I have the $user array that contains data with special characters. It seems like each element of $user that contains special characters can't render properly after they are stored in a session.
Here is my code:
<?php
session_start();
include_once('../application/classes/DataLayer.class.php');
$dl = new DataLayer();
$user = $dl->doLogin($_POST['email_sub'], $_POST['password_sub']);
if(isset($user)) {
foreach($user as $detail_array => $detail){
$fn = html_entity_decode($user['fn']);
$ln = html_entity_decode($user['ln']);
}
var_dump($fn, $ln); // $fn and $ln display well here
$_SESSION['user'] = $user;
$_SESSION['fn'] = $fn;
$_SESSION['ln'] = $ln;
var_dump($_SESSION['fn'], $_SESSION['ln']); // $_SESSION['fn'], $_SESSION['ln'] display well here too
}
else {
//do something here
}
?>
Any help would be appreciated. Sorry for my bad english.
Use the function from this link https://stackoverflow.com/a/8454838/997178 to encode the data for output
Use encode_output_vars function , param $vars is your session data ... return value will be a single element encoded for output or an array with all elements encoded , depending what your parameter is .
Or just use php function htmlentities for your session data before you output it . Here is link http://php.net/manual/en/function.htmlentities.php
Related
We are using CleverReach to redirect people to our website after they have double opt-in their mail account. We redirect the email as a query parameter to our website, like: example.com/thanks?email=foo#bar.com (by setting up a redirect in the CleverReach backend like example.com/thanks?email={EMAIL}). Apparently, the email parameter doesnt get urlencoded by cleverreach.
Now, in Drupal, if the URL is like so: example.com/thanks?email=hello+world#bar.com and using this code:
$request = \Drupal::request();
$email = $request->query->get('email');
$email is hello world#bar.com. Now, I dont know what the correct processing is here. Obviously, I cant tell CleverReach to urlencode their redirects beforehand. I dont even know if that would be best practice or if I need to imlement something...
The only thing I found out is that $_SERVER['QUERY_STRING'] contains the "real" string, which I can urlencode and then redirect, and then, by reading the query params, urldecode them. But I feel like I am missing some crucial inbuilt functionality.
TL;DR
If a website redirects to my website using not urlencoded query params, how do I read them?
My current approach:
<?php
public function redirectIfIllegalUri() {
$request = \Drupal::request();
$email = $request->query->get('email', '');
$needsRedirect = (false !== strpos($email, ' ') || false !== strpos($email, '#'));
if ($needsRedirect && isset($_SERVER['QUERY_STRING']) && false !== strpos($_SERVER['QUERY_STRING'], 'email=')) {
$sqs = $_SERVER['QUERY_STRING'];
$sqs = htmlspecialchars($sqs);
$sqs = filter_var($sqs, FILTER_SANITIZE_STRING);
$sqs = filter_var($sqs, FILTER_SANITIZE_ENCODED);
$sqs = urldecode($sqs);
$sqs = explode('&', $sqs);
foreach ($sqs as $queryParam) {
if (false === strpos($queryParam, 'email=')) continue;
$values = explode('=', $queryParam);
$email = $values[1];
}
$emailEncoded = urlencode($email);
$query = $request->query->all();
$query['email'] = $emailEncoded;
$refreshUrl = Url::fromRoute('<current>');
$refreshUrl->setOptions([
'query' => $query,
]);
$response = new RedirectResponse($refreshUrl->toString(), 301);
$response->send();
return;
}
}
$request = \Drupal::request();
$email = urldecode($request->query->get('email', false));
drupal request() docs
The problem you are facing is that the + will be treated as a space when you get the value from $_GET global variable.
Currently in PHP doesn't exist a method that returns these values without urldecoding and you need to build a custom function to achieve what you are asking:
A simple function will return not encoded input is by using this function:
function get_params() {
$getData = $_SERVER['QUERY_STRING'];
$getParams = explode('&', $getData);
$getParameters = [];
foreach ($getParams as $getParam) {
$parsed = explode('=', $getParam);
$getParameters[$parsed[0]] = $parsed[1];
}
return $getParameters;
}
This solution can be used if you do not have any other option. By using this function you will always get the data encoded.
If you can encode the value from cleverreach then the best approach is to encode it there.
Encoding the value in cleverreach for email hello+world#bar.com will give you this url example.com/thanks?email=hello%2Bworld%40bar.com and in $_GET you will have the email containing the + sign.
been trying to store a value from an XML file however it releases an error.
how can i solve this ?
<?php
session_start();
$success = 0;
session_unset();
$clients= simplexml_load_file('client.xml');
if(isset($_POST['submit'])){
foreach($clients -> client_info as $client){
if($_POST['username'] == $client->username && $_POST['pwd'] == $client->pwd ){
$success = $success + 1;
$_SESSION["id"] = $client['id'];
break;
}
}
}
if (isset($_SESSION["id"])) {
echo $_SESSION["id"];
}
else {
echo "no session";
}
thats the code.
however the problem is that when i go outside for example
<?php
session_start();
echo $_SESSION["id"];
?>
it says undefined id.
any solutions to this problem?
If you need to save a complete element of the simplexml_load_file() result use the asXML() method (formatting the element as XML string). To store the string value of any content element use the __toString() method:
Example:
$_SESSION["id"] = $client['id']->__toString(); //for attributes
If you want to save the text content of a xml tag:
$_SESSION["clientContent"] = $client->__toString(); //text content of client tag
To save an entire xml section as XML string:
$_SESSION["client"] = $client->asXML(); //for elements
and to restore the $client variable:
$client=simplexml_load_string($_SESSION["client"]); //$client as object again
I have a database where word documents are stored in longblob fields. I want to replace tokens like [ID] with some text. Haw can I add this functionality to the following code?
public function template_get()
{
$this->form_validation->set_data($this->input->get());
$this->form_validation->set_rules("id","id","required|integer");
$data=array();
if($this->form_validation->run()==False)
{
$data['status']=false;
$data['error']=validation_errors();
}
else
{
$doc=$this->DocumentTemplateModel->get_single_document($this->input->get('id'));
$file=$doc[0]["documento"];
force_download($doc[0]['Nombre'],$file);
}
echo json_encode($data);
}
You didn't show your force_download function, but since documents are stored in longblob fields in database, I suppose, force_download just creates necessary headers to send the document that is wholly contained in $file variable.
Thus we should only replace token with necessary text inside $file.
// You may pass the token and the text to replace it
public function template_get($token, $text_to_replace_token)
{
$this->form_validation->set_data($this->input->get());
$this->form_validation->set_rules("id", "id", "required|integer");
$data = array();
if($this->form_validation->run() === false)
{
$data['status']=false;
$data['error']=validation_errors();
// Moved here because $data should only be echoed if form validation failed
echo json_encode($data);
}
else
{
$doc = $this->DocumentTemplateModel->get_single_document($this->input->get('id'));
$file = $doc[0]["documento"];
// Replacing token with the given text
$file = str_replace($token, $text_to_replace_token);
force_download($doc[0]['Nombre'], $file);
}
}
How to make an automatic code generator so that I can send it to a mobile using my API then verify it after checking in php codeigniter
My one related controller looks like:
public function print_patientdetails($id,$veri,$phone,$username) {
if($veri == 0){
$verifycode = "12345"; // here I need an automatic code generator function
$result['verifycode'] = "12345";//and here need to keep the code and pass hidden throughout the pages
echo $this->sendverifymsg($phone, $verifycode);
$result['query'] = $this->panel_model->hospitaldetails($sess_id);
$result['query1'] = $this->register_model->view_register($phone, $username);
$this->load->view('innerheader', $result);
$this->load->view('verify', $result);
$this->load->view('footer', $result);
}else{
$sess_id = $this->session->userdata('id');
$result['query'] = $this->panel_model->hospitaldetails($sess_id);
$result['query1'] = $this->register_model->edit_patient($id);
foreach ($result['query1'] as $row)
{
$phone = $row->phone;
$username = $row->userid;
$email = $row->email;
$this->load->view('print_patientdetail', $result);
echo $this->sendregistermsg($phone, $username);
echo $this->mail($email, $phone, $username);
}
}
}
Just use php uniqid() native function like this:
$verifycode = uniqid();
what i understood is you just need something which can generate a random code for you.
if this is purpose you can use rand(0,99999); function which generates random numbers.
Moreover if you need that this random number should not b one from already generated then you can use db to store random numbers, enter it when it generates and at the time of new generating compare it with already stored random numbers.
function deleteThing() {
if($_REQUEST ['entry'] == "") {
exit;
}
$entry = $_REQUEST ['entry'];
$file = 'entries.json';
$json = json_decode(file_get_contents($file));
unset($json[$entry]);
file_put_contents($file, json_encode($json));
}
This code is trying to delete a JSON sub item at the index $entry which is passed as a number. I'm unsure if im using unset properly or not
it seems that you need to try like this:
passing second parameter as true will return array that you have used.
$json = json_decode(file_get_contents($file),true);//assign as array
if(isset($json[$entry])) { //check if it is set
unset($json[$entry]);
}
if you not willing to using second param as true then you will get object.In that case you need to access like this:
$json->{$entry}
I think you are unsetting a variable not set at all.
May be $json is not getting value.
Do this:
$json = json_decode(file_get_contents($file));
if (! empty($json[$entry])) {
unset($json[$entry]);
}