Re: [Postfixadmin-devel] Request for help to create bulk email address
Brought to you by:
christian_boltz,
gingerdog
From: Christian B. <pos...@cb...> - 2011-12-28 19:17:21
|
Hello, Am Mittwoch, 28. Dezember 2011 schrieb Rudi Floren: > Can't you add the csv as hidden form field(s)? Short answer: No(t really). Longer answer: That would mean it _must_ be validated again in the next step, because an attacker could use a manipulated form. I know we are talking about authentificated admins here, but still. (And there are lots of setups where you can't trust every admin - for example, I give my customers admin access for their domains. I'd guess none of them knows how to manipulate a form, but if someone finds it out (firebug isn't that hard to use), I don't want to be f***ed off ;-) Not to mention that a hidden form field would mean to send lots of useless bytes around the world twice ;-) > Am 28.12.2011 12:42, schrieb Sonam Penjor: > > I have completed the validation of the CSV file for bulk email ID > > creation. I have brown down my works into two parts (for my > > reference). PART I - upload the csv file and validate the > > contents (line by line), display the status. PART II - will > > create the mail box. > > > > So far I completed the PART - I: > > 1. Uploaded the csv file and validated whether uploaded file is in > > csv format or other. > > 2. Validated the username (check whether space exist in between) > > 2. Check for the existence of username > > 3. Considered as an error if sl no 1 and 2 exist. How does your error handling look like? Abort if at least one problem is found? Or just skip the invalid and existing mailboxes? > > 4. Total mail box ready for creation (number of correct entries > > without the entry row of sl 1 and sl 2) > > 5. Displayed the status Does this mean you'll display a page with sections like - The following mailboxes already exist and will be skipped: - The following usernames are invalid and will be skipped: - The following mailboxes will be created: > > After displaying the status I am requesting admin whether to > > create (process) or to cancel. > > > > Now, to process, there will be post method again where the > > uploaded values or contents from PART I will no longer exist. I > > am just wondering whether I should create temporary table or file > > or use SESSION to store all the data collected from PART I for > > the PART II purposes. I would use the session - it is easy to use, and we get an automatic cleanup by PHP (at logout or session timeout) for free. In other words: handling a temporary table or file causes lots of additional work without any benefit. If you implement it in a nice way (I'd say: after creating a mailbox, delete it from the list in the session), the code can even continue with the remaining mailboxes after it was stopped (because of PHP max_execution_time etc.) Combined with some AJAX, you could exit the script yourself some seconds before max_execution_time and call it again. This would even allow you to draw a nice progress bar ;-) (That said: please use lightweight code and don't introduce a big JS framework just for doing this - otherwise I'll recommend to just use self-redirects in an <iframe> *g* Hmm, thinking about it, why not use <iframe> self-redirects from the beginning?) Oh, BTW: If you send your code early, you'll get an early review and changes (if needed) will be easier. Regards, Christian Boltz -- |#| Die drei wichtigsten Tugenden eines Programmierers: |#| Faulheit, Ungeduld und Selbstüberschätzung |