I'm currently trying to make a email verification sender in case an individual didn't receive the email to verify their account. Where my issue comes in is that I have to echo the individuals email into javascript (along with their name and other things). I don't want individuals to open the source code and see that their email is there within javascript, is there a way that I can encrypt this json encode? Here is my script for
Verification.php
<script type="text/javascript">
$(document).ready(function() {
$("#cliq").click(function() {
//get input field values
var ndxr = <?php $to_Email = $_SESSION['SESS_CONTROL_EMAIL']; echo json_encode($to_Email); ?>;
var fvje = <?php $vcode = $_SESSION['SESS_CONTROL_VCODE']; echo json_encode($vcode); ?>;
var name = <?php $name = $_SESSION['SESS_CONTROL_FIRST']; echo json_encode($name); ?>;
var proceed = true;
if(proceed)
{
post_data = {'ndxr':ndxr, 'fvje':fvje, 'name':name};
$.post('verifye.php', post_data, function(response){
if(response.type == 'error')
{
output = '<div class="error">'+response.text+'</div>';
}else{
output = '<div class="success">'+response.text+'</div>';
}
$("#result").hide().html(output).slideDown();
}, 'json');
}
});
});
</script>
And here is the verification page Verifye.php
$name = filter_var($_POST["name"], FILTER_SANITIZE_STRING);
$user_Email = filter_var($_POST["ndxr"], FILTER_SANITIZE_EMAIL);
$vcode = filter_var($_POST["fvje"], FILTER_SANITIZE_STRING);
Any way of preventing the user's email from displaying?
Don't display it at all! If all this data is present in your session, there's no need to pass it to the user in the first place — the script that you're POSTing to from AJAX can pull that data out of the session itself.
the way I would do this is by using base64_encode function and the base64_decode function on the other end.
Related
I have two pages first page has a form which accepts information like name,mobile-no etc and an image from user.
I want to access the image using jquery and send it other page using $.post() method there i want to access the image and insert it into database
First File
<script>
$(function(){
$("#add_staff").click(function(){
event.preventDefault();
var regex_mobile=/^\d{10}$/;
var regex_email = /^([a-zA-Z0-9_\.\-\+])+\#(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
var insti=$("#inst_id").val();
var name=$("#Staff_name").val();
var pwd=$("#Staff_pwd").val();
var add=$("#staff_address").val();
var dob=$("#Staff_dob").val();
var mail=$("#Staff_mail").val();
var role=$("#Staff_role").val();
var mobile=$("#Staff_mobile").val();
var img = $('#image').prop('files')[0];
if(name=="" || pwd=="" || add=="" || dob=="" || mail=="" || role=="" || mobile=="")
{
alert("All fields are compulsory");
}
else{
if(!regex_mobile.test(mobile)) {
alert("Mobile Number invalid");
}
else if(!regex_email.test(mail)){
alert("Email Invalid");
}
else{
$.post("add_faculty2.php",
{
insti: insti,
name:name,
pwd:pwd,
add:add,
dob:dob,
mail:mail,
role:role,
mobile:mobile,
img:img
},
function(data,status){
$("#msg").text(data);
alert(data);
alert(status);
});
}
});
});
</script>
In the above file all the information is accepted from the user and in the jquery i have tried to access all the information and image then i am trying to send the data to other page using $.post() method.
Second File
<?php
$insti =$_POST['insti'];
$name =$_POST['name'];
$pwd =$_POST['pwd'];
$add =$_POST['add'];
$dob =$_POST['dob'];
$mail =$_POST['mail'];
$role =$_POST['role'];
$mobile =$_POST['mobile'];
$img =$_POST['img'];
$today = date("Y-m-d H:i:s");
include_once 'conf.php';
$q="insert into tbl_staff_details(inst_id,name,pwd,email,phone,photo,address,dob,role,created_date) values('".$insti."','".$name."','".$pwd."','".$mail."','".$mobile."','".$img."','".$add."','".$dob."','".$role."','".$today."')";
echo $q;
$r=mysqli_query($con,$q);
if($r)
{
echo "Success";
}
else
{
echo "Fail";
}
?>
In the above file i am accessing all the information using $_POST[] sent by the $.post() method in the first file then i am trying to insert all the data in the database
Problem is that the data is not inserted in the database
But when i omit the image all the other data is inserted in the database
Ok first you need to use FormData() in your javascript
example
// formdata
var formdata = FormData();
var insti=$("#inst_id").val();
var name=$("#Staff_name").val();
var pwd=$("#Staff_pwd").val();
var add=$("#staff_address").val();
var dob=$("#Staff_dob").val();
var mail=$("#Staff_mail").val();
var role=$("#Staff_role").val();
var mobile=$("#Staff_mobile").val();
var img = $('#image').prop('files')[0];
formdata.append('upload[insti]', insti);
formdata.append('upload[name]', name);
formdata.append('upload[pwd]', pwd);
formdata.append('upload[add]', add);
formdata.append('upload[dob]', dob);
formdata.append('upload[mail]', mail);
formdata.append('upload[role]', role);
formdata.append('upload[mobile]', mobile);
formdata.append('upload[img]', img);
// now send
$.post("add_faculty2.php", formdata,
function(data,status){
$("#msg").text(data);
alert(data);
alert(status);
}
);
And in your php script you can access the image by calling
$img = $_FILES['upload']['img']['name'];
$img_tmp = $_FILES['upload']['img']['tmp_name'];
others
$insti = $_POST['upload']['insti'];
$name = $_POST['upload']['name'];
$pwd = $_POST['upload']['pwd'];
$add = $_POST['upload']['add'];
$dob = $_POST['upload']['dob'];
$mail = $_POST['upload']['mail'];
$role = $_POST['upload']['role'];
$mobile = $_POST['upload']['mobile'];
$today = date("Y-m-d H:i:s");
// you can see the image printed here..
var_export($img);
Hope this helps.
I am creating a form for users to change their passwords and to do this I get their username from the url and $_GET the data.
For example:
Website.com/passwordreset.php?username=moonman&key=d77e39f7f6ea2410bfbb59e7f96320ea81eed443fa31d9d327c37635ce28c9a2
// PHP //
$key = $_GET['key'];
$username = $_GET['username'];
if(isset($_POST["password"])){
echo $key;
echo $username;
echo $_GET['key'];
echo $_GET['username'];
echo "Test";
}
//Ajax//
function passwordchange(){
var password1 = _("password1").value;
var ajax = ajaxObj("POST", "passwordreset.php");
ajax.onreadystatechange = function(){
ajax.send("password="+password1);
}
However the previous data seems to be unreadable when users try to send their new data through AJAX.
The output will be "Test" and nothing else.
Keep in mind that AJAX data can be sent perfectly and I tried working through with this by using sessions but failed.
var ajax = ajaxObj("POST", "<?= $_SERVER['REQUEST_URI'] ?>");
Problem was that i didn't take in the url which had the $_GET data.
Thank you to Alejandro Iván for helping me solve this problem.
So I submit my form with Ajax like so
$("#submitform").click(function(e){
e.preventDefault();
var form_data = $("#contactfrm").serialize();
$.ajax({
type: "POST",
url: "/ltlcreation-new/wordpress/wp-content/themes/LTLCreation/includes/form-handler.php",
data: form_data,
error: function(){
alert("failed");
},
success: function(json_data){
console.log(json_data);
alert("success");
},
})
});
In my form-handler.php i catch the from errors
<?php
if(isset($_POST['submit'])) {
//include validation class
include 'validate.class.php';
//assign post data to variables
$name = #($_POST['name']);
$email = #($_POST['email']);
$message = #($_POST['message']);
$phone = #($_POST["phone"]);
//echo $name, $email, $message, $phone;
//start validating our form
$v = new validate();
$v->validateStr($name, "name", 3, 75);
$v->validateEmail($email, "email");
$v->validateStr($message, "message", 5, 1000);
$v->validateStr($phone, "phone", 11, 13);
if(!$v->hasErrors()) {
$to = "lukelangfield001#googlemail.com";
$subject = "Website contact form ";
$mailbody = $message . "\n" . "from " . $name . "\n" . $phone;
$headers = "From: $email";
mail($to, $subject, $mailbody, $headers);
echo "success";
} else {
//set the number of errors message
$message_text = $v->errorNumMessage();
//store the errors list in a variable
$errors = $v->displayErrors();
//get the individual error messages
//$nameErr = $v->getError("name");
//$emailErr = $v->getError("email");
//$messageErr = $v->getError("message");
//$phoneErr = $v->getError("phone");
echo $message_text; echo $errors;
$output = array($message_text);
echo json_encode($output);
}//end error check
}// end isset
These errors usually look like something like this
There were 4 errors sending your message!
Name must be at least 3 characters long.
Please enter an Email Address.
Message must be at least 5 characters long.
Phone must be at least 11 characters long.
["There were 4 errors sending your message!\n"]
I've tried to jSon encode the output and the in the success in ajax pull the json data out, however it just keeps returning an empty string like so
(an empty string)
My question is can you send data back from PHP to Ajax, if so I am doing this completely wrong?
You can output anything other than the json string so echo "success"; would make t. Use your debuggers Network response output tab to see that this is properly encoded.
Also don't use
$name = #($_POST['name']);
use instead
$name = isset($_POST['name']) ? $_POST['name'] : '';
If you still have a blank page make sure you have display errors set.
error_reporting(E_ALL);
ini_set('display_errors', 1);
I am an idiot I still had this in my PHP file which means the form wasn't firing or returning a response, silly me, glad i finally figured it out though
if(isset($_POST['submit'])) {
Thanks for the help guys
Here is an example of an Ajax contact form you can use:
Ajax.js
$(document).ready(function(){
$("#btn").click(function(){
var username=$("#name").val();
var email=$("#email").val();
var dis=$("#dis").val();
var process=true;
if(username=="")
process=false;
if(email=="")
process=false;
if(dis=="")
process=false;
if(process){
var dataString="name="+username + "&email="+email+ "&message="+dis;
$("#res").html('<span>Sending...</span><img src="a.gif">');
$.ajax({
url:"b.php",
type:"POST",
data:dataString,
success:function(data){
document.getElementById("name").value='';
document.getElementById("email").value='';
document.getElementById("dis").value='';
$("#res").html(data);
}
});
}else{
alert("fill all fields");
}
});
});
and b.php
<?php
mysql_connect("localhost","root","");
mysql_select_db("ajax") || die("erro");
if(isset($_POST['name'])){
mysql_real_escape_string(htmlentities($name=$_POST['name']));
mysql_real_escape_string(htmlentities($email=$_POST['email']));
mysql_real_escape_string(htmlentities($message=$_POST['message']));
if(!empty($name) && !empty($email) && !empty($message)){
if(mysql_query("INSERT INTO `users` (name,email,message) VALUES('$name','$email','$message') ")){
echo 'The massage has been send';
}else{
echo mysql_error();
}
}
}
?>
enjoy that....
You have the following:
success: function(json_data){
While json_data is simply nothing. It should be
success: function(data){
im using the below code in jquery, but my page itself reloading, i dont know where i have made a mistake.
var newstr = $.trim($('#umail').val());
newstr holds the email address
$.post("coding/unsub.php",{email:newstr},function(result){
$("#d_result").html(result);
});
i have
<span id="d_result"></span>
to show the result
my php code is
<?php
include ("../includes/dbcon_.php");
$unsub_sql = mysql_query("Delete FROM TblNewsLetter WHERE Email = '$_GET[email]'");
if (!$unsub_sql)
{
$ds_result = "<p style='font-size:200%;color:red;'>Some Error Occurred! Try Later.</p>";
}
else
{
$ds_result = "<p style='font-size:200%;color:green;'>Successfully Unsubscribed</p>";
}
mysql_close($con);
echo $ds_result;
?>
You said in a comment that you do the Ajax call from a form submit handler. You need to prevent the default submit behaviour, either by using the event object's .preventDefault() method or by returning false from the handler:
$("#yourFormSelectorHere").submit(function(e) {
var newstr = $.trim($('#umail').val());
$.post("coding/unsub.php",{email:newstr},function(result){
$("#d_result").html(result);
});
e.preventDefault();
// and/or
return false;
});
In your sql query
$mail = $_GET['email'];
$query = "DELETE FROM TblNewsLetter WHERE Email = $mail";
$_GET should be changed to $_POST
use like this
$unsub_sql = mysql_query("Delete FROM TblNewsLetter WHERE Email = '".$_POST['email']."'");
i am sending some value to a php file like this:
$.post('php/xxx.php', { username: userName } );
and the php file echo'es out a var $test
how can i get it back into the js?
i was thinking to use this:
var get_back = $.get('php/xxx.php', ... );
but i am not sure how...
thanks
edit:
here is my php file:
include("connect.php");
$get_username = $_POST['username'];
$username = '';
$username = mysql_real_escape_string($get_username);
echo $get_username;
$result = mysql_fetch_assoc(mysql_query("SELECT username FROM database WHERE username='$username' LIMIT 1"));
if($result !== FALSE) {
echo $username;
}
i want to get back this echo $username; value
The various ajax functions in jQuery (ajax, post, get) accept callback functions where you can handle the returned data:
//define username outside so that
//it's available outside of the scope
//of the callback function
var username;
$.post('php/xxx.php',
{ username: userName },
function(data){
//per the comment below,
//assuming data will simply
//be the username
username = data;
});