"Read" Confirmation Button on Joomla - php

Fellow collegues
I tried to implement a simple button inside a Joomla article to see which registered users have read an article and which didn't. I failed miserably, since my knowledge about PHP is honestly too low.
It should be possible to have a reading confirmation button on selected articles, so that the superior can check who has already read important information and who has not.
I was thinking of using php for getting the articleid, userid and a read field to construct a table in MySQLi, and depending on whether it is read or not, read will be either true or false.
the table is constructed already, but filling in the right information really leaves me hanging.
Now Problems occuring:
To fill in every user for each article which should've been confirmed automatically is impossible for me. I know that i can get a users username with the command
$user = JFactory::getUser();
but i dont want to get the current user. It should provide an overview of which users have read the article and which didn't.
I'm really lost in code fragments and I'm having trouble understanding what I could benefit from.
I've already used the search function and this topic already came up several times, but still it seemed to me that it hasn't been answered properly yet.
Has anyone done something similar in Joomla before and could give me a hint on how to get this done?
Or does anyone know an extension which could handle the problem?
Any clarifying statements are warmly welcomed!
Greetings
Capo

The best way to handle this is to use ajax, specifically, the com_ajax Joomla component. It's not as hard as you might think, and we have written a step by step guide on how to use the Joomla ajax component here.
Essentially, you will need to create a button, which, when clicked, will send an ajax request to the server and update a table. The table that should be updated should be a custom table, containing the following fields: id, userid, contentid
The id field will be an autoincrement, the userid will be the ID of the user who read the article, and the contentid will be the ID of the article that the user has read.
Once you have the data in the table, you can then display it anyway you like!

Related

How to pass a hidden value from a html form to PHP without letting the user manipulate it?

I am developing a forum like website using php and mysql. A user can ask a question and other users can reply to it. So my database table structure is like below.
Two tables questions and replies:
Now I have designed a page to view the question, replies and post another reply. So when I insert a row into replies table I have to pass the question id too. It can be simply achieved by passing the question id via a hidden element in the form. But this is not secure because a user can change the hidden value and the reply will end up in a wrong question.
Another solution is to use a session variable to store the question id the user is currently viewing. But this is also not possible because user could be opening multiple tabs which will cause problems with session variable.
So how do I solve this problem? I would really appreciate it if you could give me an idea.
PS - How do the famous forum sites solve this problem?
have another hidden element which has a hashed version of the id, on the backend check that the hash matches (the same way you check a password against a db, i'm assuming you know how this works but i can explain if you don't)
Why does it matter if the user edits the request to comment on a different question?
the only reason i can think of, is that some questions are restricted to allow none/certain comments, in that case the you should already be handling that in the backend.
as danblack commented, you should always assume user inputs are untrustworthy, you should always handle validation like this on the backend.

I want to set up a form that will send its input data to a database. But I have no idea where to start

This is for a school project.
I have a website. I want this form to send its data into a database, but I have no idea where to start.
I want each field (Title, Name, Email, Inquiry) to be sent to an accessible database where the data is stored.
This is the code I have for the form. As you can see I have a "demo.php" page its linked to but that is empty. It's from a YouTube tutorial that I struggled to follow.
I understand that some level of PHP is involved to achieve this, so I have left it in. Is there anybody that could provide me with a basic guide on how to get around this? Treat me like a 5 year old, as this stuff really confuses me.
Please follow the link.It will explain the whole process of form submission & save in database:
http://www.tutorialspoint.com/php/mysql_insert_php.htm
I would suggest to continue watching videos if that is how you learn best, thenewboston has pretty good videos for beginners. To do what you want you will need to create a database and a file that handles the data before completing a database query which would insert the data.
https://www.youtube.com/playlist?list=PL442FA2C127377F07

PHP account system

I have a complicate question which I can't find answers from online, or maybe I just don't know the best word to describe it,but hopefully you all and help out little bit, thanks you so much.
I want to create a user account system in php
I know how to store user date when they registra an account in form, but next time when people log in how do you know whether they has an account already or not, other words how do you validate their username and password when they come to your side.
You must store the users data they provide on sign up, using a database such as MySQL or a flat-file system such as this class.
May I suggest you search up tutorials etc. using Google or Bing, if you look hard enough you can find anything on the internet ;)
You can always try this out - PHP Login
Dom.
Ps- check out PHPSquad, Tizag and w3schools they helped me massively when first learning PHP!
It is better if you use SQL database to store the users so you have to create a register page to insert the user data into the SQL database then a login page to read the user data from the database and you can make a profile page with the data you asked to the user on the register form you can do this with ASP and PHP I recomend you PHP cause is easier.
Here is a link that shows how to make a simple user registration system with PHP and MySQL but you have to add some security to your system.

Hiding table ID's in a website

I'm building a php website with lots of jquery / ajax. Basically the site is a simple blog and I display the last 10 database entries and their corresponding headlines on the front page. The user is then able to click a headline (where it's rerouted to site.com/blog?cid=76) and then view the full blog entry.
basically, is there any database security risk with displaying the 76 which corresponds to the blog_id in the database? Should I be making things more secure and if so how would I go about doing that?
There is no security issue.
It is similar to telling us what id this post has:
stackoverflow.com/questions/11379226/hiding-table-ids-in-a-website
All it does is tell the user which post it is.
The way you implemented it forces you to pass the id of the blog entry anyway: be it in POST or in a GET request. If the application is secure enough there shouldn't be a problem with passing the id. The only thing you could do would be to make the id a little bit more obscurely passed in the GET request:
Something like: site.com/blogs/disp/76 for instance
Yes there are risks. You need to know about und understand SQL injection. PHP offers a couple of methods that you can use to help prevent this type of attack.
This site offers a good explanation of SQL injection and methods to help prevent it:
http://rosstanner.co.uk/2012/01/php-mysql-preventing-mysql-injection/

Check when page changed

I'm new here, also a novice programmer, and not really familiar with PHP. I don't even know the name of some of the techniques I used when building my apps. I'm sorry for that, but I'll try to explain the best I can.
So I'm building a web apps with PHP / AJAX right now, and I've got to the point where some users (with their own privilege) have their own home page, which shows notification for them when something new happened in the system. I think I used the "get" method from the url to determine which page is the user in right now.
Here's a simple illustration :
A user with "Staff" privilege logged in, and then redirected to his home page. (http://localhost/apps/staff.php)
He open the notification page, and the url changes to : "http://localhost/apps/staff.php?cmd=notification"
I don't know the name of the technique, but here's how I do it : I get the cmd value using "$_GET['cmd']" and then pass it onto a function that checks what page to display.
The problem is, I want to delete the content of notification table and move it to the history table when the user leave the page so only the newest notification will shows. So I think I need to know when the user leave (move) to another page, or when the cmd value change. My question is, how ?
Ps. I'm still a student on a university so this is my homework. Please just point me on a direction and/or clue rather than write the code for me (and a clue to the name of that "get" technique is welcomed :p). I know I still got a lot to learn, but english is not my native and I've tried google and stackoverflow with no result (I believe it's because of my bad english and not knowing the name of the techniques I used).
Use a cookie to track the status of the notification.
See this thread for more info: Best way to show an admin message to certain users?
You can check if user went to notification (after his default user page) page like this:
if (isset($_GET['cmd']))
{
// delete old notifications
// and move to history table
// show new ones now
}
This checks if query string value cmd is there, he has moved to notification page.

Categories