ajoo

Hi Guru Jacques, The errors / violations that I mentioned in my message #10. They are the same as reported in the errors file. The violations occur because of some in-line resource and I am not sure which resource this is referring to so that I may rectify it. If I knew which bit of code is causing this issue I could change it. The errors violations seem to point to jquery.min.js:19, api.js:1 and flogin.php:82. I have also changed my header to include all the resources on self :- header("Content-Security-Policy-Report-Only: default-src 'self' https://www.google.com/ https://ajax.googleapis.com/ http://localhost/xampp/franchisee/; report-uri http://localhost/xampp/franchisee/reports/reportcspviolation.php"); Please advise. Thanks.

Hi Guru Jacques, Sir thank you for that correction. I have changed it but the errors remain. The csp is also generating the errors file in the specified folder. I do see one problem though and that is that I am using http instead of https. Could that be the reason for the errors? I am not sure but I think it's something else. Please find attached the errors file generated. Please advise best. Thanks, csp.zip

Hi Guru Jacques, The following seems to work. Hopefully there is no syntax error in this now. header("Content-Security-Policy-Report-Only : default-src 'self' https://www.google.com/ https://ajax.googleapis.com/; report-uri http://localhost/xampp/test/reportcspviolation.php"); I get four errors of which I have listed 2 below. The other two involve I still do not get the report any report. I'll be grateful if you show me how to have this generate a report and the way I should design the header for that. Anything else related as well. Thank you.

Hi ! Thanks kicken, I have set the headers with the header command as suggested by Guru Jacques as follows : header("Content-Security-Policy-Report-Only content=default-src 'none' https://www.google.com https://ajax.googleapis.com"); and this should, I think, give errors if the application is accessing resources from 'self' but it get no error. Also there is inline js in some of my pages but even that is not triggering any errors. Any ideas why this might be happening? Thanks !

Hi Guru Jacques, How to make the web server add the header ? Is it to be added in the httpd.conf file. If so, exactly where. Or can it be added anywhere ? (I have used the header function successfully to remove the the error I was getting). Thanks.

Hi Guru Jacques !! Thanks for the reply. In the particular case above I realized that I just needed to put the js snippet in its own js file and call it. I have tried it and it works but I am sure there will be quite a few examples where I'll need to make changes as advised by you. So after making the above change I have tried to implemented a trial CS policy by adding the following in the header: <meta http-equiv="Content-Security-Policy-Report-Only" content="default-src 'self' https://www.google.com/recaptcha/api.js" /> But this seems to be a wrong way of doing it since I get the error:- Please help. Thanks.

Hi, Please read CSV as CSP or content security policy. Sorry for that mistake. Thanks.

Hi all ! i have been trying to implement the CSV policy in my files. I have a bit of code that I am not sure how I can change it to suit the policy. Here's the code snippet : if(isset($_SESSION['msg'])) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } As can be seen the script is loaded conditionally here. So how can I remove javascript embedded from this code so that this may be compatible with the CSV policy. NOTE: the javascript functions are in a separate js file loaded in the header. Thanks all !

Hi all, Please ignore this question. I have it sorted. It was a simple parse error. Thanks all,

Hi all, I am sorry if I am posting this in the wrong place. If so, kindly transfer it to the appropriate section. I was using code that used recaptcha and that worked perfectly well. Now it has stopped working. The recaptcha dialog box simply does not display. Does anyone have any clue what could be going on? Has someone else also faced this similar problem recently Thanks all.

Hi Kicken ! I think this should do the trick. I'll try it out and revert. Thanks you.

Hi Kicken, Thanks for the reply and another idea. In the application code, the staff_id comes from POST. The if statement is more like if(isset(staff_id) && $staff_id>0) // since no staff has a 0 id or NULL for that matter So in case the staff_id is not set is it equal to NULL? I wonder. It would be more like undefined and NULL i think. Please correct me if I am wrong but I think that would / could lead to ambiguous results if I implement your example. Thanks again.

Thanks Guru Jacques ! Then I'll stick to the longer version too.

Hi mac_gyver, Thanks for your reply. Yes you interpreted my question right. The code example is arbitrary and the idea is to reduce the code size. So yes that's it. I am using procedural code without classes and I am using mysqli. So is there any way to achieve this for me ? Requinix has suggested one and while it's short I am not sure if it's safe. Thanks !

Hi requinix, Thanks for the reply and this method. Without the staff_id, it will print out all the records in the table. Another thing, is this method security safe ? Thanks loads !

Hi all, Is there a better, shorter, sweeter way to pull out the data from the two similar set of queries below? $staff_id = '34'; if($staff > 0) { $query = "SELECT fname, lname, city, email, cell FROM staff"; $stmt = $con->prepare($query); $stmt->execute(); $stmt->bind_result($fname, $lname, $city, $email, $cell); $stmt->store_result(); $stmt->close(); } else { $query = "SELECT fname, lname, city, email, cell FROM staff WHERE staff_id=?"; $stmt = $con->prepare($query); $stmt->bind_param('i',$staff_id); $stmt->execute(); $stmt->bind_result($fname, $lname, $city, $email, $cell); $stmt->store_result(); $stmt->close(); } Thanks !

Hi Guru Barand, I hope that in my last reply I have cleared all the mysteries that benanamen was referring to. If there is still something that you would like to ask about I'll be happy to answer the best I can. Thanks.

Hi Guru Jacques, Guru Barand & Benanamen, @Guru Jacques ! To repeat what Guru Barand said, I am also very glad that you dropped by this thread. I tried to explain as much as I could, the rules and everything, with diagrams that I made, but I am pained if by "Ajoo isn't making it very clear", Guru Barand is implying that I was doing that on purpose. I tried my best to provide all the information. Glad that you could explain it to here like only you could have. @ Benanamen :- The tying up takes place in the tables Admins, Masters and Franchisee when the permissions have been all granted in the recruitment tables. Those are not there in the SQL dump. I thought that was amply obvious because of the simplicity of the table. I was wrong. You could have asked again. The +ve and -ve values are a system of weights to determine if all permissions have been provided. The -ve values are used to deactivate or revoke permissions. @ Jacques SIr if you can elaborate on this I will be grateful. Thanks again Guru Jacques, Guru Barand and Benanamen.

Hi Benanamen ! Thanks for your inputs, suggestions and effort. No sweat ! We'll pick it up some other time. Thank you.

Hi Benanamen, Yes each recruits directly the ones below it. So the Boss does not recruit the franchisee. In case the recruits do does not get all their permissions, their ID is not inserted into their individual tables. ( Check the picture- there are three table there at the bottom ). Thank you

Hi Kicken ! yes thanks !

Hi Guru Jacques !!! Thank you sir, Coincidentally I had just tried the 0 - offset this morning & found it working and also read about the usage of the GROUP since I was unsure of it and I have been using it like thinking it would be a SORT ON kind of function. Thanks Loads !

ok so i thought that GROUP by is creating an issue and I removed that from the query. And guess what :- SELECT fd.fname, fd.lname, fd.role, fd.city, fd.cell, fd.email, fd.fid From fd WHERE fd.recruiter = 118 LIMIT 1, 10 still returns an empty set. . If I simply remove the LIMIT 1, 10, I get my row of result. I have never had this sort of problem ?? In fact I use LIMIT in most of my queries. Please someone explain to me what's going on !??

Hi all ! This works fine and returns a row of the result SELECT fd.fname, fd.lname, fd.role, fd.city, fd.cell, fd.email, fd.fid From fd WHERE fd.recruiter = 118 GROUP by fd.role and if I add Limit 1, 10 to this like this :- SELECT fd.fname, fd.lname, fd.role, fd.city, fd.cell, fd.email, fd.fid From fd WHERE fd.recruiter = 118 GROUP by fd.role LIMIT 1, 10 I get 0 rows. . What's going wrong here or is this like normal ?? Thanks all !

Hi Benanamen ! Glad that you are not upset. I have given the recruitment rules in the diagram above. Namely : -the Boss recruits the Admins & Masters. -the Admin recruits Masters & Franchisees, - the Masters recruit Franchisees. Each recruitment require that they be confirmed by all up the hierarchy. If a recruit has all the confirmations up the hierarchy then they they may be placed in their own tables as confirmed recruits. That's about it. Please ask for any specifics that come to your mind. Thanks.