I have a PHP File that get id and remove user.like this:
$user_id = $_GET["id"];
remove_user($user_id); //this function remove user by that id
i send data to this PHP file using JQuery.like this:
$.ajax({
url: "http://example.com/delete-user.php",
type: "GET",
dataType: "html",
data: "id=" + user_id,
success: function(data) {
location.reload();
},
error: function(error) {
console.log("Error:");
console.log(error);
}
});
But I know this has a security problem.
If user enter this link in address bar:
http://example.com/delete-user.php?id=10
delete-user.php File execute and this user(with id=4) will be deleted.
how i cant prevent this?
in other words how i can check User who sent the request, do it through the form?
You can use $_SESSION to check if the user submitting the id is logged in and if it is, check if that user has the permission to perform this action.
But without knowing how your system / application is working, there isn't much information we can provide to you.
Related
I have built a custom registration form which creates a new WordPress user account and redirects the user to the /my-account/ area on completion. The issue I have is that I am not displaying any information on the front-end when the form is not submitted correctly i.e. the account creation process failed.
I am trying to log the AJAX response to console so I can see what I'm working with but it appears I'm not getting a response at all.
The code that I currently have in place:
<script>
jQuery('form[name="form-new-customer"]').on('submit', function() {
let form_data = jQuery(this).serializeArray();
jQuery.ajax({
url: '<?php echo admin_url('admin-ajax.php'); ?>',
type: 'post',
data: form_data,
success: function(response) {
console.log(response);
window.location.replace('<?php echo get_site_url(); ?>/my-account/');
},
fail: function(err) {
console.log(err);
}
});
return false;
});
</script>
As you can see, I have a redirection for 'success' but this redirection also happens when the account user process fails. I'm assuming it's always a success because the AJAX request was carried out correctly and it's not able to know whether or not the PHP function ran or not?
I need to somehow get the User ID (if an account is created) and then check if it exists. This would determine if the function was successful or not. If not, then I can display a message to the end user?
This question already has answers here:
Prevent browser caching of AJAX call result
(21 answers)
Closed 2 years ago.
I have encountered a really weird situation. Im developing a software, to which I want to add a feature to confirm email, so basically, it sends an ajax request to my server and server responds with a key, this key will be also sent in the email within a link. This key is saved as a variable and then I add a setInterval, which runs a link, which by the key responds if the user has clicked the link or not. The data is stored in mysql. That everything works perfectly fine with one little issue. The AJAX responses do not update and just keep the old value although when I open the checking link in my browser the response is indeed different, does anybody have any thoughts what might by causing this issue?
$.ajax({
url: "http://...&em=" + email,
type: "GET",
success: function(rese){
if(rese === "E1") {
}else{
var checker = setInterval(function(){
$.ajax({
url: "http://...&key=" + rese,
type: "GET",
success: function(resee){
alert(resee);
}
});
}, 3000);
}
}
});
Edit - Server responses:
so, the data is updated in the moment, when user does click the link, the value changes to "yes", while normally, it would respond with just "no", but anyway, ajax keeps alerting me with no, even when i just have updated the value straight in the database
try adding a dynamic url to prevent cache:
$.ajax({
url: "http://...&em=" + email,
type: "GET",
cache: false,
success: function (rese) {
if (rese === "E1") {
} else {
var checker = setInterval(function () {
$.ajax({
url: "http://...&key=" + rese,
type: "GET",
cache: false,
success: function (resee) {
alert(resee);
}
});
}, 3000);
}
}
});
I must create a simple app to:
create input with my variable (NIP)
connect to site https://wyszukiwarkaregon.stat.gov.pl
somehowe show in my app Captcha code from there and able to fill in and POST to above site
search there "NIP" POSTed from my app and show results
I tried to get content by cURL and JS but as we know there's Same Origin Policy protection... Posting by JSON ends the same.
Now I'm stuck and don't even know how to do it. Anybody have any ideas?
Thanks for any help how to can create it.
How about AJAX-Request via JQuery?
Links:
http://www.w3schools.com/jquery/jquery_ajax_get_post.asp
http://api.jquery.com/jquery.ajax/
$.ajax({
method: "POST",
dataType: "json",
url: "http://www.stat.gov.pl/regon/",
data: { name: "John", password: "XXXXX" }
})
.done(function( msg ) {
alert( "Your Response:" + msg );
});
I am using Laravel as a PHP framework and I have Jquery set up so it prompts the user if they want to confirm redirecting away from the page or not.
The problem is that if the user confirms the redirect away from the page, I need to somehow perform some database operations to set various statues to closed on my tables.
How is this possible?
My Jquery code prompting the user
<script type="text/javascript">
$(window).bind('beforeunload', function(){
return 'Are you sure you want to leave?';
});
Just make an Ajax request to inform the server that the user will be redirectd.
$(window).bind('beforeunload', function(e){
if ( confirm("Are you sure you want to leave?") ) {
e.preventDefault();
// make ajax request to inform the server
$.ajax({
type: "POST",
url: reqUrl,
data: reqBody,
dataType: "json",
success: function(data, textStatus) {
// handle things
}
});
// Redirect.
window.location.href = someURL;
}
});
I have a few external links on my site and when one of them is clicked I am also using jQuery ajax to set a variable into session, so that when a user is back from the other site the variable is available. Sometimes, though, it seems that the redirect happens too fast and the session is not set. Is there to delay sending user to another site, perhaps by popping a modal?
Here's how I currently do it:
$(".myLink").click(function() {
var soc = $(this).attr("id");
$.ajax({
type: "POST",
url: "/myAjax.php",
data: {
"action" : "sent",
"social" : soc
},
dataType : "json"
});
});
I think that you would need to disable the default for the link, send the data to a php script to save the session var, and once it is completed, forward the user on. Something like this (not tested):
$('a.blank').click(function(e){
e.prevendDefault();
$.post( "session.php", {
url: $(this).attr('href'),
id: $(this).attr('id')
})
.done(function( data ) {
window.open(this.href);
});
});
Note, you will need to check for failure and add a default behavior, so that if the php script fails for some reason, the user is still directed to the given url.