Moorcam

Hello folks, I am trying to create a script that will check the current domain, compare it with an array of domains that are stored externally in domains.php. If we have a match, great. If not, show an error. I am using CURL because of the vulnerabilities used using allow_url_include() so don't want to use that. Here is domains.php <?php // domains.php // Prevent direct access if (basename($_SERVER['PHP_SELF']) === basename(__FILE__)) { die('Access denied.'); } // Array of allowed domain names $domains_content = [ 'test1.com', 'test.com', 'mywebsite.org' ]; ?> Here is the function for checking: // This script checks if the current domain is in the allowed domains list. // Function to fetch the external PHP file using CURL function fetchDomains($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (curl_errno($ch)) { throw new Exception('CURL Error: ' . curl_error($ch)); } curl_close($ch); return $response; } try { // URL of the external PHP file $url = 'https://www.domain/domains.php'; // Replace with the actual URL // Fetch the domains $domains_content = fetchDomains($url); // Evaluate the fetched content to get the array eval('?>' . $domains_content); // Get the current domain $current_domain = $_SERVER['HTTP_HOST']; // Check if the current domain is in the allowed domains if (!in_array($current_domain, $domains_content)) { throw new Exception('Error: The current domain "' . $current_domain . '" is not allowed.'); } echo 'Domain check passed. Current domain: ' . $current_domain; } catch (Exception $e) { // Handle exceptions and display error message echo 'An error occurred: ' . $e->getMessage(); } I haven't included the actual domain I am checking for privacy reasons but you get the drift. Here is the error I am getting: [24-Oct-2024 00:04:58 Australia/Melbourne] PHP Warning: in_array() expects parameter 2 to be array, string given in includes/header.php on line 85 Here is that line: if (!in_array($current_domain, $domains_content)) { throw new Exception('Error: The current domain "' . $current_domain . '" is not allowed.'); } If anyone can help resolve this I would appreciate it. The domain the script is hosted on is actually listed in the array.

Welcome to the community

Thank you. You are all right. I will get onto this. Not hard to do. Still a bit of a learning curve with prepared statements etc. but getting there

Thank you kind sir. I will look more into all this. The reason there are two separate logins is because there are two separate panels. One for staff and one for members. I know I could do something like: if($_SESSION['role'] == 'admin'){ header("location: index.php"); }elseif($_SESSION['role'] = ='member'){ header("location: members.php"); } Thanks for the input. Always appreciated.

Barand, Remember when I joined here first and I made it clear that I am an old Irish fart? Well, today defines exactly what I meant by that. I was updating the table "users" and should have been updating the table "staff". // Prepare the SQL statement to update the user's login status $stmt = $conn->prepare("UPDATE staff SET is_logged_in = 0 WHERE user_id = ?"); $stmt->bind_param("i", $userId); // Execute the statement if ($stmt->execute()) { // Destroy the session session_unset(); session_destroy(); redirectToLogin(); } else { echo "Error updating user status: " . $stmt->error; } // Close the statement $stmt->close(); } I will now go to bed as it is 12:53 on Sunday morning here. Maybe I just need sleep thing? Good night

I have that set globally in config.php // CHECK FOR ERRORS ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);

Hi mate, Thanks for the reply. Have changed it to the following as you mentioned. Still the same: <?php session_start(); // Start the session // Include database connection require_once('includes/config.php'); // Check if user is logged in if (!empty($_SESSION['user_id'])) { logoutUser($conn, $_SESSION['user_id']); } else { redirectToLogin(); } // Close the database connection $conn->close(); /** * Logs out the user by updating their login status and destroying the session. * * @param mysqli $conn The database connection. * @param int $user_id The ID of the user to log out. */ function logoutUser($conn, $user_id) { // Prepare statement to update user login status $stmt = $conn->prepare("UPDATE users SET is_logged_in = 0 WHERE user_id = ?"); $stmt->bind_param("i", $_SESSION['user_id']); // Execute the statement if ($stmt->execute()) { // Destroy the session session_unset(); session_destroy(); redirectToLogin(); } else { echo "Error updating user status: " . $stmt->error; } // Close the statement $stmt->close(); } /** * Redirects the user to the login page. */ function redirectToLogin() { header("Location: login.php"); exit(); } ?> I was binding because I just find it safer to do that when inserting or updating in particular.

Welcome

Hi guys, I have the following logout code, which works just fine, as in it logs the user out and kills the session etc. However, there is one part that is not working and that is updating the database to change the is_logged_in to set to 0 rather than 1, which is set upon login. <?php session_start(); // Start the session // Include database connection require_once('includes/config.php'); // Check if user is logged in if (!empty($_SESSION['user_id'])) { logoutUser($conn, $_SESSION['user_id']); } else { redirectToLogin(); } // Close the database connection $conn->close(); /** * Logs out the user by updating their login status and destroying the session. * * @param mysqli $conn The database connection. * @param int $user_id The ID of the user to log out. */ function logoutUser($conn, $user_id) { // Prepare statement to update user login status $stmt = $conn->prepare("UPDATE users SET is_logged_in = ? WHERE user_id = ?"); $is_logged_in = '0'; // Set user status to logged out $stmt->bind_param("si", $is_logged_in, $user_id); // Execute the statement if ($stmt->execute()) { // Destroy the session session_unset(); session_destroy(); redirectToLogin(); } else { echo "Error updating user status: " . $stmt->error; } // Close the statement $stmt->close(); } /** * Redirects the user to the login page. */ function redirectToLogin() { header("Location: login.php"); exit(); } ?> If anyone can help that would be great. Thanks

Is that the actual error you got? It doesn't make sense. It just looks like php code showing on a html page. Paste the contents of application.php

For me, personally, I am not a fan of frameworks at all and mostly enjoy raw coding more. However, I have used CodeIgniter for a couple of projects and enjoyed it. Massive learning curve but got the results I was after. I still go back to and prefer raw coding. What I have done is, I created an application and used the UI for future projects. So, for example, login, register, users etc, all from the same UI. All I would need to change is the colours or fonts? Saves me a lot of time and effort.

I would put it in them all. Just replace the ??? with the file name. But that's me. Maybe contact Google Search Console support and verify?

No such thing as an idiot unless you are me Try this: <!DOCTYPE HTML> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Application.php</title> </head> <body style="color: #000; background-color: #66FFFF;"> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Define recipient and subject $email_to = "[email protected]"; $email_subject = "New Application Request."; // Function to handle errors function handleError($error) { echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below:<br><br>"; echo $error . "<br><br>"; echo "Please go back and fix these errors.<br><br>"; die(); } // Validate required fields $required_fields = ['fname', 'sname', 'email', 'bday', 'agree', 'smsa']; foreach ($required_fields as $field) { if (!isset($_POST[$field])) { handleError('We are sorry, but there appears to be a problem with the form you submitted.'); } } // Sanitize and validate input $fname = cleanInput($_POST['fname']); $sname = cleanInput($_POST['sname']); $email = cleanInput($_POST['email']); $bday = cleanInput($_POST['bday']); $agree = isset($_POST['agree']) ? 'Yes' : 'No'; $smsa = isset($_POST['smsa']) ? 'Yes' : 'No'; $error_message = validateInput($fname, $sname, $email, $bday); if (!empty($error_message)) { handleError($error_message); } // Prepare email message $email_message = "Form details below:\n\n"; $email_message .= "First Name: $fname\n"; $email_message .= "Surname: $sname\n"; $email_message .= "Email: $email\n"; $email_message .= "Date of Birth: $bday\n"; $email_message .= "Agree to Terms: $agree\n"; $email_message .= "Agree to SMSA Rules: $smsa\n"; // Create email headers $headers = "From: $email\r\n" . "Reply-To: $email\r\n" . "X-Mailer: PHP/" . phpversion(); // Send email @mail($email_to, $email_subject, $email_message, $headers); echo "<div style='text-align: center;'><big>Thank you for your application. We will be in touch with you very soon.</big></div>"; echo "<div style='text-align: center;'><big><a href='index.html'>Back to Home page</a></big></div>"; } function cleanInput($data) { return htmlspecialchars(stripslashes(trim($data))); } function validateInput($fname, $sname, $email, $bday) { $error_message = ""; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error_message .= 'The Email address you entered does not appear to be valid.<br>'; } if (!preg_match("/^[A-Za-z .'-]+$/", $fname)) { $error_message .= 'The First Name you entered does not appear to be valid.<br>'; } if (!preg_match("/^[A-Za-z .'-]+$/", $sname)) { $error_message .= 'The Surname you entered does not appear to be valid.<br>'; } if (empty($bday)) { $error_message .= 'You did not choose a date.<br>'; } return $error_message; } ?> </body> </html>

When posting code use the <> button to add code as it will format it better for reading.

There are plenty scripts out there that you can freely download and use for reference, such as do a google search for matchmaking script project?

Change code as in??? This part confuses me. Based on what you are actually looking to change it is hard for anyone to help really.

We all have to learn. I get that. I am still learning every day. But, best way to learn is to get your hands dirty and get stuck into it. Learn about PHP first and then concentrate on OOP (not ooo). There are plenty of resources out there to help you learn.

All sorted. Don't know exactly what I was doing wrong. Rewrote the php and it worked.

Ok, the issue only seems to happen when I wrap the Modal in php: if(ISSET($_POST['websettings_save'])){ $charter_max = $_POST['charter_max']; $sql = "UPDATE web_settings SET charter_max='$charter_max'"; if (mysqli_query($conn, $sql)) { $msg = '<div id="msg"><h4 class="text-success">Website settings updated successfully!</h4></div>'; } else { $msg = '<div id="msg"><h4 class="text-danger">Error updating Website settings: ' . mysqli_error($conn) . '</h4></div>'; } } // SELECT FROM Web Settings $sql = "SELECT * FROM web_settings"; $result = $conn->query($sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { ?> <div class="modal fade" id="websettingsModal" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <h1 class="modal-title fs-5" id="exampleModalLabel"><?php echo lang('WEB_SETTINGS'); ?></h1> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <form method="POST"> <div class="modal-body"> <p class="text-muted"><?php echo lang('UPDATE_WEB_SETTINGS'); ?></p> <div class="mb-3"> <label for="charter_max" class="col-form-label"><?php echo lang('CHARTER_MAX'); ?>:</label> <input type="text" class="form-control" name="charter_max" id="charter_max" value="<?php echo $row['charter_max']; ?>"> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-danger" data-bs-dismiss="modal"><i class="fa fa-close"></i> <?php echo lang('CLOSE'); ?></button> <button type="submit" onclick="javascript:window.location.reload()" name="settings_save" id="save" class="btn btn-success"><i class="fa fa-save"></i> <?php echo lang('SAVE'); ?></button> </div> </form> </div> </div> </div> <?php } } ?> But, other Modals are done the same way with no issue.

Yeah I'm guessing that too. However, strange as it may seem, I created a new empty Modal from Bootstrap website and a new link to open that Modal, with a new ID etc, and same issue. It's really strange how the other Modals, which are called from the same file, modals.php, are working fine.

I had a look at those. Funny thing is, and I should have mentioned this, I have other Modals, with same links and same modal types that open with no issue. Just this one that is throwing that error.

Hi guys, When I try to open a Bootstrap 5 Modal I get the following error in console: vendor.bundle.base.js:9 Uncaught TypeError: Cannot read properties of undefined (reading 'backdrop') at On._initializeBackDrop (vendor.bundle.base.js:9:52555) at new On (vendor.bundle.base.js:9:51462) at On.getOrCreateInstance (vendor.bundle.base.js:9:7913) at HTMLAnchorElement.<anonymous> (vendor.bundle.base.js:9:55451) at HTMLDocument.n (vendor.bundle.base.js:9:4238) Here is the link to open the modal: <li class="nav-item"> <a class="nav-link" data-bs-toggle="modal" data-bs-target="#websettingsModal" href="#"><?php echo lang('WEBSITE_SETTINGS'); ?></a></li> And the modal itself: <div class="modal fade" id="websettingsModal" tabindex="-1" aria-labelledby="websettings" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <h5 class="modal-title" id="websettings">Modal title</h5> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> ... </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> <button type="button" class="btn btn-primary">Save changes</button> </div> </div> </div> </div> If anyone could help that would be great. Thanks, Dan

Ok, fixed. I changed the charter ID from 'id' to 'chtr_id' in the database. Everything is now working.

charter.driver contains the ID of the driver in question. Driver is selected from users table. Obviously a different ID and both tables have unique IDs

Ok, Changed the query a little as shown below. Shows all results now but output is multiplied by four. $sql = "SELECT *, usr.id, usr.fname FROM charters AS chtr LEFT OUTER JOIN users AS usr ON(chtr.id = usr.id) IS NOT NULL; ";