function appoint_del(sat,sat1)
{
if(confirm("Are You Sure To delete Selected Person Details Completely?"))
{
document.form1.action="student.php?cedit="+sat+"&did="+sat1;//
document.form1.submit();//an alternative to call form
}
}
<?
if($_GET['did']!="")
{
$del=executeupdate("delete from table2 where id=".$_GET[did]);
redirect("student.php?succ=3");
}
?>
To delete the content in data base by clint I have successfully did the job but I am not completelly aware of what is happining by the statement1 document.form1.action="student.php?cedit="+st+"&did="+st1;
and statement2
document.form1.submit()
can any one explane it?
and can sugest any good reference book for clarifing these type of doubts?
document.form1.action="student.php?cedit="+sat+"&did="+sat1;
This line of JavaScript sets a html form's action to the student.php page and appends the two parameters "cedit" and "did" along with their values. I assume you have a form on your page somewhere.
document.form1.submit();
This submits that form. I don't know where to or by what method (POST, GET) because you haven't provided any details on the form. I assume it submits back to the same page because the next line is a handler:
if($_GET['did']!="")
This detects whether the form was submitted by checking if the "did" parameter is present.
$del=executeupdate("delete from table2 where id=".$_GET[did]);
This seems to execute a database query with a massive SQL injection vulnerability. Very dangerous.
redirect("student.php?succ=3");
Redirects back to the same page again, this time passing in a different "succ" parameter which I assume is handled via some other code that you haven't provided.
Related
I am currently trying to work out a basic referral form. The process is as follows:
The referrer will use a form to send an email to their friends. (Example: http://www.graphicgoldfish.com/refer.html) As you can see, the form requires their Username and their IGN (in-game name). This is very important.
A link is generated using the referrer's information as the parameters. The parameters will be used to reward the referrer once the friend has completed the second form. (Example: http://www.graphicgoldfish.com/referral.html?ref_username=LRRoberts0122&ref_ign=DerpyGoldfish)
When that link is clicked, it opens up a second form where the friend can input their information. My problem is, that when the friend submits the form, the parameters from the original URL do not get passed.
How am I able to keep those parameters after the submission?
My PHP:
<?php
echo $_GET['ref_username'];
echo $_GET['ref_ign'];
if (isset($_GET['ref_username'])) {
$r_username = $_GET['ref_username'];
}
if (isset($_GET['ref_ign'])) {
$r_ign = $_GET['ref_ign'];
}
None of this seems to be doing what I want. My guess is that it doesn't exist, because if I run the PHP and manually add the parameters, it works. I'm just not sure how to go about doing this automagically.
EDIT: The parameters are being passed into an HTML file from the link that was generated. The friend needs to fill out a form. How can I get the values that were passed in the parameters to the HTML file, and concatenate them to the action (where it submits to a PHP file)?
This is not working for me.
<form action="http://www.graphicgoldfish.com/php/referral.php?ref_username=<?php echo $ref_username ?>&ref_ign=<?php echo $ref_ign?>" method="POST">
First off...in your generator.php form. You are using POST not GET
So you should retrive your variables as such.
if (isset($_POST['ref_username'])) {
$r_username = $_POST['ref_username'];
}
if (isset($_POST['ref_ign'])) {
$r_ign = $_POST['ref_ign'];
}
Secondly when you generate that link with the paramters in it. You are passing the parameters to an html file.
http://www.graphicgoldfish.com/referral.html?ref_username=LRRoberts0122&ref_ign=DerpyGoldfish
You need to pass them to a php file for this to work...
http://www.graphicgoldfish.com/referral.php?ref_username=LRRoberts0122&ref_ign=DerpyGoldfish
How can I get back (to the browser) some data automatically (from server) after a POST?
I have a HTML form
I POST the form's data to a php code eg: saveRecord()
the php code saves the data in a mySQL DB
if the data contains a non 0 record ID there will be an UPDATE, if the record ID == 0 there will be an INSERT, and the php code knows (gets back from DB) the new record ID
(after INSTER) how can I send that new record ID back to (browser) HTML form?
If I edit an existing record (ID !=0 ), everithing is fine...
My problem is that, when I post NEW data (ID == 0) I can post it several times, and the php code each time creates a new record in the DB... But I really don't want that. I would like to send (from the server) back (to the browser) the INSERTed records ID (right in the HTML form), to prevent multiple INSERTs...
How can I do that?!
the specific CI code:
function update($record) {
print_r($record);
$id = $record['crn_id'];
$record['crn_active'] = ( ($record['crn_active'] == 'on') ? 1 : 0 );
array_shift($record);
if ($id == 0) {
$this->db->insert('currencies', $record);
} else {
$this->db->where('crn_id', $id);
$this->db->update('currencies', $record);
}
}
?>
Here are three ways to help you on your way that can be generalized:
Make another column unique. If you care so much about possibly having duplicate data in your database there may be some rule to it that you can generalize in the form of a constraint.
Disable the submit button after it was clicked (e.g. <input type="submit" onsubmit="this.disabled=true">). (make sure to re-enable it if some ajax based validation fails)
Use a one time key generated to make sure the user did not just reload the submitted page. Have a look at form keys which can also help against CSRF and XSS attacks.
On my web page I have Zend_Form with CSRF hash. It submits to the same page and it is used to update user's data (name, surname, birthdate and so on...). I would like to reinitialize CSRF hash after every valid post submission. How I could do it?
Now when I first time submit 'user data' form I get proper behavior (user data gets updated). But if I submit again (right after first, proper submit) to change another form field I get error saying:
The two given tokens do not match
Is there anyway to reinitialize hash properly?
Your problem comes from this function in Zend_Form_Element_Hash the $session->setExpirationHops is set to 1 hop, so if you try to resubmit the same form it will always fail. This is by design and is the root of the security you're seeking.
However you can change this behavior, simply extend Zend_Form_Element_Hash and override this method to set the expirationHops to a value you prefer (you can also set the session options manually at any time if you prefer).
public function initCsrfToken()
{
$session = $this->getSession();
$session->setExpirationHops(1, null, true);
$session->setExpirationSeconds($this->getTimeout());
$session->hash = $this->getHash();
}
It goes without saying that it would be in the interest of security to perform a full refresh and repopulate the form to perform any edits. This should reset the hash.
My problem came from tampering with Zend_Form_Element_Hash init methods, I had this:
$_csrf = new Zend_Form_Element_Hash($this->_csrfName);
$_csrf->setSalt(md5($name));
$_csrf->setAttrib('id', '');
$_csrf->initCsrfToken();
The last line should never be there. When I removed it, everything started to act correctly.
#RockyFord: The initCsrfToken() function was place I was looking at the beginning, but
for me (I mean my intuition) it just couldn't be that. So I just debugged, debugged, debugged,
and at last commenting out 4th line was proper solution. Sorry for holding off reply, I totally forgot.
I currently have a page defined which displays some data in rows. At the end of each row, there is a view which shows a total which is extracted from mysql.
$r->add('View_PointsLeft', 'pleft', 'pointsleft')
->setPoints($row['points_left'])
->setBacklog($row['backlog_ref'])
->setID($row['id'].'-points-left');
The view is defined with a template like this
<!-- points left -->
<div class='target points_left'>
<div class='sticky green'>
<div class='story'><?$backlog?></div>
<div id='<?$name?>' class='big_points big_point_margin'><?$pointsleft?></div>
</div>
</div>
<!-- end 0000-points-left -->
The data to populate the view is selected using a sql in the page which is looped through and the /lib/view/pointsleft.php code has set methods which are passed parameters from the page and update the fields in the template.
class View_PointsLeft extends View_Sticky {
function init(){
parent::init();
}
function setPoints($points){
$this->template->set('pointsleft',$points);
return $this;
}
function setBacklog($backlog){
$this->template->set('backlog',$backlog);
return $this;
}
function defaultTemplate(){
return array('view/scrumwall/pointsleft');
}
}
I want to update the database when something is changed on the page and also update the total view (to decrement the counter).
First, I'm wondering if i have approached this the wrong way (should each view should be self contained) - should i just pass the id field to the view, attach the relevant model to the view inside lib/view/pointsleft.php and call the set fields using the model values ?
Secondly, If i change it that way, does it then make it easier to update the view with a particular id when the database value is changed using ajax and if so , how do i do this ?
Thirdly - if i want to also trigger an update into the database based on an action on the client side javascript, where would i put this code e.g. in the non atk4 version of my code, i had a script called using $.post("update.php") which would update mysql. Where would i put such a script in ATK4 ?
Thanks in advance.
Update after answer from Romans
Man, ATK4 rocks ! - it does more than i expected and i was busy creating functions inside the view to populate each field name, so now having redone it using addModel,
the call from the page looks like this
$r->add('View_PointsLeft', 'pleft', 'pointsleft')
->loadData($row['id']);
the templates/view looks like this
<div id='<?$name?>' class='target points_left'>
<div class='sticky green'>
<div class='story'><?$backlog_ref?></div>
<div class='big_points big_point_margin'><?$points_left?></div>
</div>
</div>
and the lib/view code looks like this
<?php
class View_PointsLeft extends View_Sticky {
function loadData($id){
$this->setModel('Story')->loadData($id);
}
function init(){
parent::init();
}
function defaultTemplate(){
return array('view/scrumwall/pointsleft');
}
}
Update after code example from Romans
After following the code example Romans provided, i now add the URL call using jquery selectors at the bottom of my page code and do some jiggery pokery to get the task and status from the id fields (not sure about using HTML5 only stufff using data-id so just set the normal id and extract from that). Previously the drop code was in my own univ.js script but i dont have access to the php variables from there so i move it into the page
$p->js(true)->_selector('.movable')->draggable();
$p->js(true)->_selector('.target')->droppable(array(
'drop'=>$this->js(null,'function(event,ui){'.
' target=$(this).attr("id").split("-");'.
' zone=target[2];'.
' sticky=$(ui.draggable).attr("id").split("-");'.
' task=sticky[1];'.
' switch (zone) {'.
' case "verify": newStatus="V";'.
' break;'.
' case "in": newStatus="P";'.
' break;'.
' case "to": newStatus="I";'.
' break;'.
' case "done": newStatus="D";'.
' break;'.
'}
$.univ().ajaxec({ 0:"'.$this->api->getDestinationURL().'",'.
'task: task, status: newStatus }); } ')
));
and i have a if block which looks like this in the page. I add Model_Task and load the values based on the GET parameter so i then also have more information including the story it relates to so i can also update the points if the status is now done.
if($_GET['task'] && $_GET['status'])
{
$new_status=$_GET['status'];
$task_id=$_GET['task'];
$t=$p->add('Model_Task')->loadData($task_id);
$old_status=$t->get('status');
$task_points=$t->get('points');
if ($new_status<>$old_status & ($new_status=='D' | $old_status=='D'))
{
$s=$p->add('Model_Story')->loadData($t->get('story_id'));
if ($old_status='D')
{
$s->set('points_left',$s->get('points_left')+$task_points);
} else {
$s->set('points_left',$s->get('points_left')-$task_points);
}
$s->update();
$story=$t->get('story_id');
}
$t->set('status',$new_status);
$t->update();
}
i can then calculate the new number of points and update the story with points left and update the task with the new_status by setting the model values and using update().
If i now move one of the draggables, it works but opens a new window showing again the whole page and reporting
Error in AJAXec response: SyntaxError: syntax error
I think opening the extra window is because of the error but the error is something to do with the response having all the html for the whole page. I dont actually want any reload from the ajax call unless the status is a particular one.
Also the last thing i need to do is only reload one view on the page for the particular story that was updated.
I've tried by creating an array and adding the short variables to it like this when the page is first loaded
$this->pl_arr[$row['id']]=$r->add('View_PointsLeft', 'pleft', 'pointsleft')
->loadData($row['id']);
and then in the if block while processing the GET, to recall it
$pleft=$this->pl_arr[$story];
$pleft->js()->reload()->execute();
but it fails with an error
Error in AJAXec response: SyntaxError: missing ; before statement
Fatal error: Call to a member function js() on a non-object in C:\wamp\www\paperless\page\scrumwall.php on line 247
Final update
The last error is caused because i didnt use for the id in the outer div of the whole view i wanted to update. Once i changed this it is no longer null.
So the first time the page is loaded, i store all the view names in an associative array in a loop as i put them on the page
$st = $p->add('Model_Story');
$result = $st->getRows();
foreach ($result as $row) {
if (is_array($row)) {
$r=$p->add('View_Scrumwall_StoryRow')
->setWorkspace('ws-'.$row['id']);
... other code here ...
$points_left[$row['id']]=$r->add('View_PointsLeft', null, 'pointsleft')
->loadData($row['id']);
}
and then have the if GET block like this
if($_GET['task'] && $_GET['status'])
{
$new_status=$_GET['status'];
$task_id=$_GET['task'];
$t=$p->add('Model_Task')->loadData($task_id);
$old_status=$t->get('status');
$task_points=$t->get('points');
if ($new_status<>$old_status && ($new_status=='D' || $old_status=='D'))
{
$s=$p->add('Model_Story')->loadData($t->get('story_id'));
if ($new_status=='D')
{
$s->set('points_left',$s->get('points_left')-$task_points);
} else {
$s->set('points_left',$s->get('points_left')+$task_points);
}
$s->update();
$story=$t->get('story_id');
//reload the points left sticky note for the story of the task
$js[]=$points_left[$story]->js()->reload();
}
$t->set('status',$new_status);
$t->update();
$js[]=$this->js()->reload();
$this->js(null,$js)->execute();
}
Note that if I only want to update one view on the page, i can just call that chaing that object with reload and execute e.g.
$pl->js()->reload()->execute
but if i want to update several views on the page, i need to put them in an array (here called js[]) and then call execute like this - you can also see an example of this in Roman's codepad example.
$js[]=$points_left[$story]->js()->reload();
$js[]=$this->js()->reload();
$this->js(null,$js)->execute();
Problem solved with ATK4 :)
Ok, for a cleaner answer, I've put together a sample:
http://codepad.agiletoolkit.org/dragaction.html
Probably example here answers the question better.
In your case, since you are working with models, it should be easier to set this up. For the performance I decided to use 2 Listers, but in theory you can also have each person and task as a view.
I'm storing associations in session (through memorize) in your case you would store them in database.
Your structure seem to be OK. If you use setModel() on it which would have "pointsleft" and "backlog" fields, those would be automatically filled in.
I don't see how setID is defined though, but you could extend setModel, call parent and then execute that too.
Another thing I noticed, is in your template the most top-level div should have id=''. This gives your view unique selector which js() uses by default.
The .post function you are looking for is univ()->ajaxec(). It sends data to the server, receives javascript and executes it, hence the name. It behaves similarly to the form.
$mybutton->js('click')->ajaxec($this->getDestinationURL(null,array('a'=>'b'));
if($_GET['a']){
// update database
$r->getElement('plfat')->js()->reload()->execute();
}
Usually to make your code universal, you can drop this above code inside the view, but instead of 'a' you should better use the name of the object, like this. This eliminates the need for a separate page handling update:
$this->mybutton->js('click')->ajaxec($this->getDestinationURL(null,
array($this->name=>'reload'));
if($_GET[$this->name]){
// update database
$this->js()->reload()->execute();
}
Update
To clarify the sequence of how it's executed:
The page is rendered into HTML sent to your browser.
Along with the page Javascript chains are sent. All of them which define 1st argument to js, such as js(true), js('click'). in my code i have js('click') so it's sent to browser.
User performs the action such as clicking on a button. This triggers ajaxec() function
ajaxec function performs AJAX request to the page with the arguments you specify there.
PHP again is executed, but this time it goes inside if() branch. A js() without argument is created and ->execute() sends javascript to the browser.
browser receives output of the js()...->execute() and evaluates it. In our case it contains reload() for some other element.
atk4_loader widget is used to perform reload of other part of the page it sends AJAX request to server
PHP is executed with cut_object argument. It re-initializes original page, but renders only one object selectively. Output for that object is sent back to the frontend.
PHP also re-generates JS chains like in #2 but only relevant to that object
Frontend's atk4_loader receives the code, replaces HTML of the element and re-evaluates the javascript.
back to #3
It sounds like a lot of actions. In reality that's 2 requests per click and you can eliminate one if you do reload right away. Note that you can also pass arguments to reload() which you can then fetch from "get". I don't fully understand what triggers the action in your original script, perhaps we can find this out in https://chat.stackoverflow.com/rooms/2966/agile-toolkit-atk4 ?
Hello guys i am newbie to this stuff so i'll try to explain my problem.I am building application that retrieve data after login to php script that looks like this:
https://zamger.etf.unsa.ba/getrssid.php
(see the page source for php scirpt definition)
and definition(source) here:
Korisničko ime (UID):
Šifra:
After i login it shows me data that i must collect like this:
RSSID: 1321B312 (this is only data that it shows and nothing else)
I must do this with httpwebrequest but don't know how i tried to do it with POST(data) but it always give me the defnition of php script as response.But i need response to be like "RSSID: 1321B312" not as script definition mentioned above...please heeelp ASAP....
Define a form action to begin. So if the same page, getrssid.php, will be processing the form, use:
<form action="getrssid.php" method="POST">
After that, you must code getrssid.php to accept the incoming data via POST. POST data is stored in the PHP variables $_POST['inputname']. So if you have the input name as "login", the value entered will be stored in $_POST['login']. Same thing applies for the password.
So, here's a sample of what a basic POST data handling script should look like. Note that this script does not verify the login credentials, sanitize the inputs, or anything of the sort. It is just to show you how to handle POST DATA.
<?php
if (isset($_POST['login']) && isset($_POST['pass'])){
// Form is submitted.
echo 'RSSID: 1321B312';
} else {
// Form is not submitted.
// Display Form.
echo 'Form HTML here';
}
?>
If you are really server conscious, you should put the if ... else statement in the opposite order so the most likely outcome (form not submitted) is evaluated first.
Merry Christmas!