On my webpage, when the user logs in, he stays on the same page:
echo '<form action="" method="POST" class="Form">';
I want to keep the database id of the user in a Javascript variable:
if (Session::isLoggedIn())
{
echo '<script>';
echo ' let memberId = "' . (string)($_SESSION['memberId']) . '";';
echo '</script>';
}
Unfortunately, when the user logs in, my let memberId = "' . (string)($_SESSION['memberId']) . '"; doesn't appear in the client side source code (the page doesn't seem to be as reloaded as I expected).
So what can I do to keep the database id of the user in a Javascript variable?
If none of your code appears, then Session::isLoggedIn() is not true when you user has logged in.
Then, are you sure that $_SESSION['memberId'] contains the id_user when he is logged in?
I would also find it more clear, if you pass the id otherwise, first to html:
<input type="hidden" name="memberId" value="<?php echo $_SESSION['memberId'] ?>"
and then in JS
let memberId = document.getElementsByName("memberId")[0].value;
Related
I encrypted a directory that contains several folders by directories Admin (Protect Option), for example,memberarea directory.
now if someone opens a page of these directories , he must enter his username and password so that he can see the contents of that directory.
I used the following code to write a welcome text to display the text related to each user. In addition, according to the entered username, an audio file will be played when the page open:
<?php
$user_name = $_SERVER['PHP_AUTH_USER'];
if ($user_name == "admin") {
$name = "Sir Alex Morgan";
echo '<div class="wellcome_message">' . $name . ' ، welcome to your site :)</div>';
echo '<script type="text/javascript">
window.onload=function(){
document.getElementById("admin_audio").play();
}
</script>';
}
elseif ($user_name == "user1") {
$name = "Miss Mary";
echo '<div class="wellcome_message">' . $name . ' ، nice to meet you</div>';
echo '<script type="text/javascript">
window.onload=function(){
document.getElementById("user1_audio").play();
}
</script>';
}
.
.
.
?>
Now I want to make the above process happen only once in each browser session, ie if the user, for example, went from page domain.com/memberarea/part1/index.php to page domain.com/memberarea/part3/page.php just as he does not need to enter the password again until the browser is closed, The welcome message and voice will only be displayed for the first time.
In my code, I am retrieving data from the database using a while loop so i can have all the $FormData['fullname'] in the db.
What i want to do is, have each name display on the page and also have clickable so when someone clicks a name, it gets their user_id and pulls up information about them.
The problem i am having is that I can't figure out a way to make a it so where i can get the user_id when the user clicks a name. I tried putting a "name" in the button attribute and I checked if isset() but that didn't work.
If someone can properly figure out a way for me to basically, display all the fullnames in my database and when someone clicks a name, it pulls up information about them that is stored in the database. Here is my code
$stmtGet = $handler->prepare("SELECT * FROM formdata");
$stmtGet->execute();
while($formData = $stmtGet->fetch()){
echo "<button name='name'>$formData[fullname]</button>";
if($_SERVER['REQUEST_METHOD'] =="POST"){
if(isset($_POST['name'])){
echo "ok";
}else{
echo "bad";
}
}
}
As far i can see you are trying hit a button inside the while loop , i would not say its a bad approach , but i will suggest you not to do that . and from your code i can see you have lack of understanding post and get request learn from here . and other than this you need to know the transition of web url . how its actually works . anyway , i have given a sample code without . i hope it will help you understanding this concept.
$stmtGet = $handler->prepare("SELECT * FROM formdata");
$stmtGet->execute();
while($formData = $stmtGet->fetch(PDO::FETCH_ASSOC)){
$id = $formData['formdataid'];
echo "<a href='somepagename.php?infoid={$id}'>". $formData['fullname']."</a></br>";
}
now in the somepagename.php file or in the same page you can actually show the details information for instance
if(isset($_GET['infoid'])){
$stmt = $handler->prepare("select * from formdata where formdataid='"$_GET['infoid']"'");
$qry = $stmt->execute();
$row = $qry->fetch(PDO::FETCH_ASSOC);
echo "<p>id =".$row['formdataid']."</p></br>";
echo "<p>id =".$row['name']."</p></br>";
echo "<p>id =".$row['email']."</p></br>";
echo "<p>id =".$row['address']."</p></br>";
code is not executed , it may have semicolon or comma error warning . you have to fix those on your own . this example above shown you only the way it works .
if still you have problem ask , or see the documentation
I should stress that this is not production code and you should totally validate the data input coming in before posting queries to your DB. You can do something like this.
<?php
// Connect
$connection = mysqli_connect('localhost', 'username', 'password', 'database','port');
// Grab all users
$sql = 'SELECT * FROM users';
$users = mysqli_query($connection, $sql);
if (($_SERVER['REQUEST_METHOD'] == 'POST') && !empty($_POST['user_id'])) {
$query = "SELECT * FROM users WHERE user_id = {$_POST['user_id']};";
$user = mysqli_fetch_assoc(mysqli_query($connection, $query));
}
?>
// This only runs if our $user variable is set.
<?php if (isset($user)) : ?>
<?php foreach ($user as $key => $value) : ?>
<span><?= print_r($value) ?></span>
<?php endforeach; ?>
<?php endif; ?>
// Display all users in a dropdown and when the button is clicked
// submit it via post to this page.
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<select name="user_id">
<?php foreach ($users as $user) : ?>
<option value="<?= $user['user_id'] ?>"><?= $user['name'] ?></option>
<?php endforeach; ?>
</select>
<button type="submit">Submit</button>
</form>
This is going to refresh your page every time. If you want to have an interactive page you are going to need to use JavaScript/AJAX to update the page elements without reloading the page. This example just demonstrates how you can achieve this with PHP and HTML.
you need to know about server-side language(php) and client-side language(javascript).
php runs before page loaded. it cannot runs when click something by itself(with ajax, it can).
most interactions without page move runs with javascript.
in your case, there are two methods.
store all information into hidden input or button's attribute. and get them by user_id via javascript.
use ajax to call another php that can select informations you need by user_id.
both use javascript or jquery. so you must learn about them.
Bear with me; this is my first StackOverflow question. I'm having trouble writing a proper algorithm. Perhaps doing all this to "force" it means I'm over-complicating a simple concept, but it's also very likely I'm just unaware of the fix.
I'm building an experimental cookbook that reads from a database and displays in the browser. I created a list (note: NOT a <ul> or <ol> element) that is populated by <span> items generated by a PDO query to the database. These spans reference the name of each recipe in the database.
<p>
<?php
$recList = $pdo->query('SELECT name FROM Recipe');
$rowCount = $recList->rowCount();
echo 'There are ' . $rowCount . ' recipes currently in our database!';
echo '<br /><br />';
while ($row = $recList->fetch()) {
echo '<span class="recName"';
echo '>' . $row['name'] . "</span><br />";
}
?>
</p>
I then created a scrolling div element:
<div id="recWindow">
<!-- Display recipe queried from the database here -->
<?php require("$DOCUMENT_ROOT/$rec_source"); ?>
</div>
I would like the user to be able to click on the recipe names generated by php and the chosen recipe to display within the <div>. Choosing different recipes should not cause the page to reload.
I feel like the answer lies in an AJAX request to a php file listening for a variable containing the recipe to display, but that's where I'm stuck. Somehow I need to pass the php list items a unique identifier that is recognized by javascript, which in turn handles the onclick change in the div by passing that identifier BACK to php to query the database. While typing that out, I'm almost certain that I've over-complicated this entire process.
I thought of using a dropdown select menu and a GET request, but I'd like to retain the clickable names function if possible.
Answers that conclude my proposed method is too "dirty" and point me in a better direction are completely acceptable. I'm happy to provide any necessary information I left out. Thank you so much in advance.
Environment: Virtual LAMP (CentOS7, MariaDB)
Try something like this
<p>
<?php
$recList = $pdo->query('SELECT name FROM Recipe');
$rowCount = $recList->rowCount();
echo 'There are ' . $rowCount . ' recipes currently in our database!';
echo '<br /><br />';
while ($row = $recList->fetch()) {
echo '<span class="recName" data-id="' . $row['id'] . '"';
echo '>' . $row['name'] . "</span><br />";
}
?>
</p>
<div id="recWindow">
<!-- Display recipe queried from the database here -->
<?php require("$DOCUMENT_ROOT/$rec_source"); ?>
</div>
<script type="text/javascript">
$(document).ready(function() {
$("body").on("click", "recName", function() {
//* get id of required recipe
var recId = $(this).attr("data-id");
//* send ajax-request to back-end
$.ajax({
url: "/get-recipe.php",
method: "GET",
data: {
id: recId
},
success: function(respond) {
//* put recipe-data into container
$("#recWindow").html(respond);
}
});
});
});
</script>
I hope, it shows you the main idea
Hi I am checking my company web sites XSS vulnerability , by adding some script tags to inputs . actually my company site was vulnerable .
<script>alert("Xss Attack");</script>
This alerts
Xss Attack
Now I am trying to do more testing to understand it more , now I am trying to get the session id and pass it to some other web site , then I will get the session id and I will gain the user access using that session_id . this is my code to get session_id , I typed this to my input field and submitted the form.
<script>var sess_id = "<?php echo session_id(); ?>"; alert(sess_id); </script>;
but this only alert <?php echo session_id(); ?>
In my php I out put the variable as
<td> <?php echo $name;?> </td>
BUT
In my PHP page if I directly type the code
<script>var sess_id = "<?php echo session_id(); ?>"; alert(sess_id); </script>
It correctly gets me the session id like ba6k806tlcbvqs0l39ipcms956
I think in my 2 nd case it works correctly because it has no wrapping PHP tags.
In the 1 st case It has wrapping PHP tags <?echo $name;?> .
So how should i add the session_id to javascript variable sess_id ? , please help . thanks in advance :)
So I am learning PHP and mySQL, know HTML and JS. I am making a small note-taking webapp for my self, and stumbled upon a problem. I am generating divs by using a foreach and echo. The notes are stored in a db and requested using "SELECT"-mysql. The delete-button (works as a button but is text) is connected to a form which is also generated; One form for every note.
echo "<form method='post' id='" . $row['id'] . "form" . "' action='handler.php'>";
echo "<input type='hidden' name='deleteRecord_button'";
echo "<input type='hidden' name='" . $row['id'] ."'>";
echo "</form>";
When I submit the form using the delete-button a form is send as POST to a handler.php-file, however I can't seem to find a good way of sending the "id" of the note so that I can
delete it from the database using mysqli "DELETE FROM notes WHERE id = THE ID OF THE NOTE...
Sorry if this makes no sense, but I want to know if there is a good solution as to how I can send the id from notes.php (the picture below) to the handler.php file where I can handle and delete the note from the database. I prefer using "plain" JS, PHP, but I am using jQuery as well.
Change this line ...
echo "<input type='hidden' name='" . $row['id'] ."'>";
to
echo "<input type='hidden' name='id' value='" . $row['id'] ."'>";
Since you're making your form field names contain the ID, you'd need something like this:
$formIDs = preg_grep('/^\d+form$/', $_POST);
foreach ($formIDs as $id_string) {
$id = substr($id_string, 0, -4);
... do something with the ID ...
}
e.g..
<input type="hidden" name="42form" ?>
producing
$formIDs = array('42form');
You didn't specify the value of the 'deleteRecord_button' input. If you add it like I did, it'll work.
<form method="POST" id="<?php echo $row['id'] ?>form" action="handler.php">
<input type="hidden" name="deleteRecord_button" value="<?php $row['id']; ?>"/>
</form>
.
Now, a tip you can ignore if you want.
Instead of using a form to post a value to another page you can also use the GET method. This can be done with less code.
Delete
If you catch the GET in handler.php and if necessary check if there is a user logged in and then execute the database command. If you do, make sure if the delete variable is a number. You could use is_numeric for that.