I am creating a apps with sql stuffs and i am using a online database, everything works fine if i input this header("Access-Control-Allow-Origin: *");
But the next few lines i need this header as well header('Content-Type', 'text/plain');
Once i insert that and run my html and to run this particular php file, i will get this error
error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://www.gamestopica.net/andrew/login.php. This can be fixed by moving the resource to the same domain or enabling CORS.
anyone know what i should do to fit those 2 header under the same php file without the cross-origin error?
my php file
<?php
header("Access-Control-Allow-Origin: *");
include_once('db.php');
session_start();
header('Content-Type', 'text/plain');
$username = $_POST['username'];
$password = $_POST['password'];
$verify = 0;
$result = $db->query("SELECT * FROM `userdetails` WHERE `username` = '".$username."'")
or die("fail");
if(mysqli_num_rows($result)>0)
{
$row = mysqli_fetch_array($result);
$passwordDB = $row["Password"];
if($password == $passwordDB)
{
$_SESSION['user'] = $username;
$result2 = json_encode(
array("type"=>"true", "username"=>$_SESSION['user'])
);
echo $result2;
}
else
{
$result2 = json_encode(
array("type"=>"false")
);
echo $result2;
}
}
else
{
$result2 = json_encode(
array("type"=>"nothing")
);
echo $result2;
}
?>
Your call to header() is not valid syntax for that function. Try changing:
header('Content-Type', 'text/plain');
to
header('Content-Type: text/plain');
and see if that fixes your issue.
Related
I'm making a login system. Everything works, but when i use a email (username) in the login that is not in the database it will go to the URL with filename and then just the form data (email and password). I need to set the header with an error so i can say that login was failed. Does anyone see the problem?
<?php
ob_start();
if (isset($_REQUEST['password'])) {
require 'connect.php';
$password = $_REQUEST['password'];
$mail = $_REQUEST['email'];
if (empty($mail) || empty($password)) {
header('location: ../login.php?error=empty');
exit();
} else {
$sql = "SELECT * FROM account WHERE email = ?;";
$stmt = mysqli_stmt_init($connect);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlError");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $mail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$passwordCheck = password_verify($password, $row['wachtwoord']);
if ($passwordCheck == false) {
header("Location: ../login.php?error=passwordWrong");
exit();
} elseif ($passwordCheck == true) {
session_start();
$_SESSION['userId'] = $row['account_id'];
$_SESSION['username'] = $row['gebruikersnaam'];
header("Location: ../index.php?login=succes");
exit();
}
} else {
header("Location login.php?error=noUser");
exit();
}
}
}
} else {
header("Location: ../login.php?error=");
exit();
}
Since your login form is working.
Let me ask you:
Is Your form action using get method or post method?.
Remember when you send a form with GET method to backend eg to a php file, all the form parameters are seen in the url okay.
So You can check this below.
1.) Ensure that your form is using Post method eg method="POST"
2). Why are you using $_REQUEST[..]. in php
its better you used $_POST method for http request coming from form inputs
Something like
if(isset($_POST['submit'])){
require 'connect.php';
$password = $_POST['password'];
$mail = $_POST['email'];
OR
if (isset($_POST['password'])) {
require 'connect.php';
$password = $_POST['password'];
$mail = $_POST['email'];
Note: The variables in $_REQUEST are provided to the script via the GET, POST, and COOKIE input mechanisms and
therefore could be modified by the remote user and cannot be trusted. Therefore proper validation and sanitization should be
done on both front and backend.
see php manual warnings
Finally,
If any of this suggestion does not work for you, you can then upload also all your form fields and I will get it working for you. Thank You
I am using Infusionsoft to send http posts. I need a quick script written that grabs the information from the http post and captures the information. I am using iSDK and code is written however there is nothing coming from http, what am I doing wrong?
<?php
require_once('iSDK/isdk.php');
$appname = "xxxxx";
$apikey ="xxxxxxxxxxxxxxxxx";
set_time_limit(0);
ob_implicit_flush(true);
$app = new iSDK;
$contactId = intval($_GET['contactId']);
if(($appname == NULL) || ($apikey == NULL)){
echo "<b>Error</b> - make sure you fill out all the fields";
exit(0);
}
if(!$app->cfgCon('i', $appname, $apikey))
{
echo "No connected";
exit();
}
$result = $app->runAS($contactId, '123');
print_r($result);
echo "Contact Id:". $contactId;
?>
I have a database in phpmyadmin panel. And I want to see this databases as json format. When I paste my link to http://jsonlint.com/. It says Null. What's wrong with my php script?
<?php
$host = "**";
$user = "**";
$password = "**";
$db = "**";
$sql = "select * from product_info;";
$con = mysqli_connect($host,$user,$password,$db);
$result = mysqli_query($con,$sql);
$response = array();
while($row = mysqli_fetch_array($result)){
array_push($response,array("name"=>$row[0],"email"=>$row[1],"mobile"=>$row[2]));
}
echo json_encode(array("server_response"=>$respose));
mysqli_close($con);
?>
You are missing a letter in the word "response" on the echo line. That's why you are getting NULL.
Replace
echo json_encode(array("server_response"=>$respose));
By this
echo json_encode(array("server_response"=>$response));
Also, you should set the header to application/json
header('Content-Type: application/json');
Final code should be:
header('Content-Type: application/json');
echo json_encode(array("server_response"=>$response));
You have a typo ($respose) in the line
echo json_encode(array("server_response"=>$respose));
which should be
echo json_encode(array("server_response"=>$response));
I'm fairly new to PHP Rest API. I would like to upgrade my knowledge so I need to create an authorisation for my web service. I'd like to ask first if they are authorised to view my web service, if not then they won't see it.
This is what I've done so far:
<?php
include('db.php');
$sql = "SELECT * FROM bb_users";
$stmt = $conn->prepare($sql);
$stmt->execute();
$set = array();
while($r = $stmt->fetchAll(PDO::FETCH_ASSOC)){
$set = $r;
}
// $username='ABC';
// $password='XYZ';
//header("Authorization: Basic " . base64_encode($username . ":" . $password));
header('Content-type: application/json');
header('Access-Control-Allow-Origin: *');
echo json_encode($set);
?>
Any ideas? I would gladly appreciate your help. And if you could provide some tips or links to get started with.
This is a basic implementation of what you are trying to do. Keep in mind that this uses Basic access Authentication and it does not provide any protection against username an password since those are pretty much transmitted over the net.
To build a better more robust API I recommend https://www.apigility.org/ in my opinion it's one of the best, if not the best out there,
As far as the Authentication goes, I recommend OAuth.
FYI: I am assuming your code was correct and did not have any errors, so I just moved it inside the if block. There is a call to check_if_credentials_are_valid_function which is the function you will define and call to make sure the username and password are valid. If credentials are valid it will return the json encoded data and exit, otherwise it will continue to the end of the script and return a 401 status code.
<?php
$headers = apache_request_headers();
if(isset($headers['Authorization'])) {
$authorization = $headers['Authorization'];
if (preg_match('/Basic\s+(.*)$/i', $authorization, $auth)) {
// Split the string, base64 decode it
list($user, $pass) = explode(':', base64_decode($auth[1]));
if (check_if_credentials_are_valid_function($user, $pass)) {
include('db.php');
$sql = "SELECT * FROM bb_users";
$stmt = $conn->prepare($sql);
$stmt->execute();
$set = array();
while($r = $stmt->fetchAll(PDO::FETCH_ASSOC)){
$set = $r;
}
// $username='ABC';
// $password='XYZ';
//header("Authorization: Basic " . base64_encode($username . ":" . $password));
header('Content-type: application/json');
header('Access-Control-Allow-Origin: *');
echo json_encode($set);
exit();
}
}
}
header('HTTP/1.0 401 Unauthorized');
exit();
?>
I'm trying to make an iCalendar file via querying the database, so I don't have to make new iCalendar files with every event created.
<?php
header("Content-type: text/calendar");
$connection = mysqli_connect("localhost", "root", "");
$sql = "SELECT * FROM events WHERE eventID = '{$eventID}'";
$result = mysqli_query($connection, $sql);
$numrows = mysqli_num_rows($result);
// Render iCal file
?>
How to forbid file download if $_GET["eventID"] is not set?
In that case, I want instead of downloading, the visitor to get a blank page for an example.
Stick this at the top:
if (!isset($_GET["eventID"])) {
exit;
}
You should also do something after the SQL query, checking that it has actually returned a result. e.g.
if ($numrows == 0) {
exit;
}
if (!isset($_GET["eventID"])){
echo 'bad';
}else{
// your code here
}
The proper thing to do is the send a 404 Not Found HTTP status code if the URL/entity doesn't exist:
$result = mysqli_query($connection, $sql);
$event = $result->fetch_assoc();
if (!$event) {
header('HTTP/1.0 404 Not Found');
exit;
}
header("Content-type: text/calendar");
echo $event['title'];
..
Here I'm checking whether the event exists in the database. To handle a missing $_GET parameter you could send a 400 Bad Request separately.