Jump to content

KillGorack

Members
  • Content Count

    53
  • Joined

  • Last visited

Community Reputation

1 Neutral

About KillGorack

  • Rank
    Regular Member
  • Birthday 11/22/1970

Profile Information

  • Gender
    Male
  1. KillGorack

    Session start & security

    Still not driven to conclusion; I have TWO scenarios. #1 session_set_cookie_params( 300, "/; SameSite=Strict", ".killgorack.com", true, true ); session_start(); Through www.immuniweb.com it seems the stuff is set correctly on production(php 7.3.5) server. I get no errors on the production(php 7.3.5) server I stay logged in after initial form post for login on production(php 7.3.5) server I DO NOT stay logged in after initial form post for login on development(php 7.3.3) server (localhost) #2 session_start(); session_set_cookie_params( 300, "/; SameSite=Strict", ".killgorack.com", true, true ); Through www.immuniweb.com it seems the stuff is NOT setup correctly on production(php 7.3.5) server I get errors on the production(php 7.3.5) server I stay logged in after initial form post for login on production(php 7.3.5) server I stay logged in after initial form post for login on development(php 7.3.3) server (localhost)
  2. KillGorack

    Session start & security

    Also I'm getting an error when I change the order as you've suggested. Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in C:\xampp\htdocs\portal-x\inc\ses.php on line 12 I'll fiddle with it, once I've changed the urls it seems to be working. I'll have to add this file to gitignore, and keep a local file different than production once I have it working.
  3. KillGorack

    Session start & security

    Yea thanks, also it's a really dumb mistake.. I don't change the URLS of the website from dev to prod.. I think these are the issue. Always 30 seconds after I post..
  4. KillGorack

    Session start & security

    I have issues with a user being logged in and staying logged in, When logging in I create these $_SESSION variables Array ( [usr_login] => username [usr_fname] => first [usr_lname] => last [usr_email] => email [ses_usrid] => 1 [loggdin] => Yes [loginremember] => ) And after login it looks great till I refresh the page or go anywhere else on the site. All variables above are gone. Consequently, this works with no issues on the prod server, just not on my machine. Code I've been playing with since it started, specifically the setting of the cookie. (this code runs before anything else) // ================================================================= // Sesssion start // ================================================================= session_set_cookie_params( 0, "/; SameSite=Strict", ".killgorack.com", true, true ); session_start(); // ================================================================= // Security stuff // ================================================================= header("strict-transport-security: max-age=31536000"); header('X-Frame-Options: sameorigin'); header("X-XSS-Protection: 1; mode=block"); header('X-Content-Type-Options: nosniff'); header("Content-Security-Policy: default-src BLA BLA BLA "); header("Feature-Policy: vibrate 'none'"); header("Referrer-Policy: no-referrer"); header("Access-Control-Allow-Origin: https://www.MYWEBSITE.com/"); header("Expect-CT: max-age=86400, enforce"); header_remove("X-Powered-By"); // ================================================================= Any ideas?
  5. KillGorack

    Fancybox Links not working

    I have a working solution, this seems to work.. From <script type="text/javascript"> $(document).ready(function() { $("#show_pop_message").fancybox().trigger('click'); }); </script> To <script type=\"text/javascript\"> window.jQuery(document).ready(function() { $.fancybox.open('#show_pop_message'); }); </script>
  6. KillGorack

    Fancybox Links not working

    Working with some older php code, and Fancybox 2.1.5 We moved to getting js/css from CDNJS using: <script src="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js" integrity="bla bla bla" crossorigin="anonymous"></script> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.css" integrity="bla bla bla" crossorigin="anonymous" /> Now the links within the fancy box, seems to be reloading the box again instead of following the link. I pretty sure it's a version issue, just cant get it to work.. <?php if(isset($pop)){ if($pop['shw'] == true){ //======================================================== // A message with a forward button ot two //======================================================== if($pop['typ'] == "MsgFwd"){ echo "<script type=\"text/javascript\">"; echo "$(document).ready(function() {"; echo "$(\"#show_pop_message\").fancybox().trigger('click');"; echo "});"; echo "</script>"; echo "<div id=\"show_pop_message\" style=\"display:none;\">"; echo "<div class=\"cont_login\">"; echo "<table cellpadding=\"2\" width=\"100%\" border=\"0\" cellspacing=\"0\">"; echo "<tr>"; echo "<td colspan=\"2\"><div class=\"text5\">".$pop['ttl']."</div></td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><hr class=\"allform_div\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td style=\"vertical-align: text-top;\"><img src=\"".$pop['ico']."\" style=\"margin-right:10px;\"></td>"; echo "<td><div class=\"text7\">".$pop['msg']."</div></td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><hr class=\"allform_div\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td><div class=\"text6\" style=\"text-align:left;\">".$pop['nte']."</div></td>"; echo "<td align=\"right\">"; echo "<a href=\"".$pop['fwda']."\" id=\"NULL\"><img src=\"".$pop['btna']."\" style=\"margin-bottom:-5px; text-align:right;\"></a>"; echo "</td>"; echo "</tr>"; echo "</table>"; echo "</div>"; echo "</div>"; //======================================================== // Just a message (Ok and it goes away) //======================================================== }elseif($pop['typ'] == "MsgOk"){ echo "<script type=\"text/javascript\">"; echo "window.jQuery(document).ready(function() {"; echo "$.fancybox.open('#unlnkForm');"; echo "});"; echo "$(':button').click(function() {"; echo "parent.$.fancybox.close();"; echo "})"; echo "</script>"; echo "<div id=\"unlnkForm\" style=\"display:none;\">"; echo "<div class=\"cont_login\">"; echo "<table cellpadding=\"2\" width=\"100%\" border=\"0\" cellspacing=\"0\">"; echo "<tr>"; echo "<td colspan=\"2\"><div class=\"text5\">".$pop['ttl']."</div></td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><hr class=\"allform_div\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td><img src=\"".$pop['ico']."\" style=\"margin-right:10px;\"></td>"; echo "<td><div class=\"text7\">".$pop['msg']."</div></td>"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><hr class=\"allform_div\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td><div class=\"text6\" style=\"text-align:left;\">".$pop['nte']."</div></td>"; echo "<td align=\"right\">"; echo "<a href=\"javascript:parent.$.fancybox.close();\"><img src=\"".$pop['btna']."\" style=\"margin-bottom:-5px; text-align:right;\"></a>"; echo "</td>"; echo "</tr>"; echo "</table>"; echo "</div>"; echo "</div>"; } //======================================================== } } ?> using that mess up there with: $pop = array( "shw" => true, "typ" => "MsgFwd", "ttl" => "Success!", "msg" => "Thanks your changes have been made, please press the OK button below.", "ico" => "sty/img/ico/alert.png", "nte" => "", "fwda" => $lnk, "btna" => "sty/img/btn/ok.png" ); Any ideas on how to get the links within the box to work?
  7. KillGorack

    Previous, and next record (when NOT ordered by ID)

    I have to get my head around this but it seems SQL has some counting functionality. The code below works, 113 is the current ID we're looking at and the sql below will give previous, and next as well. From a coworker; WITH numberlist AS (SELECT ID, row_number() OVER (ORDER BY trk_airdate ASC) as RN from startrek) SELECT numberlist.* FROM numberlist WHERE RN IN (SELECT RN + i FROM numberlist CROSS JOIN (SELECT -1 AS i UNION ALL SELECT 0 UNION ALL SELECT 1) n WHERE ID = 113) ORDER BY RN wonderful
  8. KillGorack

    Previous, and next record (when NOT ordered by ID)

    I like this solution, but reordering the table isn't possible in my situation Even in this example data we have overlapping dates, which could cause skipping records? I will test this to be sure. <Off topic> In the early 90's DS9, and TNG aired at the same time, Then later in the same decade Voyager, and DS9 overlapped. </Off topic>
  9. SQL is made up below, but I have something similar sorted by dates, and NOT by ID. Currently I get this done by getting all the ID's in an array ordered by date and gleaning the two record ID's from that array. if the table is huge, that might not be the best way. Just seems like there should be an easier way to do it. Any ideas? Select startrek.ID, optc.opt_value as trk_series_id, optc.ID as trk_series_idID, startrek.trk_title, startrek.trk_episode, startrek.trk_season, startrek.trk_airdate, startrek.trk_stardate FROM startrek JOIN opt optc ON optc.ID = startrek.trk_series_id ORDER BY trk_airdate ASC
  10. KillGorack

    PHP TIME (NOT TIMEDATE) difference

    current code, a little better function sec_diff_time($s, $e){ if(!validateDate($s, "H:i:s") or !validateDate($e, "H:i:s")){ return false; }else{ $secsday = 86400; if(strtotime($s) <= strtotime($e)){ $secs = strtotime($e) - strtotime($s); }else{ $secs = (strtotime($e) + $secsday) - strtotime($s); } return $secs; } }
  11. Hi, Trying to figure out a way to get a time difference between two times assuming they are in order.. For example; in the array below the days is easy.. because the time happens later, however nights it becomes a little more confusing. The method I'm using now is; if the dates are in order just stick a reference date on there, and get a difference. If they seem to be reversed, I stick a reference date on the first one and a reference date +1 days on the second and get the difference. Can you all think of a better way? I will use the assumption that the times will NEVER be more than 24 hrs apart.. Array ( [2] => Array ( [days] => Array ( [0] => 07:00:00 [1] => 15:45:00 ) [nights] => Array ( [0] => 15:30:00 [1] => 02:15:00 ) )
  12. Sorry for the late reply! Thanks for that it works great. Better than my solution for sure.
  13. It's a bit tacky, but this is working so far, there has to be a better way. function getParameterByName(name, url) { if (!url) url = window.location.href; name = name.replace(/[\[\]]/g, '\\$&'); var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'), results = regex.exec(url); if (!results) return null; if (!results[2]) return ''; return decodeURIComponent(results[2].replace(/\+/g, ' ')); } if(getParameterByName('fn') == 'edit'){ var i; for(i = 1; i < 10; i++){ $('#datepicker' + i).datepicker({ format: 'yyyy/mm/dd', calendarWeeks: true, weekStart: 1, todayHighlight: true }); } } Edit below PHP with the incremental value on the end.. function element_date($field, $value){ if($field['fld_required'] == 1){ $rq = "required"; }else{ $rq = ""; } $rtrn = "<div class=\"form-group row m-0\">"; $rtrn .= "<label class=\"col-sm-4 col-form-label\">".$field['fld_human']."</label>"; $rtrn .= "<div class=\"col-sm-8 text-right p-0\">"; $rtrn .= "<input id=\"datepicker".$this->datecounter."\" type=\"text\" class=\"form-control form-control-sm\" name=\"".$field['fld_fieldname']."\" value=\"".$value."\" ".$rq." placeholder=\"YYYY-MM-DD\">"; $rtrn .= "</div>"; $rtrn .= "</div>"; $this->datecounter = $this->datecounter + 1; return $rtrn; }
  14. JQuery 3.3.1, Bootstrap 4.2.1, and the use of the Bootstrap Datepicker We’re trying to get satisfy some “Content Security Policy” requirements. One of which is to remove the java in the code, and call it from a known js file somewhere. That said I need to place the stuff in a js file which DOES work, but we have to place some java for EACH datepicker, or datetimepicker that exists in the site (which is scalable) so these form elements need to be added from time to time, and as it stands now we’ll need to add to the JS file also. I’m an absolute tool when it comes to js just FYI. To the question; Is there a way to code the JAVA below so it can handle ALL datepickers once? In the past we would write the form element and the js together, so the id's could be created on the fly. With a js file, it complicates things. $('#datepicker').datepicker({ format: 'yyyy/mm/dd', calendarWeeks: true, weekStart: 1, todayHighlight: true });
  15. KillGorack

    cookie samesite flag causing warning

    Thanks for the reply, I have access to 7.3, but the production server is 7.2. Does this make a difference? This is of course I think because the presence of the semicolon below within the "samesite" attribute. session_set_cookie_params(0, "/; SameSite=Strict", "domain.com", true, true); Looking for syntax of that array method. Can you help a guy out with an example?
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.