shop_item_id must be valid - php

I'm working with this avatar community engine built on CodeIgniter, everything is working except the shop system.
Every time I try to buy an item I get this:
An Error Was Encountered
shop_item_id must be valid
I've narrowed the problem to this piece of code:
public function purchase_item()
{
$shop_item_id = $this->input->post('item_id');
if(!is_numeric($shop_item_id)) show_error('shop_item_id must be valid');
$shop_item_query = $this->db->join('avatar_items', 'avatar_items.item_id = shop_items.item_id')->get_where('shop_items', array('shop_item_id' => $shop_item_id));
if($shop_item_query->num_rows() > 0):
$shop_item_data = $shop_item_query->row_array();
else:
show_error('shop_item could not be found.');
endif;
$shop_id = $shop_item_data['shop_id'];
if ( ! $shop_data = $this->cache->get('shop_data_'.$shop_id)):
$shop_data = $this->db->get_where('shops', array('shop_id' => $shop_id))->row_array();
$this->cache->save('shop_data_'.$shop_id, $shop_data, 2400);
endif;
What is the solution?
p.s: I'm using the script of crysandrea (https://github.com/tylerdiaz/Crysandrea). I need this for my assignment.
Here's the code:
<form action="/shops/purchase_item/" method="POST">
<input type="hidden" name="item_id" value="<?php echo $item_data['shop_item_id'] ?>" />
<button type="submit" class="main_button">Purchase item</button>
</form>


You forget semicolon. now try following code
<form action="/shops/purchase_item/" method="POST">
<input type="hidden" name="item_id" value="<?php echo $item_data['shop_item_id']; ?>" />
<button type="submit" class="main_button">Purchase item</button>
</form>


You should write this code in function
if(!is_numeric((int)$shop_item_id)) show_error('shop_item_id must be valid');

Related

How to keep values in re-opened form?

I have two PHP files: index.php with a form, and data.php for further data manipulation.
Here is index.php:
<?php
session_start();
require_once("../index.conf");
$language = new Language();
$lang = $language->getLanguage(#$_POST['lang']);
?>
...
<form name="myForm" action="data.php" method="post" onsubmit="return validateForm()">
<input type="text" name="title" placeholder="e.g.: my_title" value="<?php echo isset($_POST['title']) ? $_POST['title'] : '' ?>">
...
<button class="btn_r" name="submit" type="submit">
<?php echo $lang['submit-button']; ?>
</button>
Here is data.php:
// success message
echo sprintf('
<div class="success">Good job! Your file <em>'.$file.'</em> was successfully created with this HTML content:<br>
<form name="goto_preview" method="post">
<input type="hidden" name="img_title" value="'.$title.'">
<button class="btn_l" name="reset" type="submit" name="logout" formaction="preview.php">PREVIEW RESULTS</button>
<button class="btn_r" name="submit" type="submit" name="continue" formaction="index.php">CORRECT DATA</button>
</form>
</div>',$img_name);
I try to return the user to the form, with the original values filled in if correction is needed. But the form always opens empty. What is wrong with my code?

Nothing is wrong with your code. That's just the way php forms work, you're redirecting to a new page therefore the form isn't filled out. To change that you could pass the POST arguments that you receive in the data.php and pass them back to index.php where you set them as default values (if present)

send a php webpage to folder and dispay the content as html

would it be possible to have a html/php template on index.php say for example (a news webpage template and then anyone can edit the title, paragraphs only, then on submit it then sends the webpage with the data stored to a paste bin like url so who ever visits that url say http://localhost/news/jjeh3bndjks they would only be able to view to content and not edit.
I would like to use something like this
<?php
if ($_POST) {
$pasteID = uniqid();
$paste = fopen("pastes/".$pasteID.".php", "w");
$contents = $_POST['pasteContents'];
fwrite($paste, $contents);
header('Location: /pastes/'.$pasteID.'.php');
}
?>
<form action="" method="POST">
<input type="text" name="pasteContents" placeholder="write here" />
<button type="submit" tabindex="0">submit</button>
</form>
but for some reason when i add another input box or try to send anymore data it fails or just gives me the last input given is there a way to send a whole page this way?
any help would be appreciated

You can use file_get_contents with the following code:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
parse_str(file_get_contents('php://input'));
echo param1 . '<br />' . param2;
} else {
?>
<form method="post">
<input type="text" name="param1" value="param1" />
<input type="text" name="param2" value="param2" />
<input type="submit" value="submit" />
</form>
<?php } ?>
(You can test it here)
Although, I did success to use $_POST too:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo $_POST['param1'] . '<br />' . $_POST['param2'];
} else {
?>
<form method="post">
<input type="text" name="param1" value="param1" />
<input type="text" name="param2" value="param2" />
<input type="submit" value="submit" />
</form>
<?php } ?>
Here

PHP Submit button doesn't have any effect (PhpStorm)

I updated the question.
Since the last code was pretty complex and even after fixing the stuff it didn't work, I executed the below simple code to check if things work. Even this code doesn't work. Whenever I click on the submit button, it again returns a 404 error.
Yes, I placed the PHP code in the body as well to check if this work but it doesn't.
<?php
if(isset($_POST['submit'])) {
echo("Done!!!!");
} else {
?>
<html>
<head>
<title>Echo results!</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input name="submit" type="submit" value="submit"/>
</form>
<?php
}
?>
</body>
</html>

Try giving the button_create as name of the submit button

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
if(isset($_POST['button_create'])) {
<td><input type="submit" name="button_create" id="button_create" value="Create Table!"></td>
change these lines see how you go from there

There are a couple of things wrong here, method should be POST instead of GET. The name attribute of text fields should be used when receiving the values. The submit button name should be used to check whether the button is clicked or not. See the example given below.
<?php
if (isset($_POST['submit'])) {
$ex1 = $_POST['ex1'];
$ex2 = $_POST['ex2'];
echo $ex1 . " " . $ex2;
}
?>
<form action="" method="post">
Ex1 value: <input name="ex1" type="text" />
Ex2 value: <input name="ex2" type="text" />
<input name="submit" type="submit" />
</form>

Echo results!
<?php
if(isset($_POST['submit'])) {
echo("Done!!!!");
} else {
?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input name="submit" type="submit" value="submit"/>
</form>
<?php
}
?>
this is for your updated question

openssl + random int for Token, problems when it comes to form action

I have a Tokening function like this:
public static function create() {
$int = random_int(8, 64);
$ssl = openssl_random_pseudo_bytes(32);
$base64 = base64_encode($ssl);
return Session::put(Config::get('session/token_name'), trim($base64, '='));
}
My tokening function is working, the problem occurs when I tried it now on multiple forms Note: same page
This is my form (example, I only changed the names but that's on my code):
<form method="post">
<input type="hidden" name="t_sample1" value="<?php echo Token::make(); ?>">
<button name="btn1">sample1</button>
</form>
<form method="post">
<input type="hidden" name="t_sample2" value="<?php echo Token::make(); ?>">
<button name="btn2">sample2</button>
</form>
<form method="post">
<input type="hidden" name="t_sample3" value="<?php echo Token::make(); ?>">
<button name="btn3">sample3</button>
</form>
<form method="post">
<input type="hidden" name="t_sample4" value="<?php echo Token::make(); ?>">
<button name="btn4">sample4</button>
</form>
Then, I am only trying this tokening style because I changed my Tokening function from md5(uniqid()) style because they said it is not safe and I read alot of expert tips and said go for openssl then base64_encode it. This is the php code for determining if what form is clicked.
if(Input::exists()) {
if(Token::check(Input::get('t_sample1'))) {
$echo = 'sample1';
}
if(Token::check(Input::get('t_sample2'))) {
$echo = 'sample2';
}
if(Token::check(Input::get('t_sample3'))) {
$echo = 'sample3';
}
if(Token::check(Input::get('t_sample4'))) {
$echo = 'sample4';
}
}
Now the problem is, when I try to click the button sample1-sample3 my token::check is false, but only sample4 does token::check go true. It seems that only the last form will only have a correct token. So I am looking for help how to figure it out how to make the other sample(1-3) go true under token::check, btw the md5(uniqid()) tokening function is working.

$_Post Doesnt Work [Undefined index]

Giris.php (login screen)
<html>
<form method="post" action="verify.php">
<p>Birinci Isletim Sistemi:</p> <input type="text" name="txt_biris"><br><br>
<p>Ikinci Isletim Sistemi:</p> <input type="text" name="txt_ikis"><br>
<input type="submit" value="Karşılaştır!">
</form>
</body>
</html>
Verify.php
<?php
$ad = $_POST["txt_biris"];
echo"Ad...: $ad";
$sifre = $_POST["txt_ikis"];
echo "Sifre...: $sifre";
It returns..
Error
I tried many ways, controlled variables etc. But i didnt fix it. I'm using PHP 7 on Apache 2.4.17.

Use
<?php
if(isset( $_POST["txt_biris"]))
{
$ad = $_POST["txt_biris"];
echo"Ad...: $ad";
$sifre = $_POST["txt_ikis"];
echo "Sifre...: $sifre";
}

Categories