I'm new to php and have read lots of posts here in SO but couldn't find an answer for my specific question.
I have a database in which I store information about projects (project name, start date, status, etc...). I'm trying to create an updating api, so the user can update the project info.
What I would like to do is to let the user choose a project from a regular html "select". Once the user chose the project I would like to display a new form containing all the fields that the user can update. The issue is that I would like to have all the project current information (before the update) as values of the form. (So I must send the user selected project name and get back all the info in order to display it on the second form).
For example: let's say that there are 2 possible project statuses: "on execution" and "frozen", then I would like to put as "selected" the current status, and let the user change it if he wants to and then send the second form so I can update the db info.
I would like to know what is the best way to implement that. Solutions can contain javascript if needed.
Thank you in advance for your time and pacience.
Related
I need to build a voting system in Marketo.
Similar to this page
Here I don't want any form submission to take place. I just want to update some specific custom fields with vote count on clicking voting button.
Here is my plan and you can suggest if any better execution plan if you have
Step 1 - Since we are not taking email address, we will create one dummy email address and update all voting count to this contacts custom field.
Please note this is purely for voting count and nothing else.
Step 2 - read the custom field values before submitting the new value using below rest API
https://Marketo-end-point-url/rest/v1/leads.json?filterType=id&filterValues=<dummy_email_address_id>&access_token=&fields=Customfield1, Customfield2, Customfield3
Here I am not sure whether we can show access_token in landing page source code or in jQuery files. It might lead to data hack. open for suggestions.
Step 3 - After reading the Customfield data, increment the count by "+1" and update it using rest api.
Thank you in advance.
My Task is to create a permission system that is not pre-defined by roles. E.g the system does not define the roles which an admin can assign to other users.
Instead the system only provides all the database tables and the admin can create their own roles on the fly be choosing tables and the grant level (CRUD) and also which fields should be visible. That would be the easy part.
The current implementation without any permissions is to fetch the data with an RESTful API and then create the DOM by javascript. Since the javascript knows what to display on the current page it can grab the properties from the data object or even fetch related data.
But now the returned fields from the API call may be different from user to user. How can i display only the data a user is granted to see?
Example:
In the image below we see the current element only showing the name and description fields. These can the current user edit. There is also a position input to define the ordering of the image but the user has no permission to change that and it is not generated.
Initial state, data fetched from API
When we click on "new image" a new row is added with javascript but now the field "position" is visible.
After clicking "new image"
The JS code does not now what fields the user can see and what not. How can i control that behavior?
Should i create a new API that will fetch the "structure" of the page based on the current users permission or should i alter the javascript code with php to output only required logic for the current user?
What should be the general approach and is there already something available in cakephp?
my current solution is to make a request to a new endpoint which gives me an empty data object but only with fields visible to the user.
button event ->
fetch api/newEmptyObject ->
render input fields
the downside is that it adds a delay from user click-event to displaying the input fields.
In my workplace, there is a web based workflow management system. My job is to upload documents to the system and follow up if the relavent department have completed the job. Department people view the documents and change the status from "uploaded" to "Assigned", "Completed", "Rejected" etc.
I have to search the documents every time by entering the date range and clicking on search button in the form.
Is there any way to make a shortcut like something where I don't have to feed the date every time. My requirement is to fill two date fields with today's date and click the search button automatically.
The said system is a simple web page with a form and uses HTTP POST method.
Edit:
In HTML-GET I can pass whatever I want with URL, like on google if I want to search "stackoverflow" I can staright away type the url like "https://www.google.com/search?q=stackoverflow..."
Is such a thing possible in HTML-POST also.
I'm attempting to create a new page every time a form is submitted. It'll be an order status page- one that'll be updated periodically. Basically, I want the user to see a form confirmation page, and I want it to be permanent link (that they can visit later).
My first thought was using variables in the URL, like so:
http://www.example.org/member.php?id=123
And then calling the id using GET
echo $_GET['id'];
http://www.example.org/member.php would be a template, just waiting for the few details which are specific to the user.
Once I have this in place, I could use a simple if statement to check their order status.
For example,
if ($id === "user_id") {
echo "Your order is: Pending";
}
However, this seems like a bad idea, just for the security aspect of it. If someone else guesses a user ID, they can view their order status. Going off of that, here's my first question.
If the user ID is long enough, is this a secure practice?
Otherwise, what are some other methods of doing this? Creating a new page every time the form is submitted feels like a bad practice- people could spam it, and there's a possibility that someone could exploit this to create malicious pages on the site.
Any suggestions? Most major retail sites have order confirmation pages (think ebay.com)- how do they do it? Also, is my suggested URL format secure?
The most ideal scenario is you force users to login prior to submitting the form then provide them with a list of their past orders of which they can check the status providing the user_id of the order matches the id from the session of the logged in user. Give each order in the list a link like yoursite.com/orders/1 then query for an order with an id of one with a user_id matching the logged in users id to ensure they're the only ones that can view it.
If you don't want to have to do any of that and just provide a permanent link to the status page I'd save a long randomly generated string against the order and provide it to the user to check in the future, e.g
yoursite.com/orders/wUk1DhfxMh if you're using a framework with some routing
or yoursite.com/orders.php?code=wUk1DhfxMh if you're not.
Query the database to select the order with the matching code, ensure you prevent MySQL injection and sanitize the $_GET input.
Are you sure you need to make a new page?
You could just have a basic "confirm" page (ex. http://yoursite.com/order/confirm) which uses PHP sessions to create a customized confirm page–
Other than that, IF you make a new page, you should use ID's in the URL and ALSO check the session id. (ex. http://yoursite.com/order/confirm/ABsisnEALnsoSK?yyyy=xxxx) and then ALSO check if the user is logged in.
Lastly, cymath has a good example of async page-creation; although it isn't exactly what you are looking for.
EDIT: It is not page creation, it's like what I said before: one page with extra parameters in the url: a permanent link, just using PHP.
I understood that you are having some doubts about how to make the algorithm of your app, here's what i thought to this case:
Insert the order at your database, get the id of the insertion and give it to the user.
Set the page where the user will check the status to receive a $_GET['id'], check (SELECT) if this id exists in the database.
(if the user exists): get the information you need from the table
you store them. (FETCH_ASSOC or FETCH_OBJECT)
(if the user don't exist):show an error.
If you are experiencing some doubts about how to code CodeSchool is offering free trial on all courses this weekend.
If the user ID is long enough, is this a secure practice?
R: To improve the security of the transactions, try to understand/learn about PDO Class, i think it will get your code to next level if you aggregate some Good Practices and Design Patterns.
For more information, visit PHP's Documentation.
Currently I'm working on a project where a user enters a lot of data constantly for a hour long window. I'm looking to have one user control all the data via some control panel and then have a link they can distribute to other users that will allow them to view that data without the ability to edit it.
Right now I'm doing some extremely weird methods. I have an XHR request on the control page that fires whenever a field is finished being edited. From there the data is sent to a php file that converts the data into a simple text file. Then the distributed link file will load that file one time and translate it into the necessary format.
Some potential problems I've run into are it seems odd that I'm sending starting as javascript data then going to a php file then to a text file then translating the data all the way back into javascript data again. Another problem I've come into is I'm not sure of a way to force users to reload the page when a field is edited in the control panel after the user has opened the view page.
Have I totally gone overboard here? What are some better concepts I could employ to accomplish this task?
If i understand what you want to do this is how i will do this:
First the data entry
if you have lot of fields you better use a form wizard, i don't have a particular one in mind right now but there is lot of them just search jQuery Form wizard
Here is an example:
http://i.stack.imgur.com/Luk2b.jpg
The concept of the form wizard is to guide user via multiple page and also validate the data. And click save when and the end.
Then save date in database.
Display content
All you need to do is to create a global separate page to display your content.
Let see something like: http://yourserver.com/view/{id}
where id is the identifier of the particular row in your database.
i'm not sure if i totally understand what u about to do. i'm trying to make your work description shorter here:
want to build a website that one person can edit a single page's content in 1 hour, and others can view the content change in that 1 hour.
if this is what u want to build, here's the module:
teacher: the one who can edit the page
student: the one who can only view the page
server: information center
teacher client edits page -> teacher client sends update data to server -> server saves data -> server sends update notice to student client -> student client receives update notice -> student fetches update data from server
to make this module work well, i suggest try socket instead of http reqeust, just like online games or IMs do.
well, try socket.io