I'm trying to update XML element text based upon a form submission. It is a userdatabase and im using the user's password as a reference to update their user id. The passwords all all unique so I thought it would be an easy element to reference. However whenever I attempt to edit a UID it fails and sends me to my error page I created if the function fails. Im not sure where I went wrong any assistance would be great.
Update UID Function
function updateUID($pass, $file, $new)
{
$xml = new DOMDocument();
$xml->load($file);
$record = $xml->getElementsByTagName('UniqueLogin');
foreach ($record as $person) {
$password_id = $person->getElementsByTagName('Password')->item(0)->nodeValue;
//$person_name=$person->getElementsByTagName('name')->item(0)->nodeValue;
if ($password_id == $password) {
$id_matched = true;
$updated = $xml->createTextNode($new);
$person->parentNode->replaceChild($person, $updated);
break;
}
}
if ($id_matched == true) {
if ($xml->save($file)) {
return true;
}
}
}
Code that calls the function
session_start();
include_once "includes/functions.inc.php";
include_once "includes/jdbh.inc.php";
include_once "includes/dbh.inc.php";
include_once "includes/ftpconn2.inc.php";
$file = $_SESSION['fileNameXML'];
if (file_exists($file)) {
if (isset($_POST['submit'])) {
$pass = $_POST['id'];
//$uid = $_SESSION['userid'];
$new = $_POST['uid'];
//$entry = getUsername($jconn, $uid)." deleted a server ban for".$name;
//if (isset($_GET['confirm'])) {
if (updateUID($pass, $file, $new)) {
//createLogEntry($conn, $uid, $entry);
if (1 < 2) { //This is intentional to get around the $message varible below that is not required.
$message = $affectedRow . " records inserted";
try {
$ftp_connection = ftp_connect($ftp_server);
if (false === $ftp_connection) {
throw new Exception("Unable to connect");
}
$loggedIn = ftp_login($ftp_connection, $ftp_user, $ftp_password);
if (true === $loggedIn) {
//echo "Success!";
} else {
throw new Exception('unable to log in');
}
$local_file1 = "HostSecurity.xml";
$remote_file1 = "HostSecurity.xml";
if (ftp_put($ftp_connection, $local_file1, $remote_file1, FTP_BINARY)) {
//echo "Successfully written to $local_file\n";
} else {
echo "There was a problem";
}
ftp_close($ftp_connection);
header("location: ../serverPasswords.php");
}
catch (Exception $e) {
echo "Failure:" . $e->getMessage();
}
}
header("location: ../serverPasswords.php");
} else {
header("location: ../serverPasswords.php?e=UIDNPD");
}
} else {
echo "id missing";
}
} else {
echo "$file missing";
}
<Unique_Logins>
<UniqueLogin>
<UID>AA23GHRDS657FGGRSF126</UID>
<Password>iMs0Az2Zqh</Password>
</UniqueLogin>
<UniqueLogin>
<UID>AA23GSDGFHJKDS483FGGRSF126</UID>
<Password>Ab7wz77kM</Password>
</UniqueLogin>
</Unique_Logins>
I believe the issue was caused by the undeclared variable $password in the logic test and the fact that the function never returns an alternative value if things go wrong.
As per the comment regarding XPath - perhaps the following might be of interest.
<?php
$pass='xiMs0Az2Zqh';
$file='logins.xml';
$new='banana';
function updateUID( $pass=false, $file=false, $new=false ){
if( $pass & $file & $new ){
$dom = new DOMDocument();
$dom->load( $file );
# attempt to match the password with this XPath expression
$expr=sprintf( '//Unique_Logins/UniqueLogin/Password[ contains(.,"%s") ]', $pass );
$xp=new DOMXPath( $dom );
$col=$xp->query( $expr );
# We have a match, change the UID ( & return a Truthy value )
if( $col && $col->length===1 ){
$xp->query('UID', $col->item(0)->parentNode )->item(0)->nodeValue=$new;
return $dom->save( $file );
}
}
# otherwise return false
return false;
}
$res=updateUID( $pass, $file, $new );
if( $res ){
echo 'excellent';
}else{
echo 'bogus';
}
?>
I'm still not clear on exactly what's wrong, but if I understand you correctly, try making these changes in your code and see if it works:
#just some dummy values
$oldPass = "Ab7wz77kM";
$newUid = "whatever";
$record = $xml->getElementsByTagName('UniqueLogin');
foreach ($record as $person) {
$password_id = $person->getElementsByTagName('Password');
$user_id = $person->getElementsByTagName('UID');
if ($password_id[0]->nodeValue == $oldPass) {
$user_id[0]->nodeValue = $newUid;
}
}
Related
I have a PHP application (a request form) that first checks for an active $_SESSION before a user can access the site. Because of the timeout period set for this form there is rarely an active session. Here's the check:
if (isset($_SESSION['samlUserdata'])) {
$attributes = $_SESSION['samlUserdata'];
$user_department = $attributes['department'];
$user_email = $attributes['email'];
$user_employee_id = $attributes['employee_id'];
$user_full_name = $attributes['full_name'];
}
...and here is the else {} that I use to grab the REQUEST_URI:
else {
if (isset($_SERVER['REQUEST_URI'])) {
$referer = $_SERVER['REQUEST_URI'];
$redirect = "https://myinternalwebsite.net$referer";
}
header("Location: https://myinternalwebiste.net/confirm_auth.php?sso");
}
...and last, here is what I do with the $_GET
if (isset($_GET['sso'])) {
if (isset($redirect)) {
$auth->login($redirect);
} else {
$auth->login("https://myinternalwebsite.net/");
}
}
However, once my session is killed I am never properly routed back to the URL set in the ['REQUEST_URI'], I am always just dumped onto the internal site's front page. I have troubleshooted this on and off for some time over the last week, to no avail. I've tried other variables in the $_SERVER array as well, such as ['REDIRECT_URL'].
I'm at a loss, and I'm sure this fairly simple for anyone with more experience than myself... so I am all ears and eager to learn.
EDIT:
Thank you for the comments below. Per your advice I will add the entirety of my code here, removing only the unnecessary parts. (And yes, I appreciate the tip to flip the initial (isset()) to (!isset(). Thank you for that.)
<?php
session_start();
$auth = new OneLogin\Saml2\Auth($saml_settings);
if (isset($_SESSION['samlUserdata'])) {
$attributes = $_SESSION['samlUserdata'];
$user_department = $attributes['department'];
$user_email = $attributes['email'];
$user_employee_id = $attributes['employee_id'];
$user_full_name = $attributes['full_name'];
} else {
if (isset($_SERVER['REQUEST_URI'])) {
$referer = $_SERVER['REQUEST_URI'];
$redirect = "https://example.net$referer";
}
header("Location: https://example.net/confirm_auth.php?sso");
}
if (isset($_GET['sso'])) {
if (isset($redirect)) {
$auth->login($redirect);
} else {
$auth->login("https://example.net/");
}
} else if (isset($_GET['slo'])) {
$auth->logout();
} else if (isset($_GET['acs'])) {
$auth->processResponse();
$errors = $auth->getErrors();
if (!empty($errors)) {
echo '<p>', implode(', ', $errors), '</p>';
}
if (!$auth->isAuthenticated()) {
echo "<p>Not authenticated!</p>";
exit();
}
$_SESSION['samlUserdata'] = $auth->getAttributes();
if (isset($_POST['RelayState']) &&
OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
}
} else if (isset($_GET['sls'])) {
$auth->processSLO();
$errors = $auth->getErrors();
if (empty($errors)) {
echo '<p>Sucessfully logged out!</p>';
} else {
echo '<p>', implode(', ', $errors), '</p>';
}
}
?>
I have that problem that just throws me a mistake to try again, it doesn't check json file.
here is my php code:
<?php
if (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) {
$json = file_get_contents("user-data.json");
$json_data = json_decode($json, true);
$user = $_SERVER["PHP_AUTH_USER"];
$pw = $_SERVER["PHP_AUTH_PW"];
$flag =false;
foreach ($json_data as $key => $value) {
if ($value['PHP_AUTH_USER'] == $user && $value['PHP_AUTH_PW'] == $pw) {
$flag = true;
**echo "<p>Pozdrav $user, unijeli ste $pw kao zaporku.</p>\n";**
break;
}
if($flag){
header('location: index.php');
} else {
http_response_code(401);
header("WWW-Authenticate: Basic realm=\"SECRET\"");
echo "<p>Try again.</p>\n";
}
}
}
here is my .json file
{
"user":"admin",
"password":"admin"
},
{
"user":"login",
"password":"login"
}
it just throws me a mistake to try again, it doesn't check json file.
Please add a pair of square brackets to enclose your "json data" , which contains an array of data (multiple username and password pairs).
Hence, the following will be one of a ways to get the username and password from the json data (I commented out the file_get_contents part and use a string to store it so that it is more straight forward)
<?php
//$json = file_get_contents("./user-data.json");
$json='[{
"user":"admin",
"password":"admin"
},
{
"user":"login",
"password":"login"
},
{
"user":"stackoverflow",
"password":"goodpassword"
}
]';
$json_data = json_decode($json, true);
foreach ($json_data as $key=>$getdata) {
echo $getdata["user"] . "-" . $getdata["password"];
echo "<hr>";
}
?>
See the result in this sandbox (click execute please):
https://wtools.io/php-sandbox/b7Qv
Hence, please amend the above code to perform comparison with $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"] to suit your case.
So, change the block:
$user = $_SERVER["PHP_AUTH_USER"];
$pw = $_SERVER["PHP_AUTH_PW"];
$flag =false;
foreach ($json_data as $key => $value) {
if ($value['PHP_AUTH_USER'] == $user && $value['PHP_AUTH_PW'] == $pw) {
$flag = true;
**echo "<p>Pozdrav $user, unijeli ste $pw kao zaporku.</p>\n";**
break;
}
to
$user = $_SERVER["PHP_AUTH_USER"];
$pw = $_SERVER["PHP_AUTH_PW"];
$flag =false;
foreach ($json_data as $key=>$getdata) {
if ($user == $getdata["user"] && $pw == $getdata["password"]) {
$flag = true;
**echo "<p>Pozdrav $user, unijeli ste $pw kao zaporku.</p>\n";**
break;
}
}
I'm searching in user profile if there's a string inside appetit with the word demi.
$user = JFactory::getUser();
$profile = JUserHelper::getProfile($user->id);
$prixa = $profile->profile['appetit'];
if (strpos($prixa,'demi') !== false) {
$prix=6;
} else {
$prix=7;
}
seems to be working as expected. Below is a test case code I ran.
<?php
$prixa = 'emimore';
if (strpos($prixa,'demi') !== false) {
$prix=6;
} else {
$prix=7;
}
echo $prix;
?>
I am trying to replace some pieces of codes in different theme files using the below function, however, I am stuck with the second part of the function where I want to replace some PHP code which contains a single quote.
When I run the function, the only part changes is the first part.
function update_GTour_theme_files()
{
$new_update = file_get_contents("/home/tourieuw/public_html/wp-content/themes/grandtour/header.php");
$new_update = preg_replace('/\$page_menu_transparent = 1/', '\$page_menu_transparent = 0', $new_update);
$new_update = preg_replace('/\$grandtour_page_menu_transparent = 1/', '\$grandtour_page_menu_transparent = 0', $new_update);
if (file_put_contents("/home/tourieuw/public_html/wp-content/themes/grandtour/header.php", $new_update)) {
$errpass = TRUE;
} else {
$errmsg = "Header.php was not updated";
$errpass = FALSE;
}
$new_update_2 = file_get_contents("/home/tourieuw/public_html/wp-content/themes/grandtour/templates/template-tour-header.php");
$new_update_2 = preg_replace('/(esc_html(grandtour_format_tour_price($tour_price)))/', '\'From \'.esc_html(grandtour_format_tour_price($tour_price)', $new_update_2);
if (file_put_contents("/home/tourieuw/public_html/wp-content/themes/grandtour/templates/template-tour-header.php", $new_update_2)) {
$errpass = TRUE;
} else {
$errmsg = "template-tour-header.php was not updated";
$errpass = FALSE;
}
if ($errpass = TRUE) {
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
} else {
echo '</br><span style="color:red;font-weight:bold;">' . $errmsg . '</span>';
}
}
I am expecting when running this function that both variables in two files will be replaced with this code
Why strpos PHP not work with fsockopen response ?
When load this code. This code will be requests sdgsgsdgsfsdfsd.ca to whois.cira.ca server and find text Domain status: available with strpos PHP if found it's will be echo
{"domain":"sdgsgsdgsfsdfsdca","availability":"available"}
but if not found text. It's will be echo
{"domain":"sdgsgsdgsfsdfsdca","availability":"TAKEN"}
In this case found text but still echo
{"domain":"sdgsgsdgsfsdfsdca","availability":"TAKEN"}
How can i do ?
<?php
$server = "whois.cira.ca";
$response = "Domain status: available";
showDomainResult(sdgsgsdgsfsdfsd.ca,$server,$response);
function checkDomain($domain_check,$server,$findText)
{
$con = fsockopen($server, 43);
if (!$con) return false;
fputs($con, $domain_check."\r\n");
$response = ' :';
while(!feof($con))
{
$response .= fgets($con,128);
}
echo $response."<BR><BR><BR><BR><BR>";
fclose($con);
if (strpos($response, $findText))
{
return true;
}
else
{
return false;
}
}
function showDomainResult($domain_check,$server,$findText)
{
if (checkDomain($domain_check,$server,$findText))
{
class Emp
{
public $domain = "";
public $availability = "";
}
$e = new Emp();
$e->domain = $domain_check;
$e->availability = "available";
echo json_encode($e);
}
else
{
class Emp
{
public $domain = "";
public $availability = "";
}
$e = new Emp();
$e->domain = $domain_check;
$e->availability = "TAKEN";
echo json_encode($e);
}
}
?>
you're using strpos wrong, if the string START with what you're searching for, it will return int(0), which is "kinda false" by PHP's definition. explicitly check for false, like this
return false!==strpos($response, $findText);
and make sure you're using !== not !=
and as a rule of thumb, never use loose comparison operators in PHP if you can avoid it, hilarious bugs can occur if you do: https://3v4l.org/tT4l8