Client looks like we got no XML document in soapclient php - php

I have problem in using SoapClient in php. Considering that it is my fist try in authenticating user credentials so I might have some basic mistakes in my code as well.
I have a simple html tags that takes user credentials(on client side) and sends them to a processing page (works in backend) and sends soap message to server page using __soapCall. Here is the code.
Please help with your suggestions
Client.php
<html>
<body>
<form method='POST' action='middle_client.php'>
<lable>User Name</lable><input type='text' name= 'user' id='user'>
<br>
<lable>Password</lable><input type='password' name= 'pass'>
<br>
<lable>Insurance Name</lable><input type='text' name= 'insurance'>
<br>
<input type='submit' name= 'submit'>
</form>
<body>
</html>
Middle_client.php
<?php
use \SoapClient;
if(isset($_POST['submit'])){
$name= $_POST['user'];
$password= $_POST['pass'];
$insurance= $_POST['insurance'];
$con=mysql_connect("localhost","root","");
// Check connection
if (!$con) {
die('Not connected : ' . mysql_error());
}
$db_selected = mysql_select_db($insurance, $con);
if (!$db_selected) {
die('Invalid query: ' . mysql_error());
}
if ($db_selected=='insurance'){
//header('Location:server.php');
}
}
class client{
function __construct(){
$parameters = array('location' => 'http://localhost/XXX/server.php',
"uri" => 'urn://localhost/XXX/',
'trace' => 1,
);
$this->instance = new SoapClient(NULL,$parameters);
$auth_parameter = new stdClass();
$auth_parameter->name = "ABC";
$auth_parameter->password = "root";
$header_param = new SoapVar($auth_parameter, SOAP_ENC_OBJECT);
$header = new SoapHeader('XXX', 'authenticate', $header_param, false);
$this->instance->__setSoapHeaders(array($header));
}
public function getname($array){
return $this->instance->__soapCall('testing', $array);
}
}
$client = new client();
$array = array ('P_name'=> 'Foo');
echo $result = $client->getname($array);
var_dump($client);
?>
and Server.php
<?php
class server{
private $con;
public function authenticate($header_param){
if ($header_param->name == 'ABC' && $header_param->password == 'root' ){
return true;
}
else throw new SOAPFault("Wrong Name/Password", 401);
}
public function __construct(){
$this->con = (is_null($this->con)) ? self::connect() : $this->con;
}
static function connect(){
$con=mysql_connect("localhost","root","insurance");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$db = mysql_select_db("user", $con);
return $con;
}
public function testing($array){
$usernme = $array['P_name'];
$sql = "SELECT * from user where P_name=".$usernme;
$qry= mysql_query($sql,$this->con);
$result = mysql_fetch_array($qry);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
/return $returned_name= $result["P_name"];
}
}
$parameter = array("uri" => 'localhost/XXX/server.php');
$server = new SoapServer(NULL, $parameter);
$server-> setClass('server');
$server-> handle();

Related

php - right GET handling

I have file users.php and i want to display user's information when is set for example users.php?id=5
my "users.php" file is:
<?php
$page_title = "Administrace - Uživatelé";
require_once($_SERVER['DOCUMENT_ROOT']."/core/main.php");
if(!Admin::is_admin() or !User::is_logged()) // check if user is logged and is admin
{
redirect($url."index.php"); //get out of here
}
$user = new User();
if(isset($_GET["id"]))
{
$id = test_input($_GET["id"]); // = htmlspecialchars() & trim() & stripslashes()
$is_valid = ctype_digit($id);
if($is_valid && $user->check_user_available($id)) // check if $id is number AND if user with the $id is in database
{
// show user's information
} else {
// get out of here
redirect($url."admin/");
}
} else {
?>
<i>...toto je random text...</i>
<section>
<div class="content">
<h1>Administrace -> Uživatelé</h1>
<p>
<?php
echo ($user->get_all_users()); // get all users (User)
?>
</p>
</div>
</section>
<aside>
<?php
$login = new Panel("login");
$partneri = new Panel("partners");
?>
</aside>
<?php } require_once($_SERVER['DOCUMENT_ROOT']."/template/footer.php");?>
my check_user_availabe() function:
<?php
public function check_user_available($id)
{
$id = trim($id);
$id = stripslashes($id);
$id = htmlspecialchars($id);
if(ctype_digit($id))
{
$query = Database::dotaz('SELECT * FROM `users` WHERE `id`=?', array($id));
if($query > 0)
{
return true;
} else {
return false;
}
}
}
?>
I'm also using PDO prepared statements.. Here is my class database and function dotaz() (dotaz = query)
<?php
class Database {
// Databázové spojení
private static $connection;
// Výchozí nastavení ovladače
private static $nastaveni = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
PDO::ATTR_EMULATE_PREPARES => false,
);
// Připojí se k databázi pomocí daných údajů
public static function connect($host, $username, $password, $dbname) {
if (!isset(self::$connection)) {
self::$connection = #new PDO(
"mysql:host=$host;dbname=$dbname",
$username,
$password,
self::$nastaveni
);
}
}
public static function dotaz($dotaz, $parametry = array()) {
$navrat = self::$connection->prepare($dotaz);
$navrat->execute($parametry);
return $navrat->rowCount();
}?>
Could you say me if the $_GET part is well-secured or help me to secure it better ? Thank you all

How to make a list of most ordered item on database?

I have a MVC like store.
I wish to make a list of the most bought items (in this case prints, because it's a print store).
I'm finding it very hard specially because I'm very new to php / mysql and specially to this MVC structure... I hope this isn't a bad question.
I have a model.php like this :
<?php
class model {
private $conn;
function __construct() {
$server = "localhost";
$login = "root";
$pass = "";
$db = "printstore";
$conn = new mysqli($server, $login, $pass, $db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
$this->conn = $conn;
}
}
function __destruct() {
$this->conn->close();
}
function buildArr($result) {
$arr = array();
while ($row = $result->fetch_assoc()) {
array_push($arr, $row);
}
return $arr;
}
}
a controller.php:
<?php
include 'model.php';
class Controller {
private $model;
function __construct() {
$this->model = new model();
}
function home() {
include 'views/home.php';
}
}
a index.php:
<?php
session_start();
include 'controller.php';
define("BASE_URL", 'http://' . $_SERVER['SERVER_NAME'] . '/printstore2/index.php/');
define("MAIN_BASE_URL", 'http://' . $_SERVER['SERVER_NAME'] . '/printstore2/');
$controller = new controller();
include 'views/templates/header.php';
if (isset($_SERVER['PATH_INFO'])) {
$url = explode("/", $_SERVER['PATH_INFO']);
$function_name = $url[1];
if (isset($url[1]) && $url[1] !== "") {
if (isset($url[2])) {
$controller->$function_name($url[2]);
} else {
$controller->$function_name();
}
} else {
$controller->home();
}
} else {
include 'views/home.php';
}
include 'views/templates/footer.php';
And the view where I want to post the "Best Selling Prints":
<div>
<h2>Top Prints</h2>
<ol>
<li>1st print most bought</li>
<li>2nd</li>
<li>3rd</li>
</ul>
Now, my database has a table called "print_for_sale" which has the print_id and the sale_id, where I can see how many of each prints has been bought.
How can I do this? I'm so lost!
I'm sorry for the long post.

Use COUNT and GROUP BY
to get a list of all prints vs their sale count:
SELECT fk_print_id as printId, COUNT(print_for_sale_id) as saleCount
FROM print_for_sale
GROUP BY fk_print_id
ORDER BY saleCount DESC
that is, if i understood your table right.

Checking if this email already has an account function does not work with PHP HTML and MySQL

I have following code:
<meta charset="UTF-8">
<?php
include_once 'init/init.funcs.php';
function emaili_pikkus(){
global $email;
if (strlen($email)>45){
echo 'e-mail ei tohi olla pikem kui 45 tähemärki';
}
else{
parooli_pikkus();
}
}
function parooli_pikkus()
{
global $parool;
$pikkus = strlen($parool);
if ($pikkus<6){
echo "Parool peab olema vähemalt 6 tähemärki pikk";
}
else {
varasem_olemasolu();
}
}
function varasem_olemasolu()
{
global $email;
if(!empty($_POST['email']))
{
$query = mysql_query("SELECT * FROM kasutajad ") or die(mysql_error());
$array = mysql_fetch_array($query);
if(in_array($email, $array))
{
echo "Selle e-mailiga on kasutaja juba registreeritud.";
}
else
{
paroolide_kattuvus();
}
}
}
function paroolide_kattuvus()
{
$parool = $_POST['parool'];
$parool_uuesti = $_POST['parooluuesti'];
if($parool==$parool_uuesti)
{
NewUser();
}
else{
echo "Paroolid ei kattu.";
{}
}
}
function NewUser()
{
global $sql;
if (mysql_query( $sql))
{
echo "Kasutaja loodud";
}
}
emaili_pikkus();
?>
And file init.funcs.php which contains following:
<?php
session_start ();
$db = mysql_connect ( 'localhost', 'root', 'aaaa' );
$email = mysql_real_escape_string($_POST['email']);
$eesnimi = mysql_real_escape_string($_POST['eesnimi']);
$perekonnanimi = mysql_real_escape_string($_POST['perekonnanimi']);
$parool = $_POST['parool'];
$parool_uuesti = $_POST['parooluuesti'];
$salt = rand(10000,99999);
$hashed_pwd = sha1('$parool'.$salt);
$sql="INSERT INTO kasutajad (e_mail, eesnimi, perenimi, parool, salt ) VALUES ('$email','$eesnimi', '$perekonnanimi', '$parool', '$salt')";
if (! $db) {
header ( "location: /" );
die ();
} else {
mysql_select_db ( 'ta2014' );
}
include_once 'functions/user.funcs.php';
?>
My HTML looks like this:
<!DOCTYPE html>
<meta charset="UTF-8">
<html>
<head>
<title>Registreerimine</title>
</head>
<body>
<strong>Registreerimiseks täida järgnevad väljad: </strong><br>
<br>
<form method="POST" action="registreerimine4.php">
<table>
<tr><td>Sinu Tieto e-maili aadress: </td><td><input type="text" name="email"></td></tr>
<tr><td>Eesnimi: </td><td><input type="text" name="eesnimi"></td></tr>
<tr><td>Perekonnanimi: </td><td><input type="text" name="perekonnanimi"></td></tr>
<tr><td>Parool: </td><td><input type="text" name="parool"></td></tr>
<tr><td>Parool uuesti: </td><td><input type="text" name="parooluuesti"></td></tr>
</table>
<br>
<input type="submit" value="Registreeri" name="Registreeri">
</form>
</body>
</html>
Now when I run my HTML and PHP everything works properly except one function. varasem_olemasolu() does not work. This function is meant for checking if this email address already has an account registred. Everything worked properly when I used following code, but its too long and overly complicated to really use:
<meta charset="UTF-8">
<?php
function emaili_pikkus(){
$con = mysql_connect("localhost","root","aaaa");
$email = mysql_real_escape_string($_POST['email']);
if (strlen($email)>45){
echo 'e-mail ei tohi olla pikem kui 45 tähemärki';
}
else{
parooli_pikkus();
}
}
function parooli_pikkus()
{
$parool = $_POST['parool'];
$pikkus = strlen($parool);
if ($pikkus<6){
echo "Parool peab olema vähemalt 6 tähemärki pikk";
}
else {
varasem_olemasolu();
}
}
function varasem_olemasolu()
{
$con = mysql_connect("localhost","root","aaaa");
mysql_select_db("ta2014", $con);
$email = mysql_real_escape_string($_POST['email']);
if(!empty($_POST['email']))
{
$query = mysql_query("SELECT * FROM kasutajad ") or die(mysql_error());
$array = mysql_fetch_array($query);
if(in_array($email, $array))
{
echo "Selle e-mailiga on kasutaja juba registreeritud.";
}
else
{
paroolide_kattuvus();
}
}
}
function paroolide_kattuvus()
{
$parool = $_POST['parool'];
$parool_uuesti = $_POST['parooluuesti'];
if($parool==$parool_uuesti)
{
NewUser();
}
else{
echo "Paroolid ei kattu.";
{}
}
}
function NewUser()
{
$con = mysql_connect("localhost","root","aaaa");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("ta2014", $con);
$email = mysql_real_escape_string($_POST['email']);
$eesnimi = mysql_real_escape_string($_POST['eesnimi']);
$perekonnanimi = mysql_real_escape_string($_POST['perekonnanimi']);
$parool = $_POST['parool'];
$parool_uuesti = $_POST['parooluuesti'];
$salt = rand(1000000,99999999);
$hashed_pwd = sha1('$parool'.$salt);
$sql="INSERT INTO kasutajad (e_mail, eesnimi, perenimi, parool, salt ) VALUES ('$email','$eesnimi', '$perekonnanimi', '$parool', '$salt')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Kasutaja loodud";
}
emaili_pikkus();
?>
It is a long question and I would be very thankful if someone answers me.

You do not require to fetch complete table record to search email in it. Just change your query as below & check if it returns row is greater than 0.
SELECT * FROM `kasutajad` WHERE `e_mail` = $email
Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Example with PDO:
$email = $_POST['email'];
$con = new PDO( 'mysql:host=localhost;dbname=DB_NAME;charset=UTF-8', 'DB_USER_NAME', 'DB_USER_PASS' );
$query = $con->prepare( "SELECT `e_mail` FROM `kasutajad` WHERE `e_mail` = ?" );
$query->bindValue( 1, $email);
$query->execute();
if( $query->rowCount() > 0 ) { # If rows are found for query
echo "Email Already exits!";
}
else {
echo "Email not found!";
}

PHP Class Function Ignores Return Statement

For some reason the return doesn't work when the check_em() succeeds. I'm new to php, so I'm at a loss here.
<?php
//Class to handle mysql
class db_handler {
private $db_host = 'localhost';
private $db_name = 'project';
private $db_user = 'project';
private $db_pass = 'dbpassword';
private $db_con_mysql = '';
private $db_con_db = '';
public function check_em($username, $password) {
$db_query = "SELECT password FROM user WHERE name='".$username."' LIMIT 1;";
if($this->db_con_mysql!='') {
$db_query_response = mysql_query($db_query) or die('Query failed: '.mysql_error());
$db_query_return = mysql_fetch_row($db_query_response);
$db_sha1_hash = $db_query_return[0];
echo $db_sha1_hash."<br>";
echo sha1($password)."<br>";
if(sha1($password)==$db_sha1_hash) {
return 'user valid'; //THIS DOESN'T WORK!?!?!?
} else {
return 'no good';
}
} else {
$this->db_connect();
$this->check_em($username, $password);
}
}
//Connect to mysql, then database
private function db_connect() {
$this->db_con_mysql = mysql_connect($this->db_host, $this->db_user, $this->db_pass) || die('Connection failed: '.mysql_error());
$this->db_con_db = mysql_select_db($this->db_name) || die('Could not use'.$this->db_name.'. '.mysql_error());
return;
}
//Disconnect from database and reset vars used to track connection.
private function db_disconnect() {
if($this->db_con_mysql!='') {
mysql_close();
$this->db_con_mysql = '';
$this->db_con_db = '';
return;
}
}
public function fake($some_val) {
if($some_val<6) {
return TRUE;
} else {
return FALSE;
}
}
}
$db_obj = new db_handler();
$val1 = $db_obj->check_em('someuser','password'); //should return 'user valid'
echo "val1:".$val1."<br>";
echo "<br><br>";
$val2 = $db_obj->check_em('someuser','passw0rd'); //should return 'no good'
echo "val2:".$val2."<br>";
echo "<br><br>";
echo "test<br>";
echo $db_obj->fake(4)."<br>";
?>
Results:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
val1:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53
val2:no good
test
1

This line needs a return:
return $this->check_em($username, $password);
But a more sensible solution would be to connect to the database inside the if when the connection is null. Really, the whole thing could be better written, but I'll leave it at that.

...
else {
$this->db_connect();
return $this->check_em($username, $password);
}
...
You want to add the return, so that if it fails, then it goes one level deeper and finds another. If that level deeper succeeds, it passes the value up to the level above, which can pass it up and up until it reaches the original function call.

Flex PHP service

Already tearing my hairs out for a couple of days. There is not much left of them ;-)
I am experiencing a strange problem when I want to bind a service to a button or something else:
files:
- CDPC.php
<?php
require_once ('VOcdpc.php');
class CDPC {
var $username = "root";
var $password = "";
var $server = "localhost";
var $port = "3306";
var $databasename = "xoffercommon";
var $tablename = "tblcity";
var $connection;
public function __construct() {
$this->connection = mysqli_connect(
$this->server,
$this->username,
$this->password,
$this->databasename,
$this->port
);
mysqli_set_charset($this->connection,'utf8');
$this->throwExceptionOnError($this->connection);
}
public function getCDPC($cityID) {
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("xoffercommon", $con);
$cdpc_Id = new Vocdpc();
$cdpc_Id->id_cdpc = 1;
$cdpc_Id->city_Id=$cityID;
$result_prov = mysql_query("SELECT tblProvence_Id FROM tblCity WHERE Id = " . $cityID);
$row = mysql_fetch_array($result_prov);
$cdpc_Id->provence_Id=intval($row['tblProvence_Id']);
$result_dist = mysql_query("SELECT tblDistrict_Id FROM tblProvence WHERE Id = " . $cdpc_Id->provence_Id);
$row = mysql_fetch_array($result_dist);
$cdpc_Id->district_Id=intval($row['tblDistrict_Id']);
$result_coun = mysql_query("SELECT tblCountry_Id FROM tblDistrict WHERE Id = " . $cdpc_Id->district_Id);
$row = mysql_fetch_array($result_coun);
$cdpc_Id->country_Id=intval($row['tblCountry_Id']);
return $cdpc_Id;
mysql_close($con);
}
private function throwExceptionOnError($link = null) {
if($link == null) {
$link = $this->connection;
}
if(mysqli_error($link)) {
$msg = mysqli_errno($link) . ": " . mysqli_error($link);
throw new Exception('MySQL Error - '. $msg);
}
}
}
?>
VOcpdc.php
<?php
class VOcdpc
{
public $id_cdpc;
public $country_Id;
public $district_Id;
public $provence_Id;
public $city_Id;
// explicit actionscript class
var $_explicitType = "Vocdpc";
}
?>
In flex builder
I can add the services to the Data Services panel but I have two strange things:
1) when I want to configure the return type he doesn't let me create a new ValueObject type, I only get the bottom datagrid which states: Properties returned by the operation: Property: country_Id, provence_Id, city_Id, id_cdpc, district_Id with the related values on the right side. Why can't I create a new data type on the top?
2) When I accept this and want to add the service call to a button (drag&drop) I get the following error: Error occurred while generating code. Make sure that there are no compiler eroors and try again after reopening the file. Componentn type services.cdpc.CDPC not found...
(ps: When I perform a Test Operation everything seems to be ok, I get the expected output values)

this is the class included in the main cdpc.php file, the post drops it apparently, so here is the VOcpdc file:
// explicit actionscript class
var $_explicitType = "Vocdpc";
}
?>

Categories