Accessing Data From Forms

SohDubom was asking in a comment from an earlier post about accessing data from forms. I told him I'd do a post on that and so here it is. We'll, as is usual, start from an existing post, in this case the Using Different .xhtml Files for Different Pages. Let's try to simulate a login page with a couple of different fields, the normal login and password. We'll go ahead and grab the values, save them, and then redirect to a new page. On the new page, we'll print a message and then print out the login and password to show they're available. Best practices however do not allow the plain text printing of a password or for that matter skipping any kind of validation. This is just for the sake of an example. Here's the ruby code:

require 'rubygems'
require 'ramaze'

# This example is based on the previous "Using Different .xhtml Files for
# Different Pages" example.  It has two methods (index and
# logged_in). The index method will take data from a form, set the session
# and flash variables, and then finally redirect to the logged_in screen where
# it will display the flash message and the login/password values.
class MainController < Ramaze::Controller
    # Use page.xhtml in the view directory for layout
    layout :page

    # You can access it now with http://localhost:7000/
    # This should display a form with a login and a password as 
    # well as a "Login" button in your browser.
    # For anything that is entered, we will save the values
    # in the session, set the session variable, set the flash
    # variable, and redirect to the logged_in screen.
    def index
        
        # Make sure we're getting here from a post request.
        if request.post?
            # Use the name= portion of the input form to grab the data
            # from the request variable and save it in the session
            # hash table.
            session[:loginID] = request[:loginID]
            session[:pw] = request[:pw2]

            # Set the flash message which will only be available in the next
            # screen. In this case that will be the logged_in screen.
            flash[:message] = "Successfully logged in!!!"

            # Redirect to the logged_in screen.
            redirect Rs(:logged_in)
        end
    end

    # Show the message in the flash variable and print out the 
    # login ID and password. Typically, you wouldn't want to do
    # this in a real environment.
    def logged_in
        "#{flash[:message]} #{session[:loginID]} : #{session[:pw]}"
    end
end

Ramaze.start

Our page.xhtml hasn't changed at all:

<html>
    <head> <title>Using Forms</title> </head>
    <body>
        #@content
        <h5> Powered by Ramaze </h5>
    </body>
</html>

and finally here's the index.xhtml which contains the form and input boxes:

<form id="login" method="post">
    <div>
        <!-- for= goes with id=, the name= is placed in the request variable. -->
        <label for="nick">Login:</label>
        <input id="nick" name="loginID" type="text" />
        <br/>
        <label for="pw1">Password:</label>
        <input id="pw1" name="pw2" type="password" />
        <br/>
        <input type="submit" value="Login" />
    </div>
</form>

So, first the user puts in a login and password and then hits the login button. The index method takes over from that point and grabs the login and password from the request hash table which uses the name= value from the input field in index.xhtml as the key. It then stores the values in the session variable which is availble everywhere. It also sets the flash variable which will be available in the next page only. Finally, it redirects to the logged_in page which returns the flash and the login and password to be rendered as the @content. In a real system, you would validate the login and password probably using a model and there's a fair chance (as noted above) that you wouldn't display the password in the logged_in screen.

As always, let me know if you have questions or comments.