Strider64

Another nice 3rd Party email is Swiftmailer Swiftmailer I personally found it easier to setup though PHPMailer is just a good.

Well, when the user first visit a website the token is generated and stored in sessions then when he/she submits his information in a form the token is sent along with the info. That way it has to be her/him that enter the data from that browser and the only way it can theoretically happen to be another user would be that user would have to use the same browser on that computer. For more info check out -> https://owasp.org/www-community/attacks/csrf

You're still trying to paddle upstream without a paddle. My suggestion would to be look at a CURRENT tutorial on adding, updating, and deleting data to a database table. I would also suggest PDO instead of mysqli as I feel it's more robust, but that is a personal preference. I like this PDO tutorial as they do a nice job explaining how PDO works : https://phpdelusions.net/pdo

I probably should had explain better. I would just take a range of dates (for example of week in an array) and loop through the dates. Unless it's important to save the data (which I personally don't there would be) then just store that data in another database table.

If I was tackling the problem I would do something like this: $stmt = static::pdo()->prepare("SELECT count(user_id) FROM users WHERE joined_date = ?"); $stmt->execute(['joined_date']); $result = $stmt->fetchColumn(); return $result; then I would either cycle through the database table with some kind of loop or set up a daily maintenance routine where I store the results. Of course you can do averages or what have you as it's just simple math in either case. The first option is what I would do as I wouldn't have to go about storing and setting up additional stuff.

I find sending NON-HTML emails have a better chance of getting through spam filters than HTML emails. Sure they don't look as flashy, but it's the content that matters. 😉

I personally would make the flow a little easier to follow: here's my example: /* * Database Connection * I would have the PDO database connection in a separate file (Something like inc.pdoConnect.php) * and then call it something like require_once "includes/inc.pdoConnect.php"; */ $db_options = [ /* important! use actual prepared statements (default: emulate prepared statements) */ PDO::ATTR_EMULATE_PREPARES => false /* throw exceptions on errors (default: stay silent) */ , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION /* fetch associative arrays (default: mixed arrays) */ , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]; $pdo = new PDO('mysql:host=' . DATABASE_HOST . ';dbname=' . DATABASE_NAME . ';charset=utf8', DATABASE_USERNAME, DATABASE_PASSWORD, $db_options); /* End of Connection String */ /* I would personally only be pulling out table column names instead of the wildcard * */ $query = "SELECT * FROM convoy_part WHERE us_convoy=:get_id"; $stmt = $pdo->prepare($query); $stmt->execute([':get_id' => $_GET['id']); // I personally would have something like uniform :convoy_id / $_GET['convoy_id] $result = $stmt->fetchALL(PDO::FETCH_ASSOC); echo "<pre>" . print_r($result, 1) . "</pre>"; // Great way to debug and see what is going on: /* I personally like using the fetch statement over the while statement */ foreach ($result as $results) { $convoy_name = $results['convoy_name']; $convoy_veranstalter = $results['convoy_veranstalter']; $convoy_server = $results['convoy_server']; $convoy_date = $results['convoy_date']; $convoy_adddate = $results['convoy_adddate']; $convoy_language = $results['convoy_language']; $convoy_participants = $results['convoy_participants']; } Make sure you have error reporting turned on ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); It will help you debug your code easier.

Make sure you have error reporting on - ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); If that isn't working then your local server isn't set up right. To test if you local server is working properly create a php info file. <?php // Show all information, defaults to INFO_ALL phpinfo();

I use SwiftMailer, but I don't bother to send the email and going through all the hassle of sending the email until I verify the user with Google's recaptcha. /* The Following to get response back from Google recaptcha */ $url = "https://www.google.com/recaptcha/api/siteverify"; $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL); $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer); $recaptcha_data = json_decode($response); /* The actual check of the recaptcha */ if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) { $success = "Mail was sent!"; $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $send = new Email($data); } else { $success = "You're not a human!"; // Not of a production server: }

Personally I would just populate the table and if you want people to edit the comments use a HTML anchor tag: You can then either redirect the edit to another HTML page and/or use some form of Javascript/Ajax on the anchor tag. That's what I did with my small blog that I wrote for my website: <?php foreach ($journal as $cms) { ?> <div class="article"> <h2><?= $cms->heading; ?> <span class="subheading">by <?= $cms->author ?> on <?= $cms->date_added ?></span></h2> <a class="myLightBox" href="<?= $cms->image_path; ?>" title="Picture Gallery" data-picture="<?= $counter ?>" data-exif="<?php if (!is_null($cms->Model)) { echo $cms->Model . " --- " . $cms->FocalLength . " --- " . $cms->Aperture . " --- " . $cms->ISO . " --- " . $cms->ExposureTime; } ?>"><img class="editPic" src="<?= $cms->thumb_path; ?>" alt="Picture for Journal Entry"></a> <hr> <p><?php echo nl2br($cms->content); ?></p> <a class="btn3" href="edit.php?article_id=><?= $cms->id; ?>">Edit</a> <a class="btn3" href="delete_entry.php?id=<?= $cms->id; ?>" data-confirm="Do you really want to delete this item?">Delete</a> <hr> </div> <?php $counter += 1; } ?> I just find it cleaner and easier to understand.

I personally switched back to vanilla javascript as it really isn't all that much harder to write and it doesn't use a library. Nothing wrong in with jQuery, but I was always wondering about the javascript equivalent when it came to certain coding. Now I don't have to wonder. I do say people who are just learning javascript should learn vanilla javascript before tackling jQuery as it will make life much simpler if you ever need just to use vanilla javascript. That was my problem as I really didn't learn vanilla js before I tackled jQuery.

A person a long time ago help me out on the php portion and I am going to repay it back now. <?php /* Makes it so we don't have to decode the json coming from javascript */ header('Content-type: application/json'); /* Grab decoded incomming data from Ajax */ $incomming = $_POST['data']; $data['outgoing'] = 'stop'; if ( $incomming === 'proceed') { $data['outgoing'] = "send"; } if ( $data['outgoing'] === 'send') { output($data); } else { errorOutput('error'); } /* Something went wrong, send error back to Ajax / Javascript */ function errorOutput($output, $code = 500) { http_response_code($code); echo json_encode($output); } /* * If everything validates OK then send success message to Ajax / JavaScript */ function output($output) { http_response_code(200); echo json_encode($output); }

The first place I would go to is this website https://caniuse.com/

Another way of doing is using Javascript and PHP that way it doesn't matter what the user does on the website as the timer will still keep on chiming away. Here's the javascript: const getTimeRemaining = (endtime) => { var t = Date.parse(endtime) - Date.parse(new Date()); var seconds = Math.floor((t / 1000) % 60); var minutes = Math.floor((t / 1000 / 60) % 60); var hours = Math.floor((t / (1000 * 60 * 60)) % 24); var days = Math.floor(t / (1000 * 60 * 60 * 24)); return { 'total': t, 'days': days, 'hours': hours, 'minutes': minutes, 'seconds': seconds }; }; const myClock = (id, endtime) => { var clock = document.getElementById('game' + id); var daysSpan = clock.querySelector('.day' + id); var hoursSpan = clock.querySelector('.hour' + id); var minutesSpan = clock.querySelector('.minute' + id); var secondsSpan = clock.querySelector('.second' + id); function updateClock() { var t = getTimeRemaining(endtime); daysSpan.textContent = t.days; hoursSpan.textContent = ('0' + t.hours).slice(-2); minutesSpan.textContent = ('0' + t.minutes).slice(-2); secondsSpan.textContent = ('0' + t.seconds).slice(-2); if (t.total <= 0) { clearInterval(timeinterval); } } updateClock(); var timeinterval = setInterval(updateClock, 1000); }; function ajaxRoutine() { var grabDate = "myDate=endDate"; var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { //console.log('readyState: ' + xhr.readyState, 'xhr.status: ' + xhr.status); if (xhr.readyState === 2) { //console.log(xhr.status); if (xhr.status === 410) { gameover(); } } if (xhr.readyState === 4 && xhr.status === 200) { var data = JSON.parse(xhr.responseText); console.log('data', data); console.log('data.home', data.home); var opening_day_home = new Date(Date.parse(data.home)); var team = data.home_opponent + " -vs- " + data.team; document.getElementById("countdown_team").textContent = team; document.getElementById("opening").textContent = data.home_display; team = data.team + " -vs- " + data.away_opponent; document.getElementById("countdown_team2").textContent = team; document.getElementById("opening2").textContent = data.away_display; myClock(1, opening_day_home); var opening_day_away = new Date(Date.parse(data.away)); myClock(2, opening_day_away); } }; // End of Ready State: xhr.open('POST', 'countdown_date.php', true); xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.send(grabDate); } ajaxRoutine(); the php <?php /* Makes it so we don't have to decode the json coming from javascript */ header('Content-type: application/json'); $endDate = filter_input(INPUT_POST, 'myDate'); if ($endDate === 'endDate') { $data['team'] = "Tigers"; $home = new DateTime('2020-03-30 13:10:00', new DateTimeZone("America/Detroit")); $data['home'] = $home->format("Y/m/d H:i:s"); $data['home_display'] = $home->format("l - F j, Y"); $data['home_opponent'] = "Royals"; $away = new DateTime('2020-03-26 13:10:00', new DateTimeZone("America/Detroit")); $data['away'] = $away->format("Y/m/d H:i:s"); $data['away_display'] = $away->format("l - F j, Y"); $data['away_opponent'] = "Indians"; output($data); } function errorOutput($output, $code = 500) { http_response_code($code); echo json_encode($output); } /* * If everything validates OK then send success message to Ajax / JavaScript */ function output($output) { http_response_code(200); echo json_encode($output); } and the HTML <div id="countdownContainer"> <div class="teams"> <h1 id="countdown_team2"></h1> <h2 id="opening2"></h2> </div> <div id="game2"> <figure class="box"> <div class="day2"></div> <figcaption>Days</figcaption> </figure> <figure class="box"> <div class="hour2"></div> <figcaption>Hours</figcaption> </figure> <figure class="box"> <div class="minute2"></div> <figcaption>Minutes</figcaption> </figure> <figure class="box"> <div class="second2"></div> <figcaption>Seconds</figcaption> </figure> </div> <div class="teams"> <h1 id="countdown_team"></h1> <h2 id="opening"></h2> </div> <div id="game1"> <figure class="box"> <div class="day1"></div> <figcaption>Days</figcaption> </figure> <figure class="box"> <div class="hour1"></div> <figcaption>Hours</figcaption> </figure> <figure class="box"> <div class="minute1"></div> <figcaption>Minutes</figcaption> </figure> <figure class="box"> <div class="second1"></div> <figcaption>Seconds</figcaption> </figure> </div> </div> The nice thing about this is it is written in vanilla javascript no jQuery needed. The code isn't the tightest as I just put it up for the current baseball season. Go Tigers!

Google gives a good example on how to setup ReCaptcha V2 and even you gives an option where you can test it on a local server. Here is the link -> https://developers.google.com/recaptcha/docs/display There are even tutorials on how to setup up that might help you the ReCaptcha backup and running -> Here's just one link of many https://www.kaplankomputing.com/blog/tutorials/recaptcha-php-demo-tutorial/ Here's my code that I think is broken done pretty good (I think?) -> /* The Following to get response back from Google recaptcha */ $url = "https://www.google.com/recaptcha/api/siteverify"; $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL); $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer); $recaptcha_data = json_decode($response); /* The actual check of the recaptcha */ if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) { $success = "Mail was sent!"; $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $send = new Email($data); } else { $success = "You're not a human!"; // Not on a production server: }

Another good 3rd party mailer is Swiftmailer and I found it easy to setup.

I usually do a mockup of my HTML/CSS before implementing PHP that way if I run into problems I know the likely culprit is my PHP code. Heres a small CMS that I did for my website: <div id="gallery" class="picture-box" data-total="<?php echo count($journal); ?>" data-current="" > <?php $counter = 1; foreach ($journal as $records) { $cms = (object) $records; echo '<article class="cms" id="page' . $counter . '">' . "\n"; echo '<h2>' . $cms->heading . '<span class="subheading">by ' . $cms->author . ' on ' . $cms->date_added . '</span></h2>' . "\n"; echo '<a class="myLightBox" id="image' . $counter . '" href="' . $cms->image_path . '" title="Picture Gallery" data-picture="' . $counter . '" data-exif="' . (($cms->Model) ? $cms->Model . ' --- ' . $cms->FocalLength . ' ' . $cms->Aperture . ' ' . $cms->ISO . ' ' . $cms->ExposureTime : null) . '">' . '<img class="blogBox" src="' . $cms->thumb_path . '" alt="Picture for Journal Entry">' . "</a>\n"; echo "<hr>\n"; echo '<p>' . nl2br($cms->content) . "</p>\n"; echo '</article>' . "\n"; $counter += 1; } ?> </div> And you can see the results on my website link: I find it it much simpler and less frustrating to do it this way. BTW that is basically what is said in the other responses.

I personally do the following and call it a day: define("APP_ROOT", dirname(dirname(__FILE__))); define("PRIVATE_PATH", APP_ROOT . "/private"); define("PUBLIC_PATH", APP_ROOT . "/public"); require_once PRIVATE_PATH . "/vendor/autoload.php"; require_once PRIVATE_PATH . "/security/security.php"; require_once PRIVATE_PATH . "/config/config.php";

I personally find it easier to store the path and the filename in the database table, for example - assets/large/img-photos-1554932472.jpg. Then I simply do <img src="<?php echo $image ?>" width="478" height="1034" alt="">

Well I would check the captcha first then process the email. Here's my little script that does that -> /* The Following to get response back from Google recaptcha */ $url = "https://www.google.com/recaptcha/api/siteverify"; $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL); $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer); $recaptcha_data = json_decode($response); /* The actual check of the recaptcha */ if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) { $success = "Mail was sent!"; $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $send = new Email($data); } else { $success = "You're not a human!"; // Not of a production server: } The $send = new Email($data) is my email process, if your form was working before then just do something like that.

Wouldn't you be better off using a 'switch' statement? switch ($a) { case "one": $variable = 'poor'; break; case "two": $variable = 'good'; break; case "three": $variable = 'very good'; break; case "four": $variable = 'excellent'; break; default: $variable = 'invalid response'; } To me it would be easier to make sense of the logic and to modify.

Well, if you are GETTING then you can just easily SET the data. If you set the data then you can easily save the data. Doing it this way class userModel{ private name; private email; /*lots more properties for user */ public function getName(){ return $this->name; } public function getEmail(){ return $this->email; } } would be more secure in my opinion.

A side note, most people get annoyed entering (or choosing) more than 8-10 fields on one page, so if the form is huge with a lot of input fields it is best to split the form and have it on multiple web pages. So that might give you an idea if you should separate the code in a separate file?

It's still a work-in-progress but I'm developing a registration and login tutorial and you can find it here: https://github.com/Strider64/php-registration-tutorial The registration portion works (though I want to rework it a little) and I need to do the login portion of the tutorial. All the files can be found there.

You really should have error reporting turned on and an IDE that will flag syntax errors (it'll make life much easier). I would also separate the query from the prepare. Here's an example of mine -> $query = 'INSERT INTO trivia_questions (question, answer1, answer2, answer3, answer4, correct, category, play_date) VALUES (:question, :answer1, :answer2, :answer3, :answer4, :correct, :category, NOW())'; $stmt = $pdo->prepare($query); That way you can easily debug the script. Everyone who writes code gets syntax errors which are easily fixable and the less time you spend on them the more you can concentrate on the baddies (logic errors).