lis
Home > Confirmation Elements > Flat File
In Brief: Send the result of this form to a flat file on the local file system.
Dependencies: A form and write permissions to the file save location.
Hints & Tricks: Be sure to set the correct file permissions for the folder/file your writing to!
We can create XMl files that have data appended to them by using XML Wrapper property.
Options/Properties
Flat File Data Composer
Placing any value in the field will over-ride the values set in the Flat File Simple List text area. That is, the Flat File module can work in free-form mode, or can create Excel compatible lists.
Another way of saying it: If you place values in this area, it's probably because you are creating unique files for each instance of the form being filled out. If you use the Flat File Simple List, you're probably trying to create an Excel spreadsheet where many entries are stored in one file.
This property allows us to create valid XML files that are appended to with each form submission. Please note this field only applies to data originating via the Flat File Data field.
To understand what this field is needed, remember that a valid XML file must be wrapped in a single root node. This root node can of course have an unlimited number of children in any valid format, but we must always have one root node.
The problem is when we create a file structure using the Flat File Data field we'll loose the root node after the first submission, as we append data using the templates format to the existing file data. Thus, the root node cannot be part of the Flat File Data field as we'd simply keep writing more root nodes. Remember, we can only have one root node.
The solution is the XML Wrapper field. When we supply a value to this box we wrap it in XML open and close tags (e.g. <>) and prepend and append it to the existing file data.
Now we have our root node, and the XML schema we supply to the Flat File Data box will nest within it properly.
Flat File
It's important to understand this field should be thought of as a series of pieces which when combined form a complete path, filename, and extension.
By default we save to the some directory as the form. Thus, if we used:
file.txt
Our file would be called file.txt in the same location as the form.
Of course the problem with this is should a second entry arrive, the first file would be over-written.
Thus, we generally need to use Dynamic tokens when creating file names. To help us create such unique names we can use several tokens in the File Location & Name field:
${session_id} = session_id();
${timestamp} = time();
${datetime} = date('Y-m-d H:i:s', time());
${remote_ip} = $_SERVER['REMOTE_ADDR'];
This field is also dynamic token ready, which means we can use #{field_name} and ${php_var_name} to create a dynamic file name based on form field entry values.
Thus, when we put this all together we can string a series of tokens and characters together such as:
#{last_name}-${remote_ip}-${timestamp}.txt
To create a file name like:
Smith-127.0.0.1-1297196254.txt
As of Build 699 this field now accepts the standard RackForms 2 token set, which means we use F{} for field elements, P{} and G{} for POST and GET, and S{} and ${} for SESSION and raw PHP variables.
Thus, we could rewrite the sample above to be:
F{last_name}-${remote_ip}-${timestamp}.txt
SECURITY ALERT! Use caution however, in that you generally do not want to give your sites visitors access to your servers file system without some form of filtering. At very minimum you should verify the integrity of the field variable first by passing the value to a PHP variable in the PHP Top Code block, and use that filtered value to process the file name and path (if applicable).
The reason why is that when it comes to naming files there are a few openings for malicious activity to occur.
The first is in the path the file is saved to. By placing a ../ in the dynamic field the visitor will effectively save the file one level up from the base location, provided the web server has access to that location.
The good news is on that front, that is, file location, as of build 699 our ability to secure the file system has been simplified with the Remove Path Data From Dynamic Location option.
However, we still have the issue of file extension. A user could add a .txt or .img to a form field value, and if you don't provide your own extension, there's will be used instead. This isn't so much a security risk as path location, but it's still important to force your hand by always providing your own file extension if possible.
Finally, as mentioned above, if you want to use the ${php_var_name} token, the code for defining the PHP variable must be placed in the PHP Top Code text area.
When checked, takes any PDF file generated by RackForms and sends to the location defined by File Location & Name. PDF file generated by RackForms means any file created by the PDF Output Mode where email is included in the name. Please note when using this mode the PDF file name is generated by RackForms, and cannot be changed.
Although we warn to be careful with this setting in the editor, careful modification of the path by sanitizing it first in the PHP Top Code block will go a long way to making sure users do not accidentally or maliciously hard our system. If in doubt, do not check this box however!
As with Remove Path Data From Dynamic Location, this setting is fraught with danger. Unless you know exactly what your doing and/or can absolutely 100% trust your users, use a database powered file management solution instead!
This field is only used for Flat File Simple Lists.
This field is only used for Flat File Simple Lists.
The Flat File module works in one of two ways: Either we create a custom file using the Flat File Data text area, or you can create a Excel like list using this field.
If you choose this method, RackForms will take the field and PHP variables you set and use the Field Separator and New line Character fields to create the file for you. This is most useful in situations where you need to create Excel compatible files where each entry is tab delimited, and on its own line.
One special feature of this field is the EXCEL token. When used, RackForms will take all form field items submitted by the user and create a comma delimited file, complete with a header row containing each field items field name. This is very handy as large forms would require a significant amount of work to create such a list.