Jump to content

smallc28

Members
  • Content Count

    38
  • Joined

  • Last visited

Community Reputation

0 Neutral

About smallc28

  • Rank
    Member

Profile Information

  • Gender
    Male
  1. Well thanks hopefully this help any other noob like me fail at ajax this is just an ajax test actually I'm more of a php developer so I'm testing myself in new areas....I know its sloppy right lol
  2. Yes, I just figure it out I didn't return x is there any way I can close this out ?
  3. I've been following this tutorial on how to use ajax I have to admit I'm new at it. I could use jquery but I hate it. I would like to know if someone can help me figure out why my code is reading Uncaught TypeError: Cannot set property 'onreadystatechange' of undefined. when I fire off the Friend request button or block button. 🤔 <?php error_reporting(E_ALL); ini_set('display_errors', '1'); include_once('includes/check_login_status.php');?> <?php $u = ""; $profile_pic = ""; $profile_pic_btn = ""; $avatar_form = ""; $avatar = ""; $date_added = ""; $joindate = ""; $lastsession = ""; // Make sure the _GET username is set, and sanitize it if(isset($_GET["u"])){ $u = preg_replace('#[^a-z0-9_]#i', '', $_GET['u']); }else { header("location: register.php"); exit(); } $notactive = ""; $sql = "SELECT * FROM register WHERE username='$u' AND activated='1' LIMIT 1"; $user_query = mysqli_query($db_conx, $sql); $numrows = mysqli_num_rows($user_query); if($numrows < 1){ $notactive.= " <br/> <span style='color:red;'>That user does not exist or is not yet activated press back</span> <br/>"; } // Check to see if the viewer is the account owner $isOwner = "no"; if($u == $log_username && $user_ok == true){ $isOwner = "yes"; $profile_pic_btn = '<a href="#" onclick="return false;" onmousedown="toggleElement(\'avatar_form\')">Toggle Avatar Form</a>'; $avatar_form = '<form id="avatar_form" enctype="multipart/form-data" method="post" action="php_parsers/photo_system.php">'; $avatar_form .= '<h4>Change your avatar</h4>'; $avatar_form .= '<input type="file" name="avatar" required>'; $avatar_form .= '<p><input type="submit" value="Upload"></p>'; $avatar_form .= '</form>'; } // Fetch the user row from the query above while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) { $profile_id = $row["id"]; $avatar = $row["avatar"]; $lastlogin = $row["lastlogin"]; $date_added = $row["date_added"]; $joindate = strftime("%b %d, %Y", strtotime($date_added)); $lastsession = strftime("%b %d, %Y", strtotime($lastlogin)); } $profile_pic = '<img src="user/'.$u.'/'.$avatar.'" alt="'.$u.'">'; if($avatar == NULL){ $profile_pic = '<img src="images/765-default-avatar.png" alt="'.$u.'">'; } ?> <?php $isFriend = false; $ownerBlockViewer = false; $viewerBlockOwner = false; if($u != $log_username && $user_ok == true){ $friend_check = "SELECT id FROM friends WHERE user1='$log_username' AND user2='$u' AND accepted='1' OR user1='$u' AND user2='$log_username' AND accepted='1' LIMIT 1"; if(mysqli_num_rows(mysqli_query($db_conx, $friend_check)) > 0){ $isFriend = true; } $block_check1 = "SELECT id FROM blockedusers WHERE blocker='$u' AND blockee='$log_username' LIMIT 1"; if(mysqli_num_rows(mysqli_query($db_conx, $block_check1)) > 0){ $ownerBlockViewer = true; } $block_check2 = "SELECT id FROM blockedusers WHERE blocker='$log_username' AND blockee='$u' LIMIT 1"; if(mysqli_num_rows(mysqli_query($db_conx, $block_check2)) > 0){ $viewerBlockOwner = true; } } ?> <?php $friend_button = '<button disabled>Request As Friend</button>'; $block_button = '<button disabled>Block User</button>'; // LOGIC FOR FRIEND BUTTON if($isFriend == true){ $friend_button = '<button onclick="friendToggle(\'unfriend\',\''.$u.'\',\'friendBtn\')">Unfriend</button>'; } else if($user_ok == true && $u != $log_username && $ownerBlockViewer == false){ $friend_button = '<button onclick="friendToggle(\'friend\',\''.$u.'\',\'friendBtn\')">Request As Friend</button>'; } // LOGIC FOR BLOCK BUTTON if($viewerBlockOwner == true){ $block_button = '<button onclick="blockToggle(\'unblock\',\''.$u.'\',\'blockBtn\')">Unblock User</button>'; } else if($user_ok == true && $u != $log_username){ $block_button = '<button onclick="blockToggle(\'block\',\''.$u.'\',\'blockBtn\')">Block User</button>'; } ?> <?php $friendsHTML = ''; $friends_view_all_link = ''; $sql = "SELECT COUNT(id) FROM friends WHERE user1='$u' AND accepted='1' OR user2='$u' AND accepted='1'"; $query = mysqli_query($db_conx, $sql); $query_count = mysqli_fetch_row($query); $friend_count = $query_count[0]; if($friend_count < 1){ $friendsHTML = $u." has no friends yet"; } else { $max = 18; $all_friends = array(); $sql = "SELECT user1 FROM friends WHERE user2='$u' AND accepted='1' ORDER BY RAND() LIMIT $max"; $query = mysqli_query($db_conx, $sql); while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { array_push($all_friends, $row["user1"]); } $sql = "SELECT user2 FROM friends WHERE user1='$u' AND accepted='1' ORDER BY RAND() LIMIT $max"; $query = mysqli_query($db_conx, $sql); while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { array_push($all_friends, $row["user2"]); } $friendArrayCount = count($all_friends); if($friendArrayCount > $max){ array_splice($all_friends, $max); } if($friend_count > $max){ $friends_view_all_link = '<a href="view_friends.php?u='.$u.'">view all</a>'; } $orLogic = ''; foreach($all_friends as $key => $user){ $orLogic .= "username='$user' OR "; } $orLogic = chop($orLogic, "OR "); $sql = "SELECT username, avatar FROM register WHERE $orLogic"; $query = mysqli_query($db_conx, $sql); while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { $friend_username = $row["username"]; $friend_avatar = $row["avatar"]; if($friend_avatar != ""){ $friend_pic = 'user/'.$friend_username.'/'.$friend_avatar.''; } else { $friend_pic = 'images/765-default-avatar.png'; } $friendsHTML .= '<a href="index.php?u='.$friend_username.'"><img class="friendpics" src="'.$friend_pic.'" alt="'.$friend_username.'" title="'.$friend_username.'"></a>'; } } ?> <?php $coverpic = ""; $sql = "SELECT filename FROM photos WHERE user='$u' ORDER BY RAND() LIMIT 1"; $query = mysqli_query($db_conx, $sql); if(mysqli_num_rows($query) > 0){ $row = mysqli_fetch_row($query); $filename = $row[0]; $coverpic = '<img src="user/'.$u.'/'.$filename.'" alt="pic">'; } ?> <!DOCTYPE html> <html> <head> <script type="application/javascript"> function _(x){ return document.getElementById(x); } function ajaxObj (meth, url){ var x = new XMLHttpRequest(); x.open(meth, url, true); x.setRequestHeader("Content-type", "application/x-www-form-urlendcoded"); } function ajaxReturn(x){ if(x.readyState == 4 && x.status == 200){ return true; } } function friendToggle(type,user,elem){ var conf = confirm("Press OK to confirm the '"+type+"' action for user <?php echo $u; ?>."); if(conf != true){ return false; } _(elem).innerHTML = '<img src="images/bullet-svg-animated.gif" width="50" height="50">'; var ajax = ajaxObj("POST", "php_parsers/friend_system.php"); ajax.onreadystatechange = function(){ if(ajaxReturn(ajax) == true) { if(ajax.responseText.trim() == "friend_request_sent"){ _(elem).innerHTML = 'OK Friend Request Sent'; } else if(ajax.responseText.trim() == "unfriend_ok"){ _(elem).innerHTML = '<button onclick="friendToggle(\'friend\',\'<?php echo $u; ?>\',\'friendBtn\')">Request As Friend</button>'; } else { alert(ajax.responseText.trim()); _(elem).innerHTML = 'Try again later'; } } } ajax.send("type="+type+"&user="+user); } function blockToggle(type,blockee,elem){ var conf = confirm("Press OK to confirm the '"+type+"' action on user <?php echo $u; ?>."); if(conf != true){ return false; } var elem = document.getElementById(elem); elem.innerHTML = '<img src="images/bullet-svg-animated.gif" width="50" height="50">'; var ajax = ajaxObj("POST", "php_parsers/block_system.php"); ajax.onreadystatechange = function() { if(ajaxReturn(ajax) == true) { if(ajax.responseText.trim() == "blocked_ok"){ elem.innerHTML = '<button onclick="blockToggle(\'unblock\',\'<?php echo $u; ?>\',\'blockBtn\')">Unblock User</button>'; } else if(ajax.responseText.trim() == "unblocked_ok"){ elem.innerHTML = '<button onclick="blockToggle(\'block\',\'<?php echo $u; ?>\',\'blockBtn\')">Block User</button>'; } else { alert(ajax.responseText.trim()); elem.innerHTML = 'Try again later'; } } } ajax.send("type="+type+"&blockee="+blockee); } </script> <title><?php echo $u; ?></title> <link rel="stylesheet" type="text/css" href="css/style.css" /> </head> <style type="text/css"> div#profile_pic_box{float:right; border:#999 2px solid; width:200px; height:200px; margin:20px 30px 0px 0px; overflow-y:hidden;} div#profile_pic_box > img{z-index:2000; width:200px;} div#profile_pic_box > a { display: none; position:absolute; margin:140px 0px 0px 120px; z-index:4000; background:#D8F08E; border:#81A332 1px solid; border-radius:3px; padding:5px; font-size:12px; text-decoration:none; color:#60750B; } div#profile_pic_box > form{ display:none; position:absolute; z-index:3000; padding:10px; opacity:.8; background:#F0FEC2; width:180px; height:180px; } div#profile_pic_box:hover a { display: block; } div#photo_showcase{float:right; background:url(css/photo_showcase_bg.jpg) no-repeat; width:136px; height:127px; margin:20px 30px 0px 0px; cursor:pointer;} div#photo_showcase > img{width:74px; height:74px; margin:37px 0px 0px 9px;} img.friendpics{border:#000 1px solid; width:40px; height:40px; margin:2px;} </style> <style type="text/css"> textarea#statustext{width:982px; height:80px; padding:8px; border:#999 1px solid; font-size:16px;} div.status_boxes{padding:12px; line-height:1.5em;} div.status_boxes > div{padding:8px; border:#99C20C 1px solid; background: #F4FDDF;} div.status_boxes > div > b{font-size:12px;} div.status_boxes > button{padding:5px; font-size:12px;} textarea.replytext{width:98%; height:40px; padding:1%; border:#999 1px solid;} div.reply_boxes{padding:12px; border:#999 1px solid; background:#F5F5F5;} div.reply_boxes > div > b{font-size:12px;} </style> <body> <div class="header"> <h2>Home</h2> <?php include_once('dynamic_header.php');?> </div> <div class="content"> <?php if (isset($_SESSION['success'])): ?> <div class="error success"> <h3> <?php echo $_SESSION['success']; unset($_SESSION['success']); ?> </h3> </div> <?php endif ?> <p>Welcome <strong><?php echo $u; ?> </strong></p> <?php echo $notactive ?> <div id="profile_pic_box" ><?php echo $profile_pic_btn; ?><?php echo $avatar_form; ?><?php echo $profile_pic; ?></div> <div id="photo_showcase" onclick="window.location = 'photos.php?u=<?php echo $u; ?>';" title="view <?php echo $u; ?>'s photo galleries"> <?php echo $coverpic; ?> </div> <br> <p>Is the viewer the page owner, logged in and verified? <b><?php echo $isOwner; ?></b></p> <p>Join Date: <?php echo $date_added; ?></p> <p>Last Session: <?php echo $lastsession; ?></p> <br /> <?php $member_list =''; if(isset($_GET["u"])){ $u = preg_replace('#[^a-z]#i','',$_GET['u']); $sql = mysqli_query($db_conx,"SELECT * FROM register"); while($row = mysqli_fetch_array($sql)){ $u = $row['username']; $member_list .=' <a href="user.php?u='.$u.'">'.$u.'</a> '; } } ?> <?php echo $member_list ?> <br /> <br /> <hr /> <p>Friend Button: <span id="friendBtn"><?php echo $friend_button; ?></span> <?php echo $u." has ".$friend_count." friends"; ?> <?php echo $friends_view_all_link; ?></p> <p>Block Button: <span id="blockBtn"><?php echo $block_button; ?></span></p> <hr /> <p><?php echo $friendsHTML; ?></p> <hr /> </div> </body> </html>
  4. Where can I learn more about this I'm good at programming things but not so great at security. This is just practice for me that's why it lack security but Thanks
  5. Hello PHP freak members I learn how to ecrypt my password using the blow fish method but I'm having trouble decypting the password. Is there anyone that can over see the problem that I'm having? Sample ecrypted password > $2y$09$Q5klufp7bj6iuBA3dHpz5.fLN1sLzeGKE7nuXKunLMKKvE.rZtSTW Original password > 1234 <?php error_reporting(E_ALL & ~E_NOTICE); session_start(); if(isset ($_SESSION['id'])){ header('location: profile.php'); } else { if($_POST['submit']){ include "connect_prompt/connect_query.php"; $email = mysqli_real_escape_string($db_conx,$_POST['email']); $password_one = $_POST['password_one']; ///////////////// Blow Fish /////////////////////////////////// function cryptPass($input, $rounds = 9){ $salt = ""; $saltChars = array_merge(range('A','Z'),range('a','z'),range(0,9)); for($i = 0; $i < 22; $i++){ $salt .= $saltChars[array_rand($saltChars)]; } return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt); } $password_one = $_POST['password_one']; $password = $_POST['password']; $hashedPass = cryptPass($password); if(crypt($password_one, $hashedPass) == $hashedPass){ ///////////////// Blow Fish /////////////////////////////////// $sql = "SELECT id, email, password FROM customer WHERE email='$email' AND password='$password_one' LIMIT 1"; $query = mysqli_query ($db_conx, $sql); if($query){ $row = mysqli_fetch_row($query); $userID = $row[0]; $db_email = $row[1]; $db_password = $row[2]; } if($email == $db_email && $password_one == $db_password){ $_SESSION['email'] = $email; $_SESSION['id'] = $userID; header("location: profile.php"); } else { echo "Sorry, Username or Password was incorrect"; } } } } ?> <form action="login.php" method="POST"> <input type="email" name="email" id="email" placeholder=" your@email.com" /> <br/><br/> <input type="password" name="password_one" id="password_one" placeholder=" ********" /> <br/><br/> <input type="submit" name="submit" value="SIGN IN" /> </form>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.