Jump to content

Ch0cu3r

Staff Alumni
  • Posts

    3,404
  • Joined

  • Last visited

  • Days Won

    55

Everything posted by Ch0cu3r

  1. Are you sure you are editing the correct php.ini? To know what config file PHP is using call the phpinfo() function and look for the Loaded Configuration File line it will state which config file php is reading.
  2. The code uses short PHP tags (<? ?>), these will only work if you have enabled a setting called short_open_tags in the php.ini If you do not have access to the php.ini then I suggest you to convert the <? tags to <?php tags. NOTE I have removed your sites url from your post as as I was able to read the contents of your constants.php file containing your db credentials.
  3. get_current_user() is not returning the user PHP is running as. Its returning the owner of the script, this is not the user PHP is running as. To see who PHP is running as you maybe able to use echo `whoami`; // yes those are backticks not quotes
  4. The code I gave earlier should be submitting the POST Symptom value via ajax when you make a change in the dropdown menu. I have tested it and it words ok for me. To debug. in my code, add beforeSend: function(xhr, obj) { alert(obj.data); }, After data: {Symptom: option.value}, When you make a selection in the drop down it should display an alert with text like "Symption=<the value you have selected>" This the last time I'm going to say this Next time will issue warning.
  5. Are you using this to center the text? You cannot minus the character length of your string from the total width of your image. Instead you need to use imagettfbbox. This will return the x and y boundaries of your text in pixels. You would take away the 'lower right corner, X position' of your text from the total width of your image and then divide what is left by 2 to calculate the correct x position of your text so it is centered within your image. Example code // The text to draw $text = 'Hello World'; // get the bounding box of our text $bbox = imagettfbbox(20, 0, $font, $text); // calculate the center X position of our text // 1. get the image width // 2. minus the texts lower right corner, X position // 3. divided whats is left by 2 $x = (imagesx($im) - $bbox[2]) / 2; // Y position of our text $y = 50; // Add the text imagettftext($im, 20, 0, $x, $y, $black, $font, $text);
  6. Yes you are not sanitizing your user input values. If you don't do this then your code is open to SQL Injection attacks. You can use mysqli_real_escape_string to sanitize your values. But as you are using mysqli then you should be using prepared statememts. Why the two update queries here? $sql = "UPDATE users SET status='enabled' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); $sql = "UPDATE users SET activation='' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); You only need to to have the one, you can set the values for both the status and activation columns in the same update query. $sql = "UPDATE users SET status='enabled', activation='' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql);
  7. You can just download jquery and link to it locally rather the linking to a remote source if you want to. Also note when posting code to wrap it within tags or click <> button in the editor.
  8. Before using $_GET['id'] you need to check it exists. One way is to use the ternary operator $id = isset($_GET['id']) ? $_GET['id']: '' /* <-- set this to the default value */;
  9. Your question is not clear. Are you wanting to rename the csv file you have stored on your website? Or are you wanting to modify the filename in the report query string stored in the $url variable?
  10. When you say "But unfortunately, I get complete web page." does that mean your are getting HTML/CSS along with your json data or no json data at all? Also can you give information about your php application. Is it completely custom or are you using a specific framework? If its custom how are routing the request for 'dashboard/xhrGetListings'?
  11. Your code is not working because of variable scope. Variables define outside of functions are not available from within a function, same applies to variable defined inside a function are not available outside them. What you should be doing is defining your query within the function and then passing $connection as an argument when you call it.
  12. Oh so you also need to have the selected symptom submitted too? First change onchange="LSC()" to be onchange="LSC(this)". Now change your LSC function to be <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script> function LSC(option) { // using jquery ajax method for calling the php script $.ajax({ // set this to the url of your php script for calling the LSC function url: 'LoadSymptomDetails.php', // send POST request method: 'POST', // set the Symptom name value to be submitted data: {Symptom: option.value}, // if the result of the ajax request is ok then this function is called success: function(response) { // the variable 'response' will contain the output from your php script // as an example we'll use a javascript alert to show the output of the response alert(response); } }); } </script> And I assume you want the response of the ajax request to be added to the <p id="demo"></p> element? In that case replace alert(response); with $('p#demo').html(response);
  13. Have you set $emailto to valid email address $email_to = "mariail.com";
  14. I have re-organised your code/clean it up a little. Try <?php function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error . "<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad, "", $string); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { // first validate google recapture is valid if (isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])) { $key = '***'; // replace with your site key $rip = $_SERVER['REMOTE_ADDR']; $captchaurl = 'https://www.google.com/recaptcha/api/siteverify?'; $captchaurl .= 'secret=' . $key . '&'; $captchaurl .= 'response=' . $_POST['g-recaptcha-response'] . '&'; $captchaurl .= 'ip=' . $rip; $curl_init = curl_init(); curl_setopt($curl_init, CURLOPT_URL, $captchaurl); curl_setopt($curl_init, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_init, CURLOPT_TIMEOUT, 5); curl_setopt($curl_init, CURLOPT_USERAGENT, 'PHP/reCAPTCHA'); curl_setopt($curl_init, CURLOPT_SSL_VERIFYPEER, FALSE); $response = curl_exec($curl_init); if ($response == FALSE) { echo '<p>Curl Error: ' . curl_error($curl_init); } else { $result = json_decode($response, TRUE); // if the result of the google recaptcha is not valid, then show error message if (!isset($result['success'])) { died('Invalid Google ReCaptcha response'); } } curl_close($curl_init); } // if we got this far, then process/send the email if (isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "mariail.com"; $email_subject = "Mario Business Contact"; // validation expected data exists if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['text'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $name = $_POST['name']; // required $email_from = $_POST['email']; // required $text = $_POST['text']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/'; if (!preg_match($email_exp, $email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+$/"; if (!preg_match($string_exp, $name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if (strlen($text) < 2) { $error_message .= 'The text you entered do not appear to be valid.<br />'; } if (strlen($error_message) > 0) { died($error_message); } $email_message = "Jemand hat dir eine Nachricht vom Kontaktformular von mario.samirafracasso.com gesendet\n\n"; $email_message .= "Vorname, Nachname: " . clean_string($name) . "\n"; $email_message .= "Email Adresse: " . clean_string($email_from) . "\n"; $email_message .= "Nachricht: " . clean_string($text) . "\n"; // create email headers $headers = 'From: ' . $email_from . "\r\n" . 'Reply-To: ' . $email_from . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($email_to, $email_subject, $email_message, $headers); ?> <!DOCTYPE html> <html> <head> <link rel="stylesheet" href="../css/style.css"> <title>E-Mail versendet</title> </head> <body> <div id="mail-sent"> <h1>Thank you for contacting us. We will be in touch with you very soon.</h1> </div> </body> </html> <?php } else { died('Email address not entered'); } } ?>
  15. Can we see your code with the changes you made?
  16. Its displaying as popup because of the use of alert(response); Where in the form do you want the response to show? You need to show your form code. No idea. My code has nothing to do with your header.
  17. No you haven't I said this You should know what part of your code is processing/sending the code if you have wrote the code
  18. Read my post(d) again from your other topic. I told you what to do but you ignored me. Also topic locked seeing as this is related to your your last topic
  19. Post your code. It should be outputting the date in YYYY-MM-DD
  20. Most likely MySQL is unable to interpret the date being in DD/MM/YYYY format. If you have set your column as date(time) format then MySQL requires dates to be inserted in YYYY-MM-DD format. So before inserting the date you need to convert it to use that format. You can use PHP's DateTime object to do so // your date value in DD-MM-YYYY format $date = '4/10/2015'; // convert date to YYYY-MM-DD format $dt = new DateTime($date); $date = $dt->format('Y-m-d');
  21. No, You misunderstood Psycho and mac_gyver replies please read them again. Yes you are connected to the DB using mysqli (mysql improved). But you are using mysql_real_escape_string function which is not compatible with MySQLi Improved. The mysql_ functions and mysqli_ functions (note the i after mysql) are not compatible with each other. The mysql improved equivalent is mysqli_real_escape_string (has an i after mysql). However reading your post score should only contain a number, then you should not be using mysqli_real_escape_string. This function is should only be used for escaping string values, such as a persons name, contents of a blog post etc. Not for numbers. What you should do is only insert the new score value if $_GET['score'] is in fact a number. // validate $_GET['score'] exists and consist of digits if(isset($_GET['score']) && ctype_digit($_GET['score'])) { // assign $_GET['score'] to $score and convert to an integer (whole number) $score = intval($_GET['score']); $sql = "UPDATE users SET score_03='$score' WHERE id=2"; if ($conn->query($sql) === TRUE) { echo "Record updated successfully"; } else { echo "Error updating record: " . $conn->error; } } else { echo "Submitted score is invalid"; }
  22. As I said in the comment, replace it (the comment line, not the if statement) with your code that is processing/sending the email This is so the email is only sent if the recpatcha response is valid.
  23. Use substr Example echo "<td>" . substr($row->comments, 0, 100) . "</td>"; Will only show the first 100 characters from the string stored in $row->comments
  24. No the PHP code for verifying the recaptcha needs to go in the file where your form is being submitted to, which is php/form_process.php
  25. In ajax.html you do have your <select></select> drop down menu right? Also open your browser developers console (should open when pressing F12 and clicking the console tab). It will mention any javascript errors.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.