code is a prerequisite for using the site, then having a middleware call process_request on every request isn't necessarily a bad thing.
On the other hand, is this necessary? Couldn't your URLs just read like: /blah/12345/videos/? Then instead of having to rely on a cookie for a bookmark, your users can just remmber that page. That would negate your having to write a view, as well.
The main question here is how often will you need to use the ZIP code from the cookie. Will it affect the whole site? Or only one part of it?
If the "ZIP-oriented" content will be used only in one part (one or more, but not the whole application), then go for the decorator. It should check for the cookie and if it's not present - redirect to the ZIP selection form. If it's present - continue processing the view in which you will be able to access the ZIP code and use it accordingly.
If the ZIP code is really going to affect the majority of your service and you don't want to decorate every single view - you can go for the middleware. But you are right - it will be called on every request, so be sure it's absolutely necessary.
I'm building a website using Ubuntu, Apache, and Django. I'd like to block people from filling out and submitting a particular form on my site more than once. I know it's pretty much impossible to block a determined user from changing his IP address, deleting his cookies, and so on; all I'm looking for is something that will deter the casual user from re-submitting.
It seems to me that blocking multiple form submissions from the same IP address is the best way to achieve what I'm looking for. However, I'm unsure how I should do this, and whether I should be doing this from Apache or from Django. Any tips?
Edit: I'm looking to prevent intentional re-submission, not just unintentional double submission. e.g. I have a survey that I want to discourage people from voting multiple times on.
If your main concern is to prevent someone writes a script and automatically submit the form many times, you may want to use CAPTCHA with your form.
Several whole countries are NAT'ed, and some (most?) large multinational corporations too, many with several hundred thousand users each. Blocking anything by IP is a bad idea.
Go for a cookie instead, which is as good as it's going to get. You could also make the user login in, in which case you'd know if the form was submitted repeatedly for that login.
I would use the session id, and store form submissions in a table with session id, timestamp, and optionally some sort of form identifier. Then, when a form is submitted, you could check the table to make sure that it had not happened within a certain period of time.
Filtering on IP address and/or cookies are both easy to get around, but they will prevent the casual user from accidentally submitting the same stuff multiple times due to browser hick-ups, impatience and so on.
If you want something better than that you could implement login, but of course that prevents a lot of users from responding.
Add to the form a monotonically increasing id number in a hidden field.
As each form is submitted, record the id in a "used" list/map (or mark it used, or whatever, implementation detail).
If you get the same id a second time (if it's already in your used map) inform the user they double-submitted.
While nothing is fool proof, I would suggest something like this: When a user loads the page with your form on, a cookie is set and the value of the cookie is appended with a fixed secret string and the md5 value of this is written to a hidden field on the form. Ensure that a new value is generated each time the user access the form.
When the user submits the form, you check that the cookie value and form value match, that the cookie the user was given has not been used to submit the form before and that the referrer id match the URL of the form. Optionally you make sure that there has been no attempts to post from that IP in the last 2 minutes (fast enough that it wont matter to most people, but slow enough to slow down bots).
To fix this the user has to make a script that loads the page, store the cookies and submit the correct values. This is much more difficult than if the user could just submit the form.
Added Based on edit: I would block the users in the Django framework. This allows you to present a much better error message to the user and you only block them from that form.
This is a question of authentication and authorisation, which are related but not the same. In order to manage authorisation you must first authenticate (reliably identify) the user.
If you want to make this resist intentional misuse then you are going to end up with not only usernames and passwords but demands for information that personally identifies your users, along the lines of the stuff a bank asks for when you want to open an account. The bleeding hearts and lefties will snivel endlessly about invasion of privacy but in fact you are doing exactly the same as a bank and for exactly the same reasons.
It's a lot of work and may be affected by law. Do you really want to do it?
The following methods are all relatively simple, both to implement and to hack around. Anyone with Firebug and a little knowledge won't even blink.
The following JavaScript uses Mootools, and I haven't checked it to be bug free. I understand that JQ syntax is almost identical, and raw JS is similar enough, so the point should be clear.
1) If the form is being submitted via AJAX, you can check before submitting (sorry if I'm just stating the obvious).
var sent = 0;
$('myForm').addEvent('submit', function(){
if(!sent) this.send();
})
This is really simple, and surprisingly effective until they reload the page.
2) Add a JavaScript cookie. Again, with Mootools:
$('myForm').addEvent('submit', function(){
if(Cookie.read('submitted')){ alert('once only'); return false;}
else{ Cookie.write('submitted', 1); return true; }
})
This will work even if the user reloads the page.
3) Add a Python session cookie. I am not familiar with Python, but if it is like PHP, this will have no advantage over method 2. In either case, the user can delete the cookie with FireCookie or WebDeveloper Toolbar (or their equiv's on other browsers) and reload the page.
4) Add a Flash cookie (use Flex). This is ideal - Flash cookies are stored in a different location, are not obvious, and are very difficult to remove. The only downside is that you need to create and embed a tiny swf.
5) Store a value in a hidden field, and check for the value.
A hash can be added to the internal links to insure that the value remains filled in even if the page is navigated away from.
6) Other games can be played incrementing a URL (or a custom URL using htaccess) for each visitor.
An swf cookie is the best idea of the above, though it can be combined with the others.