How to execute php script in background process? - javascript

I am developing a mail sending module in php; where I will be fetching
email id from database and will send a message to that email id. I will also be updating database with the information I sent in mail and also will display delivered information.
My Problem:
It takes more time to send mail; so until mail is not sent the database does not get updated and the delivered information is also not displayed; So, I planned to run mailing functionality in background process and I came across this piece of code which was similar; but I am unable to understand it. Would any one help me?
shell_exec("/path/to/php /path/to/send_notifications.php '".$post_id."' 'alert' >> /path/to/alert_log/paging.log &")

Related

How to send scheduled email in javascript?

I'm using SMTPJS to send emails by Gmail SMTP. Here my simple work code:
<script src="https://smtpjs.com/v2/smtp.js"></script>
sendEmail(to, subject, body){
Email.send(
"SITENAME noti.sitename#gmail.com", //from
to, //to
subject, //subject
body, //body
"smtp.gmail.com", //smtp host
"noti.sitename#gmail.com", //username account
"Noti-Password", //password account
message=>{
alert("sent");
}
)
}
What I need to do is sending an email that should be sent by date. For example after 2 weeks or after 30 days. So is that possible by adding some lines or doing an other way ?
I think it's not possible with only JavaScript For this you need to open your browser for that specific time it can be manage from the server side but as far my concern from client side it can be done with extension only that must be embedded in client browser. You can you use background or cantent script to send the message at the particular time
You can't do this in the Front End because JavaScript on the browser is only executed while the site is opened.
To do it you need a server to run a code every X time, that's a cron.
That code can be written in languages such as Python, JavaScript (Node.js) o PHP.
If you can host that on a website you probably can also run PHP so I recommend you to use PHP. This is how you would do it:
In your HTML use a Form to send the content of the email via POST to a PHP file.
Upload a PHP file that reads the POST parameters and saves a file (for example a JSON) that contains, for each email: the timestamp in which should be sent and the email content.
Upload a PHP file that reads the "pending emails to send" file and sends the emails that have a past timestamp and removes that mail from the file.
Set up a cron that runs the second PHP file every one day at 8am.

Cross Domain form submit Google Tag Manager auto trigger

I have some problem while getting data from another site. In this case I want to get the reservation data from the booking engine site and they want to pass the data to me with Google Tag Manager. I don't really understand what I should do when they just need GTM code. What I should create in my server to get the data from the booking engine with Google Tag Manager ?
This is the illustrations:
I have two sites called sites1.com and sites2.com. In sites1.com I put the Google Tag Manager scripts to push form submit data like full name, last name, email, etc. After somebody submit the form I want to get the submited data in sites1.com to sites2.com with Google Tag Manager. My problem is how to get the data after somebody submited the form in sites1.com in my sites2.com ?
Please anybody knows how to resolve my problem . Thanks in advance .
Well if they implement your GTM from site2.com into site1.com all you need to do is:
Create a trigger for the submit button on the form (use the ID o class of the element and check for the that the Page URL contains site1.com/)
Create a tag where you want the information to be send
Scrap the fields with javascript or ask them to push to the dataLayer the information you need (in this case you can build the trigger based on this event)
And SUPER important: check all your triggers so no other tag fires on site1.com
2.1:
Im not sure if i get where you want this information to be stored but keep in mind GA does not accept PII. On the other hand if you want this in some DB you can just create and endpoint and send the information as parameters. Example:
site2.com/booking_info?field1={{DL variable}}
And just use a Custom IMG tag.
Ive made something like this using API Gateway, Lambda and DynamoDB and it took me 15 mins to set up. (just to give you perspective)
-- EDIT:
Ones you have the information avaliable you can send it to your database using two methods:
Using a HTML tag and making a request with javascript
Making a request with a custom image tag
On the past i ve just added the URL with parameters where you want the request to be made on an image tag and worked perfectly for me.
-- More info:
The custom image tag requests an image from a particular URL. The interesting part is that by making the request you’re actually transmitting information to a server. For example, if you request an image via URL https://www.example.com/something?parameter1=good&parameter2=123, the receiving server processes parameter1 and parameter2 and acts accordingly (e.g. registers those parameters as an event).
Source.

Securing PHP scripts - Shopify

Basically my question is similar to this one:
How to secure php scripts?
with one slight difference, the other side is Shopify.
Background info:
Shopify user bought some credits (Audible style), and wants to know how many he has available. He logs in into his account, and it says there that he has X credits.
That number comes from AJAX call to my server (I have full control), where there is a simple php script which checks the value in db (which is updated using webhooks from Shopify, each of which needs to be verified so they are secure, I think).
The script uses customers ID for a look up, and that value needs to be passed to the script somehow, and that allows someone external to just keep running it until he has all IDs and corresponding credits values.
So, my questions is, how do I stop that? How do I ensure that only authenticated users can check it, and only for their IDs.
There is plenty of info on Shopify docs about securing the connections the other way, i.e. to make sure only correct scripts have access to the Shopify db, but nothing about my problem.
As far as I know I only I only have access to JS on Shopify, which creates the problem, because everything I send to my server is visible to all.
Thanks
EDIT: I just read up on CSRF. I can easily implement checks for origin and headers, but these can be faked, right?
EDIT 2: I got around this problem by using metafields. So, instead of storing all that info on my server's db, I just use Customer Metafields to store the available credits. Webhooks are secure so that's brilliant. It still doesn't solve a problem with the next stage though. Customers will still need to be able to use their credits and get digital products, which are generated by my server. So I still need to verify the requests.
EDIT 3: Comment by #deceze and answer by #Jilu got me thinking. Yes, you are correct, I need to do that, but I don't have access to back-end on Shopify, so I cannot create session. However, what I could do (if I figure out how in js) is hash it. PHP login scripts operate on password_hash. That way you do not store a password in the db. Password get's verified again hash (or whatever you call) in the db, and it's either true or false. If true, you are logged in. So I could try to generate a token using a specific string (make it very long) and user id. Send it with the request, and using password_verify or what not, check it against the users. The one that pops positive is logged in user who requested the information. That is assuming I can hide the string in the Shopify...
Step1: Do a session login system.
Step2: Before the Ajax, generate a random token in your form or request page, put it into a input display none, send it with POST.
Verify each time if the token is set and is the same that you got.
You have now verified if the user is really logged in with session.
And you checked that he is from the right page.
You create a token out of shared secret (both Shopify and server have it), and client ID.
On Shopify:
{% assign my_secret_string = "ShopifyIsAwesome!" | hmac_sha256: "secret_key" %}
My encoded string is: {{ my_secret_string }}
On server:
We gonna be checking received hash value against values in our db, so we need to hash local client IDs using the same algo and key (that probably should be done on receiving the Customer Creation webhook).
Hash IDs using: http://php.net/manual/en/function.hash-hmac.php
$hashed_id = hash_hmac('sha256', '$client_id', 'secret_key');
Compare hash using: http://php.net/manual/en/function.hash-equals.php
$check = hash_equals($hashed_id, $received_id);
Then all that's requires is to loop through the db until you find a match. There may be quicker ways of doing it.

Add 1 in an sql field when a div is clicked [duplicate]

This question already has an answer here:
Firing SQL query on click of button?
(1 answer)
Closed 5 years ago.
I have a page where photos are uploaded, when you see the photos there is a button to give you points to the photo.
To the button I gave an onclick with a javascript function that has this php code
function puntos(){
<?php
mysql_query("UPDATE 'fotos' SET 'relevancia=relevancia+1' WHERE 'id = $id'");
?>
}
This is in photo.view.php in photo.php I have this code that retrieves the id of the selected photo
$id = isset($_GET['id']) ? (int)$_GET['id'] : false;
what am I doing wrong?
You're far from home.
Back to basics first:
Server vs. client
mysql and PHP run on the server
JavaScript runs on the client in their browser.
This means javascript cannot access your database directly, you need to do a lot of work before you get there.
Detecting and reacting on a click is something JavaScript can do (and is quite adept at doing).
Communication
Normally when a page downloads it and the components it refers are sent from the server to the client over HTTP.
Once in the browser, to get something back from the client to the server the only way is to send another query or open up some network connection somehow from the client to the server which then transfers that content, or indicates somehow what happened on the client.
Traditionally this meant a form and a click resulting in a GET or POST HTTP request and a reload of the page in the browser.
That's till we got:
AJAX
Essentially the connection from the client to the server can also be initiated by JavaScript itself and it can talk to a server component (just like the browser can) without having to reload a page or having to submit a form or so). This allows one to create things where a click or even a move of the mouse (or anything else JavaScript can detect -it can detect a lot-) can result into data being sent to the server and answers collected by that JavaScript. If it updates the page (aka DOM) is up to the script to chose.
Server Side
Now having JavaScript on the client communicating with the server still isn't going to let said JavaScript update a database. So you need a sever side component that does stringent validations (the code you have above is a horror story from the security side should that ever get to work) and updates a database behind it as needed.
TL;DR
Suggest you read up more on how to do simple AJAX
Some starting points:
https://www.w3schools.com/xml/ajax_intro.asp
https://www.owasp.org/index.php/AJAX_Security_Cheat_Sheet
But there's much more out there for sure.

How to make sure a php script never runs twice

I'm making a php mailer which gets POST data from a javascript application xmlhttp request.
It works fine with about 50 contacts but I just tested it on 150 test email addresses and mid way through the script hit the max execution time (because I put a delay after sending each mail) and then it automatically restarted the script with the same data and started sending mail from the first contact onwards.
I was worried it was going to loop indefinately, but it stopped after hitting the max exec time in the second run. I closed the javascript application during the second run, so maybe that had something to do with it stopping.
I'm going to either increase the max execution time or parse the php chunks of data instead, but I need to make sure that this can never happen again because in a real world run I can never have two emails sent to the same person.
Is there any other case where the php script might run twice and is there a sure fire way to ensure it can never happen?
If you read mails from file you need cut them off from it or make list with sended mails and compare with source list.
Moreover would be better to use database with columns like id,target,sent(true/false),datetime and update it after mail successful sends
I am assuming your e-mail addresses are in some sort of database, making the answer fairly straightforward.
Add another common of DATETIME to your table, and update it every time the scripts sends an e-mail to that contact.
Right before you send the email, get that stamp and compare it to a human value, DATETIME of previous and current message. If the last message was sent after the most recent was issued, don't send it.
If I was wrong in assuming there is no database.... I highly suggest you get a database.

Categories