I am having trouble with setting cookies in laravel via ajax. I have read a number of questions/posts to no avail.
I have a drop down, that when changed, uses js to post its value to a controller which sets the cookie and returns a response with that cookie, then the page is refreshed upon ajax completion, and in the document.ready script, it calls a get cookie route, which retrieves the value from that cookie. it appears the cookie isn't being sent? I know the get path works, as if I set the cookie elsewhere it retrieves it properly. I have also used headers_sent() to ensure that headers haven't already been sent prior to setting the cookie and returning the response. I have also tried a number of different approaches that I have seen in other SO questions and answers, including Cookie::queue, $response->withCookie($cookie) and $response->headers->setCookie($cookie), none of which I've found to work.
Is there a problem with my approach? or is it more likely a syntax problem?
My javascript:
function trans(lang){
$.post( 'cookie/set' , {'name':'language', 'value':lang, 'timeout':-1})
.done(function(data){
removeEvent();
}).always(function(){
window.location.reload();
});
}
Controller function for cookie/set:
public function postSet(){
$name = Input::get('name');
$value = Input::get('value');
$timeout = Input::get('timeout');
if(Request::ajax()){
Log::info('cookie', array('name'=>$name, 'value'=>$value, 'timeout'=>$timeout));
$cookie = Cookie::make($name, $value, $timeout);
$response = Response::make();
$response->headers->setCookie($cookie);
return $response->withCookie($cookie);
}
}
doc.ready javascript:
$(document).ready(function(){
$.post( 'cookie/get' , {'name':'language'})
.done(function(data){
if (!data){
alert('no cookie');
}
$("#language").val(data);
removeEvent();
});
})
and finally the cookie/get controller function:
public function postGet(){
$name = Input::get('name');
define('__TRANSLATEMODE',"raw");
return Cookie::get($name);
}
Again, I can confirm the get route works correctly. My thought is that somehow the cookie isn't being returned with the response from the set ajax call, but I don't understand why.
Thanks in advance for your help!
-Wally
EDIT:
I looked at the request and responses in firebug, and it appears that the response from the postSet route does not contain the cookie. I had somewhat suspected this. but at least this nails down the source of the problem. Still not sure why it doesn't want to work though.
Edit 2:
I solved it. Not fully sure why this works, but the code below now works. It seems that returning an empty response would not send cookies with it? I dunno, it's solved at least. I will answer this when it will let me, and mark it as accepted. (If anyone knows WHY this fixed it, comments would be greatly appreciated.)
public function postSet(){
$name = Input::get('name');
$value = Input::get('value');
$timeout = Input::get('timeout');
Cookie::queue($name, $value, $timeout);
$response = Response::make();
return Response::make('test');
}
Thanks to those who looked, and hopefully this helps someone else.
-Wally
I can see you have a js Post function with a Get Route. This will not work in Laravel.
Not sure if this the entire issue but checking the routes will defintely help you narrow it down.
I solved it. Not fully sure why this works, but the code below now works. It seems that returning an empty response would not send cookies with it? I dunno, it's solved at least. I will answer this when it will let me, and mark it as accepted. (If anyone knows WHY this fixed it, comments would be greatly appreciated.)
public function postSet(){
$name = Input::get('name');
$value = Input::get('value');
$timeout = Input::get('timeout');
Cookie::queue($name, $value, $timeout);
$response = Response::make();
return Response::make('test');
}
Thanks to those who looked, and hopefully this helps someone else. -Wally
Related
I need to make a PATCH request to a PHP application.
How can I get the data from that PATCH request inside that application?
If I had to do it with a POST, it would just be a simple access to the global $_POST variable.
I know that this has been solved, but for anyone who was hoping for an answer like
$_PATCH["name"];
there is a way to do that:
parse_str(file_get_contents('php://input'), $_PATCH);
then you can access it like $_GET["something"] and $_POST["something"] just do
$_PATCH["something"]
hope that helped someone :)
You can get data with php://input stream wrapper:
$data = file_get_contents('php://input');
Also make sure your web server supports PATCH requests, some are configured to respond only to GET and POST.
Since none of the above has worked for me in PHP 5.6, here's a solution that actually did.
I used this parse_raw_http_request($data) function by Christof.
And here's the code:
$_PATCH = [];
parse_str(file_get_contents('php://input'), $_PATCH);
parse_raw_http_request($_PATCH);
// From now on, the $_PATCH variable keeps all request arguments as well,
// and they're accessible under approprate keys like $_PATCH['yourKey']
i'm using : PHP 7.4
function patchMethod(){
parse_str(file_get_contents('php://input'), $_PATCH);
$body=[];
if (is_array($_PATCH)) {
foreach ($_PATCH as $key => $value) {
$body[$key] = $value;
}
}
return $body;
}
You have $_REQUEST superglobal containing all data we can get regardless the HTTP method used (GET, POST, PATCH, PUT)
I've been doing something this at the bottom of all my views:
<script type='text/javascript'>
$.post('php/ajax.php', {type:'session'}).done(function(data){
var session = JSON.parse(data);
$(document).ready(function(){
$.getScript('resources/redactor/redactor.js');
$.getScript('javascript/year_long_calendar.js');
$.getScript('javascript/edit_lesson_modal.js');
});
});
</script>
This works really well for me. All my scripts get loaded inside of a single docReady, and all my ajax requires a token that gets generated upon login and stored in $_SESSION. This stops people from hitting my ajax logic using fake headers. By doing this, my ajax calls look something like:
$.post(url:'ajax.php', {token:session.token, id:id}).done(function(data){ ... });
I can also access other session variables
var user_id = session.user_id;
Since I've been doing this from the start of the project, I intentionally keep any sensitive information like passwords out of the session variable. What are your thoughts on this? Does any of this strike you as insecure, or terribly inefficient? I realize $.getScript is often used as a lazy way to load libraries, but I think I've found a pretty valid use for it.
None of the data in $_SESSION is sensitive except the token, and you have to be logged in to get one. Unless someone malicious hops on a machine while the real user is away and knows exactly where my ajax logic is, how it works, how I store my session, and fakes a quick header on PostMan to delete all my tables, I don't see it being an issue.
EDIT:
#AnotherGuy helped me realize a much better solution. My ajax.php file now looks like this:
<?php session_start();
include('connect.php');
include('functions.php');
// check to see if http request is ajax (easy to fake but hey might as well)
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'){
// when the user logs in, a random number is generated and saved to $_SESSION['token'].
// this block is used to pass the token to a javascript variable securely
if($_POST['type'] == 'session'){
$session = [
'token'=>$_SESSION['token'],
'user_id'=>$_SESSION['user_id']
];
echo json_encode($session);
}
// all post requests must pass the correct token variable to step into this block and access the ajax logic
if(isset($_POST['token']) && $_POST['token'] == $_SESSION['token']){
if($_POST['type'] == 'get'){
$where = null;
if(isset($_POST['where'])){
$where = json_decode($_POST['where']);
}
$order_by = null;
if(isset($_POST['order_by'])){
$order_by = json_decode($_POST['order_by']);
}
echo json_encode(get($_POST['db'], $_POST['table'], $where, $order_by)->fetchAll());
}
if($_POST['type'] == 'put'){
$set = json_decode($_POST['set']);
echo put($_POST['db'], $_POST['table'], $set);
}
if($_POST['type'] == 'update'){
$set = json_decode($_POST['set']);
$where = json_decode($_POST['where']);
update($_POST['db'], $_POST['table'], $set, $where);
}
if($_POST['type'] == 'delete'){
$where = json_decode($_POST['where']);
delete($_POST['db'], $_POST['from'], $where);
}
From how you describe you are using the session I cannot see any harm in it, but I still think it is dangerous. Imagine you in the future work on another project and then come back to this. Will you still remember not to store any sensitive information inside the session? As a basic rule of thumb is to never store sensitive information in the session unless it is the only solution, which it rarely is. But sometimes mistakes are made and they can hurt you!
I would change this to something that looks/works in the same way, but offers you more decoupling from the session. If you are fetching the entire session you are bound to retrieve some information which would never be used or should never be available to client side (through Javascript). I would create a single page that you request which can only provide the necessary information. That way you can also ensure only required information is exposed to the client side.
So instead of requesting a generic ajax.php file, I would create a page called (or something like it) userInfo.php. That way you can also eliminate the type variable you send along with it.
Hope this can help you, happy coding!
You could store that session data in browser with sesssionStorage in a serialized JSON string and manipulate it from there. Many recommend this approach over using cookies W3Schools
Cheers.
I created a basic form that uses jquery (ajax) to send data to php. PHP should insert a new record based on the data to a mysql database. The reason for this is because I want to make insertions to the database without having to submit the whole form and then use the submit action for something else later. It seems that the jquery works fine since the alert() shows the correct output for the variables, but the PHP does not insert the data and I don't get an error. I can't figure out why this isn't working? I think it is a problem with my $post() because the function underneath does not execute but I can't pinpoint the error. Any help debugging this would be really appreciated. Or if anyone knows another way to get the same functionality that would be great too? Thanks. (The code below works fine now. I figured out it was a type cast error, and I fixed it. Hopefully someone can find this useful!)
<script type="text/javascript">
function submitgrade(){
alert("In it");
var classID = $("#classSelect").val();
var student = $("#studentSelect").val();
var exam = $("#Exam").val();
var grade = $("#grade").val();
alert(classID+" - "+student+" - "+exam+" - "+grade);
$.post('submitgrade.php',{postclassSelect:classID,poststudentSelect:student,postExam:exam,postgrade:grade}, /*1*/
function(data){
$("#grade").html("");
});
};
</script>
<?php /*submitgrade.php*/
$con=mysqli_connect("localhost","root","","studentbase");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$classID = $_POST['postclassSelect'];
$studentID = $_POST['poststudentSelect'];
$examID = $_POST['postExam'];
$grade = $_POST['postgrade'];
echo $studentID[0]." examID: ". $examID[0];
$gradequery = "INSERT INTO grade VALUES(".intval($studentID).", '".$classID."', ".intval($examID).", ".intval($grade).");";
$result = $con->query($gradequery);
while($row = $result->fetch_assoc())
{
echo "<br /><p>Grade of ". $grade." submitted for exam ". $row['exam_id'] ." in ". $row['class_ID'] ."</p>";
}
?>
Have you include this line in your html page ??
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js">
An example is here again, may help you
<script>
$(document).ready(function(){
$("input").keyup(function(){
txt=$("input").val();
$.post("my_page.asp",{suggest:txt},function(result){
$("span").html(result);
});
});
});
but your code seems correct too buddy !!
I suggest to continue debugging by attaching an error handler to your $.post call, your code could look this:
$.post('submitgrade.php', {postclassSelect:classID,poststudentSelect:student,postExam:exam,postgrade:grade})
.done(function(response) {
// success
}).fail(function(response) {
// failure
});
Further more you should check:
Is the script running on a server? ajax might not work on a file:/// address
Is the path from javascript location to php file correct?
what do the browser developer tools say about the request that is initiated?
I fixed it. It was actually just a syntax error in my SQL and a type difference error with one of my database columns. The $grade variable is passed into PHP as a string. Once I wrapped all of my variables in intval() it worked as intended. Stare at the code to long, sometimes you go blind. Haha.
Thank you omnidan for the tip about sanitization. Here is a good guide that I used to apply it to my app:
http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
I'm writing a script to retrieve the scores from an osu! beatmap. The script uses the osu! API, which can be found here. I've obtained a valid API key, and got the info from the website. My project can be found here: failosu!.
This script is called by AJAX, and the variable s is passed via POST.
My problem is with the returned array.
In the following snippet (not really, it's pretty much my entire script), I make a request for the beatmap information first. In doing this, I am passing a variable, s (beatmap set ID), to the server, and trying to get the variable b (beatmap ID).
However, whenever I call $d1['beatmap_id'], it doesn't return anything to the main page. Instead, my AJAX script runs the error function rather than the success function. Does anyone know what my problem is?
if($_POST['id']) {
$s = $_POST['id'];
$k = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$u0 = "https://osu.ppy.sh/api/get_beatmaps?k=".$k."&s=".$s;
$d0 = json_decode(file_get_contents($u0));
$d1 = get_object_vars($d0[0]);
$b = $d1["beatmap_id"];
// THE CODE STOPS WORKING HERE FOR SOME REASON ????
$u = "https://osu.ppy.sh/api/get_scores?k=".$k."&b=".$b."&m=0";
echo $u;
$d = json_decode(file_get_contents($u));
for($i=0;$i<count($d);$i++) {
echo "<li>".$i." ".$d[$i]['username']."</li>";
}
}
Does anyone know what's wrong? Do you need me to tell you more information about my code?
I am trying to save a string that is created dynamically based on the user's interaction with the web app that I'm creating. just a string. nothing special. I am using ajax to send the string up to the server, and it seems that it is getting as far as the file_put_contents function I am using, but it seems to go haywire. It makes the txt file, but it does not put anything in it, and it does not send back q, the variable that I have it echo back.
Another weird thing is that when I try to write to said file with this
file_put_contents($putStringHere, $q);
I also tried this one:
file_put_contents($putStringHere, "$q");
The file always says that this happened:
modified: Today, Now (last time I ran the function)
Last Opened: Today, 5 minutes ago... last time I opened the file by hand
This would make sense, except for the fact that the function above contains fopen, fmodify, fclose, or whatever they're called. And the modified set to the last time I ran the function... I am super confused on this one. anyone who can help, I will greatly appreciate it.
ajax that sends string (yes, i made sure it was a string)
//ajax for saving changes
function stylesheetBackup(str){
var xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST","stylesheetBackupFile.php",true);
console.log("q="+str);
xmlhttp.send("q="+str);
}
also tried ajax with
xmlhttp.open("POST","stylesheetBackupFile.php",true);
xmlhttp.send();
php that I call with ajax
<?php
//get the q parameter from URL
$q = $_POST["q"];
$putStringHere = "savedStyleSheet.txt";
//output the response
echo $q;
//save to a backup file
file_put_contents($putStringHere, $q);
?>
You have a mis-match:
xmlhttp.open("GET"...
and
$q = $_POST["q"];
Here's two things that might help fix your problem:
In the AJAX request, you specify that it's a GET request. However, in your PHP file, you're trying to get the q value of $_POST. Try $_GET['q'] instead.
I'm not sure you're able to send your GET data using xmlhttp.send. Try adding it to your URL, as in xmlhttp.open("GET", "stylesheetBackupFile.php?q=" + str, true).