Good Morning all, firstly I must confirm this first. I am not a programmer but have basic knowledge of PHP etc from my teenage years. I am a commercial bee farmer that runs an eCommerce Magento website selling live bees & queens. As we are seasonal it is important our website functions correctly.
We recently changed our payment processor to UTP - Universal Transaction Processing whom offered us Magento to seamlessly integrate our payment for Debit / Credit cards. Unfortunately this has not been the case and our customers have been complaining they are unable to make payment.
After weeks of trying to replicate the issue I managed to replicate it consistently in IE 11 (Sorry I deal with people that use this!). It would load a blank page on transfer from my checkout page.
I widdled it down to the following code
echo "<script>document.onreadystatechange = () => {document.getElementById('redirect').submit();}</script>";
My understanding is IE11 has dropped support for this document.onreadystatechange
I modified the code to
echo "<script>document.getElementById('redirect').submit();</script>";
Now I don't believe this is an ideal solution as some browsers are transferring it too early before its read all the form data resulting in errors when payment page is reached.
Is anyone able to offer a solution to this? We are loosing so much custom, it is extremely important to us (being seasonal). Its our only opportunity to make money to survive through winter. This should be UTP's obligiation to fix but they are claiming there is NO issue yet I was able to replicate it multiple times on different platforms, I even set up a FRESH Magento install to prove it to them and they still deny any issue! I am going to and from a company denying there is anything wrong.
Would really appreciate some help in this mmater, here is the full code for this section.
public function redirectPayment() {
$this->log('Redirecting user for payment');
// Add hosted parameters to the generic order information
$session = $this->session->getData();
$req = array_merge(
$session[self::_MODULE]['req'],
array(
'redirectURL' => $this->getOrderPlaceRedirectUrl(),
'callbackURL' => $this->getOrderPlaceRedirectUrl(),
'formResponsive' => $this->responsive
)
);
// Comment session data
$this->log($this->commentSessionData());
$req['signature'] = $this->createSignature($req, $this->secret);
// Always clear to prevent redirects after
$this->clearData();
echo "<form id='redirect' action='" . self::HOSTED_URL . "' method='POST'>";
// Get session stored keys for a hosted request
foreach ($req as $key => $value) {
echo "<input type='hidden' name='$key' value='$value'/>";
}
echo "</form>";
echo "<script>document.onreadystatechange = () => {document.getElementById('redirect').submit();}</script>";
}
Related
I have a php website. The first page contains a list of products and I'm currently passing the ID (picked up from mysql database) for the product within the URL to the items page i.e. localhost/item.php?4
I don't want to show any parameters in the URL so have investigated another option which is using a session.
The issue with this is that the link to each of my items is in a while loop retrieving ID and product name from the database so I'm having issues making the session mirror the ID when an item/link has been clicked.
Here's a snippet of my code (I've removed the session code):
$stmt = $con->prepare("SELECT pid, product_name FROM persons where deleted = ? order by order_age desc");
$stmt->bind_param("i", $del);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo '<tr><td>';
$phn = $row["pid"];
echo "<span><a class='storage' href='item.php'>" . $rows["product_name"] . "</a></span>";
}
echo "</td></tr>";
}
I guess I have two questions:
Is it possible to achieve what I need to do
What is the correct way of achieving this
Thanks in advance,
Pete
Options, briefly
You could first load /item.php?id=4 then redirect to /item-hidden.php & use $_SERVER['HTTP_REFERER'] & parse_url & process the GET portion of the referrer url.
You could also use session for this. Set the session variables when the page loads to the long-url, then redirect to the short url, load the session & clear the session.
If you just want to shorten the url, then you could use uniqid() And put the unique id in the url & save the paramaters to a session variable with that unique id.
You could use a pre-made url shortener.
You could roll your own url shortener using a reference file that holds an array or a database.
There are surely other creative solutions that I haven't thought of
My thoughts:
Hiding the url altogether will make for a poor user experience - inability to bookmark, using the back-button will be funky, hard to share an item on social media or a blog
Shortening the url is nice but not necessary
Depending on the options you're working with, you might be able to create shorthands that are more friendly to look at in the url bar or db-references for sets of options that are extremely common
What you're trying to do seems like a great learning project - learn about sessions, http_referer, databasing & whatnot. I think by doing what you're wanting, you'll learn that you don't really like how it feels - or you might come up with a clever way to make your URLs prettier & make the UX really nice.
So i know some html, css, js, php and mysql but my knowledge is very limited regarding security issues
and for a website i'm building till now i just used css display:none (triggered with js) to
show or not to show some content to the user depending on his type (client, employee, boss).
I've understood that if you don't want to have the risk of someone seeing something he should
not (inspect page or some other way) you should not send that information(from server-side = php) at all.
I'm not sure if the way i have in mind is the right one.
If i have 3 types of users 1)clients 2)employees 3)Boss
and i want to show different content (basically the same content but a bit more information
to employees and even more to boss) to each of them for 5 of the pages that exist in the website would it be effective
to have 3 different php files(one for each type of user) for each page , store at $_SESSION['authority'] different values for each user during the login process and use that value to decide which page he can access?
For example the starting page is index.php and when the user logs in depending on his authority level (retrieved from database) he will be
redirected by using header("Location: name_of_page.php"); to index.php if he is a client, to index_employee.php if he is an employee
and to index_boss.php if he is the boss.
And in each of these pages use something like the following to prevent users with different authority to enter.
index_boss.php
<?php
session_start();
if($_SESSION['authority'] == 2 && $_SESSION['loggedin'] == true) {
?>
page content
<?php
}
else
{
if( $_SESSION['authority'] == 1 )
{
header("Location: index_employee.php");
}
else
{
header("Location: index.php");
}
}
?>
Is this the correct way to tackle this issue?
Are there ways to just use 1 php file for all users and hide or show some of the content with some other secure way?
YES it possible in the same page to do this! Just do tit like this:
according to: 1)Boss 2)employees 3)clients
index.php
<html>// Start the session here
<?php session_start();?>
<head>
//Your configuration
</head>
<body>
<?php
if($_SESSION['authority'] == 1 && $_SESSION['loggedin'] == true) {
?>
Here the Contents of the boss
<?php
elseif($_SESSION['authority'] == 2 && $_SESSION['loggedin'] == true) {
;?>
Here the contents of employee
<?php }else{ ?>
Here the contents of clients
<?php };?>
</body>
</html>
The appropriate solution here is a role based system. In other words, create 3 roles and put users into those roles. The objects you will need are:
User
Role
Permission
Optionally - application
Optionally - part of an application (action for example)
Create your role based permissions system using these objects. Hope that helps!
Your implementation does seem correct for a low level site. However, as you scale it might be difficult to keep track of these for every single part or sub-part of your website.
I would suggest either using a class approach (create a different class for each user and use objects) or even use a framework which would usually encompass usage of classes within its own structure to ease the process of implementation and coding from your side.
Frameworks you might like to implement include CodeIgniter or Laravel (in no particular order) - bear in mind that at the moment, your code is doing these if checks every single reload - a correctly implemented class or framework would in most cases automatically know what to do giving a slightly quicker reaction time but more importantly, a clearer code structure and a good base to develop on.
I'll try to be thorough and brief here. I am currently working in Joomla for the first time, but I've developed before. I am using Joomla 3.4. What I am trying to do:
A user signs up for our newsletter through a specific page that directs them to a coupon.
The next page shows them the coupon and has an email tag in the URL (i.e. &email='email')
I am trying to code within a module to parse out that email and send a copy of the coupon to that users email automatically.
I can't use a general automatic email when any user subscribes, because only users that sign up from that specific page will get the coupon. I have turned all text filtering off and am using basic module editor. When I save the module, the code shows just fine in the edit box. When I viewed the source of the page, that script tags would still be there, but the code would all be blank. I have now gone into phpmyadmin and can edit the module directly there. Now, the script is showing up just fine.
I've tried many different fixes, including adding a jQuery($) function load in order to bypass any issues with mootools. Wondering if it was an issue with Javascript, I cleared the script and made a simple alert("Testing..."); script that fired just fine on the page. This means that there must be something within my full script that is not working correctly. Any help or other ideas would be wonderful. I have spent over a day on this already and am at wits' end. Here's the code:
<script type="text/javascript">
function get(name){
if(name=(new RegExp('[?&]'+encodeURIComponent(name)+'=([^&]*)')).exec (window.location.search))
$recipient = decodeURIComponent(name[1]);
}
$mailer = JFactory::getMailer();
$config = JFactory::getConfig();
$sender = array(
$config->get( 'config.mailfrom' ),
$config->get( 'config.fromname' )
);
$mailer->setSender($sender);
get('email');
$mailer->addRecipient($recipient);
$body = '<h2>Thank you for joining our mailing list!</h2>
'<div>Here is your coupon for a FREE 8" 1-topping pizza at Goodfellas!'
'<img src="http://www.goodfellas309.com/main/images/pizzacoupon.jpg" alt="pizza coupont"/></div>';
$mailer->isHTML(true);
$mailer->Encoding = 'base64';
$mailer->setSubject('Your Free Pizza!');
$mailer->setBody($body);
$send = $mailer->Send;
if ( $send !== true ) {
echo 'Error sending email: ' . $send->__toString();
} else {
alert("An email with your coupon has been sent to you! Thank you for joining our mailing list!");
}
');
</script>
I have even attempted an inline PHP parse through Joomla with this code wrapping the javascript:
<?php
$document = JFactory::getDocument();
$document->addScriptDeclaration('
-Javascript here-
');
?>
I've always loved StackOverflow, and the answered questions have gotten me out of so many jams. I just can't find the answer to this anywhere. Thanks for your time!
Put the following inside your module.
<?php
// Get the email from the url
$jinput = JFactory::getApplication()->input;
$recipient = $jinput->get('email', '', 'string');
$mailer = JFactory::getMailer();
$config = JFactory::getConfig();
$sender = array(
$config->get( 'config.mailfrom' ),
$config->get( 'config.fromname' )
);
$mailer->setSender($sender);
$mailer->addRecipient($recipient);
$body = '<h2>Thank you for joining our mailing list!</h2>'
.'<div>Here is your coupon for a FREE 8" 1-topping pizza at Goodfellas!'
.'<img src="http://www.goodfellas309.com/main/images/pizzacoupon.jpg" alt="pizza coupont"/></div>';
$mailer->isHTML(true);
$mailer->Encoding = 'base64';
$mailer->setSubject('Your Free Pizza!');
$mailer->setBody($body);
$send = $mailer->Send;
if ( $send !== true ) {
echo '<script type="text/javascript">Error sending email: ' . $send->__toString() . '</script>';
} else {
echo '<script type="text/javascript">alert("An email with your coupon has been sent to you! Thank you for joining our mailing list!");</script>';
}
Note: Depending on where you're putting this code you might need an extension like this one to make the php run.
This might be a big question, but I find the Twitter developer website even more confusing than the Facebook developers site. So after finishing the Facebook API, I'd like to do some more research and find out how the Twitter API works.
What I want to do is make a basic application that could read and display a logged in users Twitter home feed, and publish a Tweet to their profile. But first things first, how do I read and show a users feed?
First off I'll have to authenticate a user and my application. Could anyone show me an example on that with code that I could read up on?
Then I'll have to read that users feed. This is done by sending a GET request to /statuses/user_timeline.json, but how do I do this in code? How do I receive the response, and lastly how can I display that to a user?
I know Facebook had an example on their webpage which walked you through step by step a process like this (with code), but do Twitter have anything like that? If not, could anyone who has a clue give me a little guide and some code?
Now, if you know/ have the time to respond further, I would like to know how I can publish something to a users stream. I assume it's done by sending a POST request to something, but I haven't read up on that yet. If you know, please feel free to add it to your answer. If not, no stress. Reading the stream is the most important.
So, thanks for taking the time to read through this and hopefully someone knows how to do this/ where to read up on this. Thanks in advance.
Aleksander
I use PHP to get a users tweets. I'm presuming it could be done with JS too.
Here is what I use:
function getTweets($userid,$x){
$url = "http://api.twitter.com/1/statuses/user_timeline/$userid.xml?count=$x";
$xml = simplexml_load_file($url) or die('Could not get tweets');
echo '<ul>';
foreach($xml->status as $status){
echo grabTweetData($status);
}
echo '</ul>';
}
function grabTweetData($status) {
$id = $status->id;
$user = $status->screen_name;
$text = twitterify( $status->text );
$timestamp = $status->created_at;
$date = substr($timestamp, 0, 10).', '.substr($timestamp, -4).' at '.substr($timestamp, 11, 5);
$tweet = '<a href="https://twitter.com/'.$user.'/status/'.$id.'"><li>';
$tweet .= '<div class="ttext">'.utf8_decode($text).'</div>';
$tweet .= '<div class="tdate">Posted on: '.$date.'</div>';
$tweet .= '</li></a>';
return $tweet;
}
function twitterify($ret) {
//links #tags and #users
$ret = preg_replace("#(^|[\n ])([\w]+?://[\w]+[^ \"\n\r\t< ]*)#", "\\1<a href=\"\\2\" >\\2</a>", $ret);
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r< ]*)#", "\\1<a href=\"http://\\2\" >\\2</a>", $ret);
$ret = preg_replace("/#(\w+)/", "<a href=\"http://www.twitter.com/\\1\" >#\\1</a>", $ret);
$ret = preg_replace("/#(\w+)/", "<a href=\"http://twitter.com/search?q=\\1&src=hash\" >#\\1</a>", $ret);
return $ret;
}
If you're just getting started with APIs you should check out Temboo. Temboo makes APIs easier to work with by letting you experiment with thousands of API calls in your browser, and then generating source code for the API calls you want in the language of your choice (Java, iOS, Android, PHP, Ruby, Python, Node.js). You can also generate curl requests to the Temboo API if you're using Javascript.
Temboo's Twitter support, which will help you do everything you mentioned above, is here: https://www.temboo.com/library/Library/Twitter
(Full disclosure: I work at Temboo).
I downloaded a script to run a very basic counter on two of my website's pages. Since April 2009 it's run beautifully, but in the last three weeks it would suddenly disappear, then reappear occasionally. This week it's every day.At first the counter just disappeared, now the pages with the counters don't load except the banner. The page will load eventually, up to five minutes sometimes. But without the counter showing. That comes ages later. Then it can all disappear again!
[http://www.thepenvro.com/][1] is the home page Then if you click on "NEWS", then on "Social Events News" that's the other page that has a counter. (We are trying to see who is interested in the reunion info). The pages are erratic. They will either be OK, or they are there but missing the counter in the lower left of each the two page, or the pages will only show the headers with no page content OR counter. All in no particular order.
I have gone into the server side of my site and reset the scripting (was told to do that by the Streamline.net tekkie). It doesn't seem to help but now and then and wonder if it's just coincidence.
It affects another script. I have a form to email that works great, but when this counter disappears, it brings down the form to email function on the Contacts page. I put a note at the bottom of the form for visitors to just send an email when they get the error message. The full error message when you can manage to get SUBMIT to even change screens is:
FastCGI Error
The FastCGI Handler was unable to process the request.
Error Details:
The FastCGI pool queue is full
Error Number: 4 (0x80070004).
Error Description: The system cannot open the file.
HTTP Error 500 - Server Error.
Internet Information Services (IIS)
Streamline asks me to replicate the error...I can't! I can only give them what I am posting here and screenshots. So I don't have a clue if it's my script or them. The script for the counter is below. It was something I purchased as well. I first thought maybe it was IE8 that was causing the trouble, but the same problem shows in Firefox.
One last note....It's not the form to email that's a problem as I have that also running in one of the sub-domain's of the site and there is NO trouble there. But I do not have the counter running anywhere on the sub-domain either. I have all the same features for the main and sub-domain.
Thank you for any help...I am a complete novice so any solutions will be gratefully received. We are doing the publicity for our reunion in May and I have a big email campaign after Christmas to get out and I don't want the site all buggered up. If there is an alternative counter or if the version's php I have is too old, I am happy to purchase a better one from a reputable source.
<?php
/*******************************************************************************
* Title: PHP hit counter (PHPcount)
* Version: 1.2 # October 26, 2007
* Author: Klemen Stirn
* Website: http://www.phpjunkyard.com
********************************************************************************
* COPYRIGHT NOTICE
* Copyright 2004-2007 Klemen Stirn. All Rights Reserved.
*******************************************************************************/
// SETUP YOUR COUNTER
// Detailed information found in the readme.htm file
// Count UNIQUE visitors ONLY? 1 = YES, 0 = NO
$count_unique = 1;
// Number of hours a visitor is considered as "unique"
$unique_hours = 1;
// Minimum number of digits shown (zero-padding). Set to 0 to disable.
$min_digits = 0;
#############################
# DO NOT EDIT BELOW #
#############################
/* Turn error notices off */
error_reporting(E_ALL ^ E_NOTICE);
/* Get page and log file names */
$page = input($_GET['page']) or die('ERROR: Missing page ID');
$logfile = 'logs/' . $page . '.txt';
/* Does the log exist? */
if (file_exists($logfile)) {
/* Get current count */
$count = trim(file_get_contents($logfile)) or $count = 0;
if ($count_unique==0 || $_COOKIE['counter_unique']!=$page) {
/* Increase the count by 1 */
$count = $count + 1;
$fp = #fopen($logfile,'w+') or die('ERROR: Can\'t write to the log file
('.$logfile.'), please make sure this file exists and is CHMOD to 666 (rw-rw-rw-)!');
flock($fp, LOCK_EX);
fputs($fp, $count);
flock($fp, LOCK_UN);
fclose($fp);
/* Print the Cookie and P3P compact privacy policy */
header('P3P: CP="NOI NID"');
setcookie('counter_unique', $page, time()+60*60*$unique_hours);
}
/* Is zero-padding enabled? */
if ($min_digits > 0) {
$count = sprintf('%0'.$min_digits.'s',$count);
}
/* Print out Javascript code and exit */
echo 'document.write(\''.$count.'\');';
exit();
} else {
die('ERROR: Invalid log file!');
}
/* This functin handles input parameters making sure nothing dangerous is passed in */
function input($in) {
$out = htmlentities(stripslashes($in));
$out = str_replace(array('/','\\'), '', $out);
return $out;
}
?>
This has nothing to do with the PHP code, but with the configuration of the webserver. It probably gets hit too many times per second to be able to process all requests.
Try looking at the following settings from IIS:
instanceMaxRequests
maxInstances
queueLength
If you visit the counter directly you can see this error message:
<h1>FastCGI Error</h1>
The FastCGI Handler was unable to process the request.
<hr>
<p>Error Details:</p>
<ul>
<li>The FastCGI pool queue is full</li>
<li>Error Number: 4 (0x80070004).</li>
<li>Error Description: The system cannot open the file.
</li>
</ul>
<h2>HTTP Error 500 - Server Error.<br>Internet Information Services (IIS)</h2>
I'd say it's either what Tomh says, it gets too many hits so while one request is reading from the file another one tries to open it and it fails, OR it simply cannot open it because of a permission problem.
A lot of people have experienced the same problem while using streamline.net, myself included. I currently have a site with them that is down about 50% of the day, every day of the week with that error.
My recommendation, change to a new provider.
Streamline.net won't do a thing to help you and will meerly fob you off with vague / innacurate answers. I'm just waiting for my next paycheque then I'm going to buy hosting with someone else.