tsangaris

Hi, I am building a website using PHP. By default the SESSION is kept active for 24(1440 seconds) minutes of inactivity. What i want is to refresh the SESSION as soon as the user interacts with the website (movement of the mouse, click on links inside the website, etc.) The way i am trying to refresh the session is by calling PHP script named refreshSession.php with AJAX as follow: $.ajax({ cache: false, type: "GET", url: "refreshSession.php" }); and the PHP script goes as follow: refreshSession.php <?php session_start(); echo 'test'; ?> But the session does not refresh. The only way to refresh the session is to reload the page. What am i doing wrong? Any suggestions? Regards, Christos

** Lets say that i include all JS files on the main-page.php and i wait for the other pages to be called using AJAX inside main-page.php. When about-us.php page is called, the JS responsible for that page DOES NOT work. Is there a way to invoke the about-us.js file as soon as the about-us.php file is loaded? [other than including the JS file in about-us.php script]. Regards, Chris

Hi, I have the following setup: A main-page.php that is consisted of: 1) A header 2) A nav bar 3) Content (is loaded inside a <div id="dynamic-content"></div>) 4) Footer Inside the nav bar you find several options (ex. About Us, Contact Us, etc..). Lets say that the script responsible for "About Us" is called about-us.php. What i want to achieve is to load the output of about-us.php page inside the content area (aka the dynamic-content div), as soon as i press the "About Us" button (#about-us div). In order to achieve this i use the following AJAX call: $("#about-us").on('click', function(){ $.ajax({ url: "about-us.php", success: function(output){ $("#dynamic-content").html(output); } }); }); Both main-page.php and about-us.php include their own CSS and JavaScript files: main-page.js and main-page.css included in main-page.php about-us.js and about-us.css included in about-us.php THE PROBLEM I FACE: Initially the tabs inside nav bar (About us, Contact Us, etc) were stand alone pages, meaning when you clicked on the link it redirected you to a new URL (for example http://www.domain.com/about-us.php). In this case about-us.php was consisted of a head where all CSS was included, a body where all JS was included, In other words it was a complete HTML/PHP page. The page was working properly. When i tried to load this page into a div inside main-page.php, i started facing some problems. Sometimes CSS was overwritten by the CSS of Contact Us causing problems (at this point i have to mention that since about-us.php and contact-us.php were stand alone pages, sometimes we used the same classes/ids to target DOM elements). Problems started to happen with JS as well. THE QUESTION: What is the correct way to use CSS and Javascript files of about-us.php? Should i include them inside the about-us.php script or include them inside the main-page.php? Do i have to create one big CSS and one big JS file that will include all previously created CSS and JS that will target each element of each imported page? Is there another way? Thanks in advance.

I have created a countdown clock that will be counting down from 100 (looping each second). This is the code: <script> $(document).ready(function(){ $("#buttonClick").on('click', function(){ var initialValue = $("#countdown").text(); setInterval(function () { initialValue--; $("#countdown").text(initialValue); }, 1000); }); }); </script> <body> <button id="buttonClick">Click Me</button> <div id="countdown">100</div> </body> When i click the "Click Me" button the number counts down from 100, 99, 98,97.... When try this from a mobile device and while the device is awake, it works just fine. Lets say the counter is on 50 and i press the power button of the mobile device and it sleeps. If i wake the mobile after 40 seconds, i will not see the remaining 10 seconds but something like 40 or 38 seconds. This happens every time and i don't know why. Can someone help? Regards, Christos

So lets say that i want mix the MYSQL query with some PHP how do i do it? As you suggested before: UPDATE table SET annual_leave=1 WHERE id IN (1,2,4) I need it to be like: UPDATE table SET annual_leave=1 WHERE id IN [some PHP code giving the same result as (1,2,4)] the ids are listed in a PHP array.. Thanks!

Hi, I have a table with the following data: id name hours annual_leave ================================= 1 Chris 10 0 2 Tony 15 0 3 Mark 9 0 4 John 23 0 5 Lee 8 0 What i want to achieve is: If an employee worked 10 hours or more then reward him/her with 1 day annual leave. By default the value of annual_leave is "0". So i find all eligible employees and store their IDs in a table: $eligible = array ( 0 => 1, 1=>2 , 2=>4); id name hours annual_leave ================================= 1 Chris 10 1 2 Tony 15 1 3 Mark 9 0 4 John 23 1 5 Lee 8 0 What i want to do is to create a single UPDATE query that will find all 3 employees and change the annual_leave value from 0 to 1. I can do this easily within the loop i use to create the $eligible table.. But i have the following questions: a) can i use a single UPDATE query to update multiple rows/columns in a table? b) what is better? a single query to update multiple rows/columns or multiple queries that update a single row/column per time c) can i combine PHP and MYSQL to syntax a query? because in case the $eligible array carries 1000 entries i will need to iterate through it using a FOR or WHILE loop.. Any other comments will be appreciated..

I understand! Again thanks a lot!

Thanks maxxd! I will use Google for the rest! Just a question: If the task i schedule is time-sensitive (if it runs 2 minutes after schedule it may cause problems), will this be something i cannot handle with CRON jobs? I am referring to the now(ish) part of your response!

Hi, I have a PHP script sendEmail.php that given some data (receiver, content, etc), sends an email to the receiver. When i click the Send button i fire the sendEmail.php script using AJAX: $('#sendbutton').on('click', function(){ $.ajax({ type: "POST", url: "js/ajax/sendEmail.php", data: {receiver:receiver, content: content} }); }); I want to add a feature call "Schedule send" where the user can select in how many minutes the email will be send. What i did, was to take the minutes value, insert it into a countDown timer, and as soon as the time is Zero, to fire the same AJAX call. This is working only if the browser is open. And i can understand this, since it is Javascript's responsibility to fire the AJAX call since its the one on client site. QUESTION: Is there a way to fire this sendEmail.php scipt even if the web browser is closed?Using PHP/MYSQL of course.. For example the user will select the recipient, write the email, schedule it to be sent 20 minutes later, and close the browser. If not, what are your suggestions? Thanks in advance, Christos

I am trying to implement the new version of captcha on my website. What i did so far: Inside the FORM: echo '<div class="g-recaptcha" data-sitekey="XXXXXXXXXXXXXXXXXXXXXXXXXXXX"></div>'; Inside PHP: $recaptcha = $_POST['g-recaptcha-response']; if(!empty($recaptcha)) { $google_url = "https://www.google.com/recaptcha/api/siteverify"; $secret = 'YYYYYYYYYYYYYYYYYYYYYYYYYYY'; $ip = $_SERVER['REMOTE_ADDR']; $url = $google_url."?secret=".$secret."&response=".$recaptcha."&remoteip=".$ip; $res = getCurlData($url); $res = json_decode($res, true); if($res['success'] == 'false') { $captcha_error = "Please re-enter your reCAPTCHA."; } } The getCurlData function: function getCurlData($url) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_TIMEOUT, 10); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"); $curlData = curl_exec($curl); curl_close($curl); return $curlData; } What i want to achieve is to know when the no-Captcha box is checked. I want to throw an error to the user if he/she did not check that box. So far i only throw an error if the response from Google is "We are not sure if you are human, please proceed to our second level of verification" [if($res['success'] == 'false')]. PS: most of the code is written by Srinivas Tamada. You can find it here. Thanks in advance.

Thanks Ch0cu3r. I know understand my mistake going with id (which is unique) instead of classes. Nice demo as well!

And it WORKS!! Thanks a lot! Could you please let me know what went wrong with my code? Also could you please guide me through your thought? Thanks in advance!

I want to fetch items from a database and be able to update their quantity by selecting a number from a drop down selection and press the button "Update quantity" to perform the action. I have the following php code: echo '<table border="4"> <tr> <th>ID</th> <th>Item Name</th> <th>Current Quantity</th> <th>New Quantity</th> <th>Update</th> </tr>'; for($i=0 ;$i<$k; $i++) $z = $i+1; //fetch data from database $id = the id of the row that the entry/item is at $item_name = the name of the item $current_quantity = the current quantity of the item //create a table of entries echo '<tr'> <td>'.$z.'</td> <td>'.$item_name.'</td> <td>'.$current_quantity.'</td> <td> <select id="quantity" name="quantity"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> . . . </select> </td>'; echo '<td> <button type="button" value="'.$id.'" name="updatebtn" id="updatebtn">Update Quantity</button> </td>'; echo '</tr>'; Where k = number or matches in database The result is something like this: //////////////////////////////////////////////////////////////////////////// ///ID // Item Name // Current Quantity // New Quantity // Update /// //////////////////////////////////////////////////////////////////////////// // 1 // Shoes // 10 // 12 // Update Quantity // //////////////////////////////////////////////////////////////////////////// // 2 // T-shirts // 5 // 8 // Update Quantity // //////////////////////////////////////////////////////////////////////////// // 3 // Watches // 4 // 2 // Update Quantity // //////////////////////////////////////////////////////////////////////////// The first 3 columns are populated by the database and New Quantity by the user. As soon as the user is done with the new quantity he/she presses "Update Quantity" to update the database. Below is the jQuery code i use: $(document).ready(function(){ $('#updatebtn').click(function(){ //i use this value to find the exact entry in the database var id = $('#updatebtn').attr('value'); var quantity_selected = $('select#quantity option:selected').attr('value'); $.ajax({ type: "POST", url: "js/ajax/updatequantity.php", data: {id: id, new_quantity: quantity_selected} }); //this is for testing alert('ok'); }); }); The updatequantity.php script just takes the new quantity and the row of the entry and updates the value. My problem is: If i press the "Update Quantity" of the item "Shoes", i see the pop-up "ok" and the quantity is updated. But when i try to do the same for the 2 other items (T-shirts and watches), i get nothing. Does my js script has trouble to differentiate between the "Update Quantity" buttons? Is there another approach? ps: i am doing this using wamp on my localhost Thanks in advance.

So in the SESSION array will only change the part SESSION['id'] but the rest of the data SESSION['email'] and SESSION['logged_in'] will stay the same?

I am reading about sessions and i want to clear something out: When do we save the values into the SESSION? Before using session_regenerate_id(true) or after? The code below is saving the value to SESSION after using session_regenerate_id(true): session_start(); //accept data from a form (for example $email and $password)and process them //if the credentials are correct session_regenerate_id(true); $_SESSION['email'] = $email; $_SESSION['logged_in'] = 'TRUE'; header('Location:welcome.php'); exit(); Also, if the above code is the correct approach, what will happen if i save the values to SESSION and then regenerate the id? Is it going to change something? Thanks

You are correct! I am just a little paranoid when it comes to security! I already have protection from session hijacking, session fixation, CSRF, XSS, SQL injections, etc. Thanks for your time and your answers. They helped me a lot!

Thank you all for your answers! No this is how i want it to work. My problem (lets say my luck of knowledge) was how to send php data over to Javascript. With the help with all of you now i get it!

Lets say i manage to send all PHP values over to JavaScript and i dont need to use SESSIONS to send any values to sendmessage.php script. Is it a good practice to send all these values to sendmessage.php using SESSIONS and then compare them to the one send to this script using the AJAX method? For example: sendmessage.php Receiving values via SESSIONS: $senderID = $_SESSION['senderid']; $receiverID = $_SESSION['receiverid']; $message = $_SESSION['message']; Receiving values via AJAX[using post method] $senderIDAJAX = $_POST['sender_id']; $receiverIDAJAX = $_POST['receiver_id']; $messageAJAX = $_POST['message']; if($senderID == $senderIDAJAX && receiverID == receiverIDAJAX && $message == $messageAJAX) { do something } Does this add on security? Thanks!

I am a bit confused (if not a lot). I have the main PHP script (lets name it main.php) where i somehow calculate/extract from my database the following values: userA_id (a.k.a sender_id) userB_id (a.k.a receiver_id) message (a.k.a message) In my script file i have the following: $(document).ready(function(){ $('input#submit').click(function(){ var sender_id = ??? var receiver_id = ??? var message = ??? $.post('js/ajax/sendmessage.php', {sender_id:sender_id, receiver_id: receiver_id, message:message}, function(output) {....do something with output}); }); }); The sendmessage.php script, is a script that given the values sender_id, receiver_id, message, performs some actions and sends the message to userB. My issue here (or the thing i dont understand), is how i can send these values from the PHP script (main.php) to the JavaScript file. Sure i can use a hidden input field and collect these values from there (is it a correct method or a method at all??), but is there any other way i could perform this? Do i get it all wrong? Any help will be much appreciated..

So, i need to send the variables to the php script(the one that AJAX will use) via SESSION variables? Or do you mean something else? Thanks!

I am trying to build a website, where: 1) User logs in (UserA) 2) Inserting a name in the search box and pressing "Search", a list of all users matching that name is shown 3) The user selects a user (UserB) from that list (among several results) 4) By selecting the user (UserB) , a message box appears to insert text 5) The user(UserA) types the message 6) The user(UserA) presses the SUBMIT button and sends the message to the other user(UserB) The problem i face is how to pass the variables from my PHP script to the JavaScript script. Its easy for me to get the values of input fiedls, select fields or any other DOM element value. But if the value i need to pass to Javascript file to perform an AJAX call isnt inside a DOM element, how do i do it? For example, for me to determine the user that will send the message (userA), i will need several data. This data, i have them inside the PHP script as variables, but dont know how to pass them to Javascript file. Getting the data from the URL, or from a hidden input field or any other DOM element, is a solution, but i want to know the way that is safer and better. To summarize: -->[pass necessary data from PHP to JavaScript file]-->[perform an AJAX call] --> [return data to PHP Script] How do i do it? Thanks in advance.

Thanks for the advice. Its generally a good approach not to regenerate the token in each reload of the page. I can see that know. To bypass this i added the following code at the top, where the session_start() is: secure_session_start(); $current_sessid = $_COOKIE['TESTSESSID']; $new_sessid = session_id(); if($current_sessid != $new_sessid) { $hashed_token = AntiCSRFtoken(); echo $hashed_token; $_SESSION['hashed_token'] = $hashed_token; } The weird part is that, when i use the custom secure_session_start(), i does not work. When i use the default PHPSESSID it works fine. session_start(); $current_sessid = $_COOKIE['PHPSESSID']; $new_sessid = session_id(); if($current_sessid != $new_sessid) { $hashed_token = AntiCSRFtoken(); echo $hashed_token; $_SESSION['hashed_token'] = $hashed_token; } Any ideas why the custom secure_session_start() causes this kind of trouble? And if cant bypass it and i have to use the session_start() how do i make sure that the following options are enabled for my domain? Is the .htaccess reliable for this purpose? ini_set('session.use_only_cookies', 1); ini_set('session.entropy_file', '/dev/urandom'); if (in_array('sha512', hash_algos())) { // Set the has function. ini_set('session.hash_function', 'sha256'); } ini_set('session.use_trans_sid', 0); ini_set('session.hash_bits_per_character', 5); ini_set('session.cookie_secure', 1); $secure = TRUE; $httponly = TRUE; Thanks.

Yes i know, but i have an SSL certificate configured to my domain, and i am forcing each page to use https through .htaccess: #TURNS HTTPS ON RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L] Is this correct? Thanks for the response.

I am trying to learn how to program in PHP. For a long time i was using WAMP and my localhost. When i ran into trouble i searched the web, watched videos and eventually find a solution. Trying to upload my scripts into a shared hosting web server i had some difficulties in basic things, like using $_SESSION superglobal variable. What i want to do is to use a hidden field with a value inside a form, and after submitting the form, to compare the $_SESSION variable to the $_POST variable in order to check for CSRF. <?php //call all custom functions require_once('Custom_Functions/functions.php'); //session must be send before HTML headers secure_session_start(); ?> <!DOCTYPE html> <html lang="en"> <body> <?php if(isset($_POST['submit'])) { $postvalue = $_POST['input1']; $sessionvalue = $_SESSION['hashed_token']; echo '<br />==========================<br />'; echo '<br />AFTER PRESSING SUBMIT<br />'; echo '<br />==========================<br />'; echo 'Value of $_POST["hashed_token"] = '.$postvalue.'<br />'; echo 'Value of $_SESSION["hashed_token"] = '.$sessionvalue.'<br />'; } $hashed_token = hash('sha256', uniqid(mt_rand(), TRUE)); $_SESSION['hashed_token'] = $hashed_token; echo '<br />==========================<br />'; echo '<br />BEFORE PRESSING SUBMIT<br />'; echo '<br />==========================<br />'; echo '<br />Value of $_SESSION["hashed_token"] = '.$hashed_token.'<br />'; ?> <form action="" method="POST"> <input type="hidden" name="input1" value="<?php echo $hashed_token; ?>" /> <p><input type="submit" name="submit" /></p> </form> </body> </html> In this script i have 1 custom function: a) secure_session_start() function secure_session_start(){ //Set a custom session name $session_name = 'TESTSESSID'; ini_set('session.use_only_cookies', 1); ini_set('session.entropy_file', '/dev/urandom'); if (in_array('sha512', hash_algos())) { ini_set('session.hash_function', 'sha256'); } ini_set('session.use_trans_sid', 0); ini_set('session.hash_bits_per_character', 5); ini_set('session.cookie_secure', 1); $secure = TRUE; $httponly = TRUE; $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly); session_name($session_name); ini_set("session.save_path", "/home/SESSIONS"); session_start(); } The procedure goes as follows: FIRST COMMUNICATION WITH THE SERVER: The superglobal variable $_SESSION['hashed_token'] is assigned the random hash value, which is then passed to the hidden input field. I then echo it. RESULT: ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc SECOND COMMUNICATION WITH THE SERVER: The user press the submit button, the script then checks if the submit button is pressed, and gets in the if statement(because is TRUE). Then i collect the $_POST and $_SESSION values and echo them. New random hash is assigned to the $_SESSION superglobal variable. RESULT: ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc Value of $_SESSION["hashed_token"] = 8f176aeb3a09a1b30e0ea862c78625d7c11743da933d366cface3fa238388e57 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = c3442382b146f03394ad86911018247c57fa19d4a653d0bf6bb9bc7506e88ca0 For me this is very weird. The random hash is assigned to the $_SESSION variable, but when i try to call it after the submit is pressed its giving me a complete different value. If i remove the function secure_session_start() and just use session_start() it works: RESULT (using session_start() ) ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 Value of $_SESSION["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = e2d4acc239a747217860d71a80553abd41142dbeb8f6fafab511caff8a081fc4 Any ideas why this is happening? The problem is inside the secure_session_start() function but i cant find out why. Also, when i use the secure_session_start() function and more specifically the ini_set("session.save_path", "/home/SESSIONS"); i am forcing the session to be stored inside the /home/SESSIONS folder. But when i only use the session_start() the session i still gets stored inside that path. I checked my .htaccess and there is nothing storing the sessions in that folder. Why is that? One last thing: When using FIREBUG-->Cookies is see 2 names: the custom one (TESTSESSID) and PHPSESSID(which is the default). Shouldnt i only see the custom session name only? Thanks in advance.