system/helpers/form_helper.php
<?php
/**
* CodeIgniter
*
* An open source application development framework for PHP
*
* This content is released under the MIT License (MIT)
*
* Copyright (c) 2019 - 2022, CodeIgniter Foundation
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
* @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
* @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
* @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
*/
defined('BASEPATH') OR exit('No direct script access allowed');
/**
* CodeIgniter Form Helpers
*
* @package CodeIgniter
* @subpackage Helpers
* @category Helpers
* @author EllisLab Dev Team
* @link https://codeigniter.com/userguide3/helpers/form_helper.html
*/
// ------------------------------------------------------------------------
if ( ! function_exists('form_open'))
{
/**
* Form Declaration
*
* Creates the opening portion of the form.
*
* @param string the URI segments of the form destination
* @param array a key/value pair of attributes
* @param array a key/value pair hidden data
* @return string
*/
function form_open($action = '', $attributes = array(), $hidden = array())
{
$CI =& get_instance();
// If no action is provided then set to the current url
if ( ! $action)
{
$action = $CI->config->site_url($CI->uri->uri_string());
}
// If an action is not a full URL then turn it into one
elseif (strpos($action, '://') === FALSE)
{
$action = $CI->config->site_url($action);
}
$attributes = _attributes_to_string($attributes);
if (stripos($attributes, 'method=') === FALSE)
{
$attributes .= ' method="post"';
}
if (stripos($attributes, 'accept-charset=') === FALSE)
{
$attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
}
$form = '<form action="'.$action.'"'.$attributes.">\n";
if (is_array($hidden))
{
foreach ($hidden as $name => $value)
{
$form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value).'" />'."\n";
}
}
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
{
// Prepend/append random-length "white noise" around the CSRF
// token input, as a form of protection against BREACH attacks
if (FALSE !== ($noise = $CI->security->get_random_bytes(1)))
{
list(, $noise) = unpack('c', $noise);
}
else
{
$noise = mt_rand(-128, 127);
}
// Prepend if $noise has a negative value, append if positive, do nothing for zero
$prepend = $append = '';
if ($noise < 0)
{
$prepend = str_repeat(" ", abs($noise));
}
elseif ($noise > 0)
{
$append = str_repeat(" ", $noise);
}
$form .= sprintf(
'%s<input type="hidden" name="%s" value="%s" />%s%s',
$prepend,
$CI->security->get_csrf_token_name(),
$CI->security->get_csrf_hash(),
$append,
"\n"
);
}
return $form;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_open_multipart'))
{
/**
* Form Declaration - Multipart type
*
* Creates the opening portion of the form, but with "multipart/form-data".
*
* @param string the URI segments of the form destination
* @param array a key/value pair of attributes
* @param array a key/value pair hidden data
* @return string
*/
function form_open_multipart($action = '', $attributes = array(), $hidden = array())
{
if (is_string($attributes))
{
$attributes .= ' enctype="multipart/form-data"';
}
else
{
$attributes['enctype'] = 'multipart/form-data';
}
return form_open($action, $attributes, $hidden);
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_hidden'))
{
/**
* Hidden Input Field
*
* Generates hidden fields. You can pass a simple key/value string or
* an associative array with multiple values.
*
* @param mixed $name Field name
* @param string $value Field value
* @param bool $recursing
* @return string
*/
function form_hidden($name, $value = '', $recursing = FALSE)
{
static $form;
if ($recursing === FALSE)
{
$form = "\n";
}
if (is_array($name))
{
foreach ($name as $key => $val)
{
form_hidden($key, $val, TRUE);
}
return $form;
}
if ( ! is_array($value))
{
$form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value)."\" />\n";
}
else
{
foreach ($value as $k => $v)
{
$k = is_int($k) ? '' : $k;
form_hidden($name.'['.$k.']', $v, TRUE);
}
}
return $form;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_input'))
{
/**
* Text Input Field
*
* @param mixed
* @param string
* @param mixed
* @return string
*/
function form_input($data = '', $value = '', $extra = '')
{
$defaults = array(
'type' => 'text',
'name' => is_array($data) ? '' : $data,
'value' => $value
);
return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_password'))
{
/**
* Password Field
*
* Identical to the input function but adds the "password" type
*
* @param mixed
* @param string
* @param mixed
* @return string
*/
function form_password($data = '', $value = '', $extra = '')
{
is_array($data) OR $data = array('name' => $data);
$data['type'] = 'password';
return form_input($data, $value, $extra);
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_upload'))
{
/**
* Upload Field
*
* Identical to the input function but adds the "file" type
*
* @param mixed
* @param mixed
* @return string
*/
function form_upload($data = '', $extra = '')
{
$defaults = array('type' => 'file', 'name' => '');
is_array($data) OR $data = array('name' => $data);
$data['type'] = 'file';
return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_textarea'))
{
/**
* Textarea field
*
* @param mixed $data
* @param string $value
* @param mixed $extra
* @return string
*/
function form_textarea($data = '', $value = '', $extra = '')
{
$defaults = array(
'name' => is_array($data) ? '' : $data,
'cols' => '40',
'rows' => '10'
);
if ( ! is_array($data) OR ! isset($data['value']))
{
$val = $value;
}
else
{
$val = $data['value'];
unset($data['value']); // textareas don't use the value attribute
}
return '<textarea '._parse_form_attributes($data, $defaults)._attributes_to_string($extra).'>'
.html_escape($val)
."</textarea>\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_multiselect'))
{
/**
* Multi-select menu
*
* @param string
* @param array
* @param mixed
* @param mixed
* @return string
*/
function form_multiselect($name = '', $options = array(), $selected = array(), $extra = '')
{
$extra = _attributes_to_string($extra);
if (stripos($extra, 'multiple') === FALSE)
{
$extra .= ' multiple="multiple"';
}
return form_dropdown($name, $options, $selected, $extra);
}
}
// --------------------------------------------------------------------
if ( ! function_exists('form_dropdown'))
{
/**
* Drop-down Menu
*
* @param mixed $data
* @param mixed $options
* @param mixed $selected
* @param mixed $extra
* @return string
*/
function form_dropdown($data = '', $options = array(), $selected = array(), $extra = '')
{
$defaults = array();
if (is_array($data))
{
if (isset($data['selected']))
{
$selected = $data['selected'];
unset($data['selected']); // select tags don't have a selected attribute
}
if (isset($data['options']))
{
$options = $data['options'];
unset($data['options']); // select tags don't use an options attribute
}
}
else
{
$defaults = array('name' => $data);
}
is_array($selected) OR $selected = array($selected);
is_array($options) OR $options = array($options);
// If no selected state was submitted we will attempt to set it automatically
if (empty($selected))
{
if (is_array($data))
{
if (isset($data['name'], $_POST[$data['name']]))
{
$selected = array($_POST[$data['name']]);
}
}
elseif (isset($_POST[$data]))
{
$selected = array($_POST[$data]);
}
}
$extra = _attributes_to_string($extra);
$multiple = (count($selected) > 1 && stripos($extra, 'multiple') === FALSE) ? ' multiple="multiple"' : '';
$form = '<select '.rtrim(_parse_form_attributes($data, $defaults)).$extra.$multiple.">\n";
foreach ($options as $key => $val)
{
$key = (string) $key;
if (is_array($val))
{
if (empty($val))
{
continue;
}
$form .= '<optgroup label="'.$key."\">\n";
foreach ($val as $optgroup_key => $optgroup_val)
{
$sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : '';
$form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>'
.(string) $optgroup_val."</option>\n";
}
$form .= "</optgroup>\n";
}
else
{
$form .= '<option value="'.html_escape($key).'"'
.(in_array($key, $selected) ? ' selected="selected"' : '').'>'
.(string) $val."</option>\n";
}
}
return $form."</select>\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_checkbox'))
{
/**
* Checkbox Field
*
* @param mixed
* @param string
* @param bool
* @param mixed
* @return string
*/
function form_checkbox($data = '', $value = '', $checked = FALSE, $extra = '')
{
$defaults = array('type' => 'checkbox', 'name' => ( ! is_array($data) ? $data : ''), 'value' => $value);
if (is_array($data) && array_key_exists('checked', $data))
{
$checked = $data['checked'];
if ($checked == FALSE)
{
unset($data['checked']);
}
else
{
$data['checked'] = 'checked';
}
}
if ($checked == TRUE)
{
$defaults['checked'] = 'checked';
}
else
{
unset($defaults['checked']);
}
return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_radio'))
{
/**
* Radio Button
*
* @param mixed
* @param string
* @param bool
* @param mixed
* @return string
*/
function form_radio($data = '', $value = '', $checked = FALSE, $extra = '')
{
is_array($data) OR $data = array('name' => $data);
$data['type'] = 'radio';
return form_checkbox($data, $value, $checked, $extra);
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_submit'))
{
/**
* Submit Button
*
* @param mixed
* @param string
* @param mixed
* @return string
*/
function form_submit($data = '', $value = '', $extra = '')
{
$defaults = array(
'type' => 'submit',
'name' => is_array($data) ? '' : $data,
'value' => $value
);
return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_reset'))
{
/**
* Reset Button
*
* @param mixed
* @param string
* @param mixed
* @return string
*/
function form_reset($data = '', $value = '', $extra = '')
{
$defaults = array(
'type' => 'reset',
'name' => is_array($data) ? '' : $data,
'value' => $value
);
return '<input '._parse_form_attributes($data, $defaults)._attributes_to_string($extra)." />\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_button'))
{
/**
* Form Button
*
* @param mixed
* @param string
* @param mixed
* @return string
*/
function form_button($data = '', $content = '', $extra = '')
{
$defaults = array(
'name' => is_array($data) ? '' : $data,
'type' => 'button'
);
if (is_array($data) && isset($data['content']))
{
$content = $data['content'];
unset($data['content']); // content is not an attribute
}
return '<button '._parse_form_attributes($data, $defaults)._attributes_to_string($extra).'>'
.$content
."</button>\n";
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_label'))
{
/**
* Form Label Tag
*
* @param string The text to appear onscreen
* @param string The id the label applies to
* @param mixed Additional attributes
* @return string
*/
function form_label($label_text = '', $id = '', $attributes = array())
{
$label = '<label';
if ($id !== '')
{
$label .= ' for="'.$id.'"';
}
$label .= _attributes_to_string($attributes);
return $label.'>'.$label_text.'</label>';
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_fieldset'))
{
/**
* Fieldset Tag
*
* Used to produce <fieldset><legend>text</legend>. To close fieldset
* use form_fieldset_close()
*
* @param string The legend text
* @param array Additional attributes
* @return string
*/
function form_fieldset($legend_text = '', $attributes = array())
{
$fieldset = '<fieldset'._attributes_to_string($attributes).">\n";
if ($legend_text !== '')
{
return $fieldset.'<legend>'.$legend_text."</legend>\n";
}
return $fieldset;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_fieldset_close'))
{
/**
* Fieldset Close Tag
*
* @param string
* @return string
*/
function form_fieldset_close($extra = '')
{
return '</fieldset>'.$extra;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_close'))
{
/**
* Form Close Tag
*
* @param string
* @return string
*/
function form_close($extra = '')
{
return '</form>'.$extra;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('set_value'))
{
/**
* Form Value
*
* Grabs a value from the POST array for the specified field so you can
* re-populate an input field or textarea. If Form Validation
* is active it retrieves the info from the validation class
*
* @param string $field Field name
* @param string $default Default value
* @param bool $html_escape Whether to escape HTML special characters or not
* @return string
*/
function set_value($field, $default = '', $html_escape = TRUE)
{
$CI =& get_instance();
$value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
? $CI->form_validation->set_value($field, $default)
: $CI->input->post($field, FALSE);
isset($value) OR $value = $default;
return ($html_escape) ? html_escape($value) : $value;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('set_select'))
{
/**
* Set Select
*
* Let's you set the selected value of a <select> menu via data in the POST array.
* If Form Validation is active it retrieves the info from the validation class
*
* @param string
* @param string
* @param bool
* @return string
*/
function set_select($field, $value = '', $default = FALSE)
{
$CI =& get_instance();
if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
return $CI->form_validation->set_select($field, $value, $default);
}
elseif (($input = $CI->input->post($field, FALSE)) === NULL)
{
return ($default === TRUE) ? ' selected="selected"' : '';
}
$value = (string) $value;
if (is_array($input))
{
// Note: in_array('', array(0)) returns TRUE, do not use it
foreach ($input as &$v)
{
if ($value === $v)
{
return ' selected="selected"';
}
}
return '';
}
return ($input === $value) ? ' selected="selected"' : '';
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('set_checkbox'))
{
/**
* Set Checkbox
*
* Let's you set the selected value of a checkbox via the value in the POST array.
* If Form Validation is active it retrieves the info from the validation class
*
* @param string
* @param string
* @param bool
* @return string
*/
function set_checkbox($field, $value = '', $default = FALSE)
{
$CI =& get_instance();
if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
return $CI->form_validation->set_checkbox($field, $value, $default);
}
// Form inputs are always strings ...
$value = (string) $value;
$input = $CI->input->post($field, FALSE);
if (is_array($input))
{
// Note: in_array('', array(0)) returns TRUE, do not use it
foreach ($input as &$v)
{
if ($value === $v)
{
return ' checked="checked"';
}
}
return '';
}
// Unchecked checkbox and radio inputs are not even submitted by browsers ...
if ($CI->input->method() === 'post')
{
return ($input === $value) ? ' checked="checked"' : '';
}
return ($default === TRUE) ? ' checked="checked"' : '';
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('set_radio'))
{
/**
* Set Radio
*
* Let's you set the selected value of a radio field via info in the POST array.
* If Form Validation is active it retrieves the info from the validation class
*
* @param string $field
* @param string $value
* @param bool $default
* @return string
*/
function set_radio($field, $value = '', $default = FALSE)
{
$CI =& get_instance();
if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
return $CI->form_validation->set_radio($field, $value, $default);
}
// Form inputs are always strings ...
$value = (string) $value;
$input = $CI->input->post($field, FALSE);
if (is_array($input))
{
// Note: in_array('', array(0)) returns TRUE, do not use it
foreach ($input as &$v)
{
if ($value === $v)
{
return ' checked="checked"';
}
}
return '';
}
// Unchecked checkbox and radio inputs are not even submitted by browsers ...
if ($CI->input->method() === 'post')
{
return ($input === $value) ? ' checked="checked"' : '';
}
return ($default === TRUE) ? ' checked="checked"' : '';
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('form_error'))
{
/**
* Form Error
*
* Returns the error for a specific form field. This is a helper for the
* form validation class.
*
* @param string
* @param string
* @param string
* @return string
*/
function form_error($field = '', $prefix = '', $suffix = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
{
return '';
}
return $OBJ->error($field, $prefix, $suffix);
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('validation_errors'))
{
/**
* Validation Error String
*
* Returns all the errors associated with a form submission. This is a helper
* function for the form validation class.
*
* @param string
* @param string
* @return string
*/
function validation_errors($prefix = '', $suffix = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
{
return '';
}
return $OBJ->error_string($prefix, $suffix);
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('_parse_form_attributes'))
{
/**
* Parse the form attributes
*
* Helper function used by some of the form helpers
*
* @param array $attributes List of attributes
* @param array $default Default values
* @return string
*/
function _parse_form_attributes($attributes, $default)
{
if (is_array($attributes))
{
foreach ($default as $key => $val)
{
if (isset($attributes[$key]))
{
$default[$key] = $attributes[$key];
unset($attributes[$key]);
}
}
if (count($attributes) > 0)
{
$default = array_merge($default, $attributes);
}
}
$att = '';
foreach ($default as $key => $val)
{
if ($key === 'value')
{
$val = html_escape($val);
}
elseif ($key === 'name' && ! strlen($default['name']))
{
continue;
}
$att .= $key.'="'.$val.'" ';
}
return $att;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('_attributes_to_string'))
{
/**
* Attributes To String
*
* Helper function used by some of the form helpers
*
* @param mixed
* @return string
*/
function _attributes_to_string($attributes)
{
if (empty($attributes))
{
return '';
}
if (is_object($attributes))
{
$attributes = (array) $attributes;
}
if (is_array($attributes))
{
$atts = '';
foreach ($attributes as $key => $val)
{
$atts .= ' '.$key.'="'.$val.'"';
}
return $atts;
}
if (is_string($attributes))
{
return ' '.$attributes;
}
return FALSE;
}
}
// ------------------------------------------------------------------------
if ( ! function_exists('_get_validation_object'))
{
/**
* Validation Object
*
* Determines what the form validation class was instantiated as, fetches
* the object and returns it.
*
* @return mixed
*/
function &_get_validation_object()
{
$CI =& get_instance();
// We set this as a variable since we're returning by reference.
$return = FALSE;
if (FALSE !== ($object = $CI->load->is_loaded('Form_validation')))
{
if ( ! isset($CI->$object) OR ! is_object($CI->$object))
{
return $return;
}
return $CI->$object;
}
return $return;
}
}