Handle logged in users by not requiring username/email

Still post them as hidden to overcome validation, but still overwrite
the values in backend to avoid manipulation
This commit is contained in:
Flavio Copes 2016-06-30 14:08:59 +02:00
parent 0cf90a74d7
commit ee608539d4
2 changed files with 21 additions and 3 deletions

View File

@ -174,6 +174,12 @@ class CommentsPlugin extends Plugin
$email = filter_var(urldecode($post['email']), FILTER_SANITIZE_STRING); $email = filter_var(urldecode($post['email']), FILTER_SANITIZE_STRING);
$title = filter_var(urldecode($post['title']), FILTER_SANITIZE_STRING); $title = filter_var(urldecode($post['title']), FILTER_SANITIZE_STRING);
$user = $this->grav['user'];
if ($user->authenticated) {
$name = $user->fullname;
$email = $user->email;
}
/** @var Language $language */ /** @var Language $language */
$language = $this->grav['language']; $language = $this->grav['language'];
$lang = $language->getLanguage(); $lang = $language->getLanguage();

View File

@ -11,9 +11,21 @@
{% if field.evaluateDefault %} {% if field.evaluateDefault %}
{% set value = evaluate(field.evaluateDefault) %} {% set value = evaluate(field.evaluateDefault) %}
{% endif %} {% endif %}
{% if grav.user.authenticated %}
{% if field.name == 'name' %}
<input type="hidden" name="{{field.name}}" value="{{grav.user.fullname}}">
{% elseif field.name == 'email' %}
<input type="hidden" name="{{field.name}}" value="{{grav.user.email}}">
{% else %}
<div> <div>
{% include "forms/fields/#{field.type}/#{field.type}.html.twig" %} {% include "forms/fields/#{field.type}/#{field.type}.html.twig" %}
</div> </div>
{% endif %}
{% else %}
<div>
{% include "forms/fields/#{field.type}/#{field.type}.html.twig" %}
</div>
{% endif %}
{% endfor %} {% endfor %}
<div class="buttons"> <div class="buttons">