Jump to content

Chrisj

Members
  • Posts

    537
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Chrisj

  1. Thanks for your reply. I mean "a properly formatted email address (user@domain.com)"
  2. I am using this a modal window(jBox) - with a web Form in it, that requires the Form (just Name & Email) to be completed and Submitted in order to close the modal window - allowing access to the main page. The Form uses this corresponding ../submit.php which this: if (empty($_POST['name'])|| empty($_POST['email'])){ $response['success'] = false; } else { $response['success'] = true; } echo json_encode($response); where, upon Form > submit, successfully shows 'error' if the Form fields are not populated, and 'success' when the Form fields are populated/submitted. I'd like the Form to require a proper/valid email address and avoid spam and header injection (maybe honeypot protection and implement a form of rate limiting (a single ip may not send more than x messages per day)). Any assistance/guidance is appreciated
  3. The goal it to close the jBox upon success and not close it upon Error. Which I believe needs validation from the submit.php to successfully close the Form/jBox. I attempted adding this call back validation code ( everything above if($_POST) ) in the submit.php file, without success: <?php header('Content-type: application/json'); $errors = array(); $data = array(); if (empty($_POST['name'])) $errors['name'] = 'Name is required.'; if (empty($_POST['email'])) $errors['email'] = 'Email is required.'; if ( ! empty($errors)) { $data['success'] = false; $data['errors'] = $errors; } echo json_encode($data); if($_POST){ $to = 'chrisj....@hotmail.com'; $subject = 'Thank You'; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $message1 = $_POST['message']; $headers = $name; $headers = 'from: support@web-site-name.com'; $message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." "; $message = "Hello {$_POST['name']}, ~ Thank you\r\n\r\n"; mail( $to, $subject, $message1, $headers ); mail( $email, $subject, $message, $headers ); //header('Location: https://web-site-name.com'); exit; } ?> And I have the .js: var myConfirm; $(document).ready(function() { myConfirm = new jBox('Confirm', { content: $('.my-jbox-form'), width: 830, height: 205, cancelButton: 'Return Home', confirmButton: 'Continue', closeOnConfirm: false, closeOnEsc: false, confirm: function() { $.ajax({ url: 'https://...../submit.php', method: 'post', data: { name: $('#name').val(), email: $('#email').val() }, success: function (response) { console.log(response); if (response.success) { alert('Success'); } else { alert('Error'); } } }); And I’ve tried to add: myConfirm.close(); into the .js code, but not sure where is the best place to put it. After excuting the Form, still get a dialog box, on the Form page, that shows “web-site-name.com says Error”, yet the Form’s field info gets sent successfully. And after Form submit, in the dev tools > Console it only shows one line, [ ] upload.html:78 And, of course, the Form (jBox) doesn’t close. Any additional guidance/suggestions with call back and validation, and close() is appreciated.
  4. Ok, I have removed his code and am back to this: <?php if($_POST){ $to = 'chrisj...@.....com'; $subject = 'Thank you for your info'; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $message1 = $_POST['message']; $headers = $name; $headers = 'from: info@.....com'; $message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." "; $message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n"; mail( $to, $subject, $message1, $headers ); mail( $email, $subject, $message, $headers ); header('Location: https://....'); exit; } ?> and this: var myConfirm; $(document).ready(function() { myConfirm = new jBox('Confirm', { content: $('.my-jbox-form'), width: 830, height: 205, cancelButton: 'Return Home', confirmButton: 'Continue', closeOnConfirm: false, closeOnEsc: false, confirm: function() { $.ajax({ url: 'https://...../submit.php', method: 'post', data: { name: $('#name').val(), email: $('#email').val() }, success: function (response) { console.log(response); if (response.success) { alert('Success'); } else { alert('Error'); } } }); I look forward to any guidance with adding "validate the input and then send some response back".
  5. Thanks for your reply. I don't know the answer to your question, it was provided to me, in this thread, by Strider64. Any clarification/resolution will be welcomed.
  6. Thanks for your reply, yes I have considered that - this section: function errorOutput($output, $code = 500) { http_response_code($code); echo json_encode($output); } but I'm not sure what with that or what to do next - any suggestion/solution is appreciated
  7. Thank you for your reply. I now have this: <?php /* Makes it so we don't have to decode the json coming from javascript */ header('Content-type: application/json'); /* Grab decoded incomming data from Ajax */ $incomming = $_POST['data']; $data['outgoing'] = 'stop'; if ( $incomming === 'proceed') { $data['outgoing'] = "send"; } if ( $data['outgoing'] === 'send') { output($data); } else { errorOutput('error'); } /* Something went wrong, send error back to Ajax / Javascript */ function errorOutput($output, $code = 500) { http_response_code($code); echo json_encode($output); } /* * If everything validates OK then send success message to Ajax / Javascript */ function output($output) { http_response_code(200); echo json_encode($output); } if($_POST){ $to = 'chrisj...@.....com'; $subject = 'Thank you for your info'; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $message1 = $_POST['message']; $headers = $name; $headers = 'from: info@.....com'; $message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." "; $message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n"; mail( $to, $subject, $message1, $headers ); mail( $email, $subject, $message, $headers ); header('Location: https://....'); exit; } ?> But I am now seeing this Error Code in the Console: jquery.min.js:6 POST https://web-site-name/submit.php 500 Any additional assistance with resolving this error is appreciated
  8. I have this php file that processes Form field entries. Apparently I need to modify it, I'm told, to "validate the input and then send some response back": <?php if($_POST){ $to = 'chrisj...@.....com'; $subject = 'Thank you for your info'; $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $message1 = $_POST['message']; $headers = $name; $headers = 'from: info@.....com'; $message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." "; $message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n"; mail( $to, $subject, $message1, $headers ); mail( $email, $subject, $message, $headers ); header('Location: https://....'); exit; } ?> The corresponding js looks like this: $.ajax({ url: 'https://...../submit.php', method: 'post', data: { name: $('#name').val(), email: $('#email').val() }, success: function (response) { console.log(response); if (response.success) { alert('Success'); } else { alert('Error'); } } }); I look forward to any guidance with adding "validate the input and then send some response back".
  9. There are several db tables ( phpmyadmin ) working with the web php script that I’m using (but did not write). The ‘user’ table has many fields, but pertaining to purchases it has these fields: ‘ip_address’ ‘username’ ‘wallet’ and ‘balance’. The ‘paid_videos’ table has these fields: id_user, video_play_price, id_video, user_id_uploaded, video_title, earned_amount, time_date, short_id, session_key video_id, time. The ‘transact’ table has these fields: username, id_user, amount, balance, wallet, wal_bal, user_id_uploaded, earned_amount, time_date. When a purchase is made a single row is populated in the ‘paid videos’ table and a single row is populated in the ‘transact’ table. Additional info: when a purchase is made, an amount of 50% of the price (‘earned_amount’) appears in uploader’s (user_id_uploaded) ‘earned_amount’ field, and gets added to the uploader’s ‘balance’ field. And that amount is also reflected in ‘amount’ by a negative number, and reduces the purchaser’s ‘wallet’ or ‘balance’ by that same amount. Also, wal_bal is total of wallet and balance. I am looking for comments/suggestions for improvement. And/or besides improvement, what am I missing?
  10. Thanks for your reply. However, I have looked and wouldn't have posted if I could see the problem. I'm hoping another set of eyes might see what I don't. Any additional assistance is welcomed.
  11. the php web video script that I'm trying to modify allows Users to purchase videos successfully, however, the video price that is reflected in the db ('u_paid_videos') table (where transaction info is stored) appears to show the default video price (video_play_price from the 'config' db table) every time, instead of the accurate video price. I'm not sure if this code needs to be tweaked so that the actual price will show in the 'video_play_price' column (in 'u_paid_videos' table): // get cost video // get the default video price, to use if there is no per video play price $db->where('name', 'video_play_price'); $db_cost = $db->getOne('config'); $video_cost = (float)$db_cost->value; // the number of submitted videos - used to determine if all records were inserted $count_video = count($id_array); $user_id = $user->id; $wallet = (float)str_replace(',', '', $user->wallet); $balance = (float)str_replace(',', '', $user->balance); // add up the video prices $amount = 0; foreach ($id_array as $id) { $video_id = (int)PT_Secure($id); // get video data $video = $db->where('id', $id)->getOne(T_VIDEOS); // add the video play price if any, or the default price $amount += $video->video_play_price?$video->video_play_price:$video_cost; } // determine if the user has enough credits if( ($wallet >= $amount) OR ($balance + $wallet >= $amount) ) { $db->startTransaction(); $inserted_records = 0; foreach ($id_array as $id){ $video_id = (int)PT_Secure($id); // get video data $video = $db->where('id', $id)->getOne(T_VIDEOS); // use the video play price if any, or the default price $video_cost_new = $video->video_play_price?$video->video_play_price:$video_cost; $uploader_amount = $video_cost_new *0.50; // add data to paid table $insert_buy = $db->insert('u_paid_videos', [ 'id_user' => $user_id, 'id_video' => $video_id, 'session_key' => $_SESSION['session_key'], 'video_play_price' => (string)$video_cost, 'video_title' => $video->title, 'user_id_uploaded' => $video->user_id, 'earned_amount' => $uploader_amount ]);
  12. In fact, this blocks videos from playing at all: RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] when these .htaccess lines are commented-out, the videos play as normal. Any additional help is welcomed.
  13. Thanks for your reply. The php web script that I'm trying to modify generates the url/path from where the video file is stored, for example: http://......com/uploads/video/2019/10/BevI9Fl33FErYiqflaV8_31_1489faaeb187967564c2f5986a498c.mp4
  14. I have added this to .htaccess: RewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] and added a validate.php file, containing this: <?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideo.mp4"); } else http_response_code(404); to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path: http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31 as I was hoping for. I'm sure I must have something incomplete. Any additional guidance you'd like to share is much appreciated. Much thanks again
  15. Many thanks again for your posting/reply. I have added this code to an .htaccess file: RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] I have added this php file: <?php $v = $_GET['video'] ?? null; if(file_exists($v)) { unlink($v); header('Content-type: application/mp4'); header('Content-Disposition: inline; filename=video.mp4'); readfile("./mytestvideoo.mp4"); } else http_response_code(404); named validate.php to the main directory. I just don't know what to do with this: //Generate the link $normalText = "this is just your average string with words and stuff"; $hashedText = md5($normalText); fopen($hashedTest, 'w'); echo "<a href='validate.php?video={$hashedText}'>Link to the video</a> should I put it in a .txt file and add it to my main directory? If so, named what? That's just what I'm not clear on before I test all this. I look forward to your comments/anything you'd like to share.
  16. I thought hashed md5 solution would replace the url/path with a fake url/path that would disappear when the user session is over, and next time that video is played a new fake url/path will be displayed, so I understand "use it in order to identify which video your script should be displaying"?
  17. Thanks for your reply. I don't understand what you mean by "and use it in order to identify which video your script should be displaying"
  18. Thanks for your reply, but I've looked it over and am looking for feedback from higher skilled people than me
  19. Thanks for your reply. Which one would work best for my request: " Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?"
  20. Much thanks again. I have also looked into X-SENDFILE. Can you share why you may think the hash solution posted above might be better than X-SENDFILE solution? I look forward to any comments.
  21. Thanks for your reply, i like a lot of what you explained, but because I’m learning as I go here, I don’t understand the term “hash” and also generating a GET parameter with the hash. I would welcome any additional explanation/elaboration/example that you’d like to share.
  22. How about something like this: RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC] RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L] # To disable or prevent the directory access/listing Options -Indexes with this validate.php?: <?phpsession_start(); if (!isset($_SESSION['login'])) { header ('Location: index.php'); exit(); } else { // Get server document root $document_root = $_SERVER['DOCUMENT_ROOT']; // Get request URL from .htaccess $request_url = $_GET['request_url']; // Get file name only $filename = basename($request_url); // Set headers header('Content-type: application/mp4'); header('Content-Disposition: inline; filename='.$filename); // Output file content @readfile($document_root.$request_url); } I look forward to any additional guidance/comments/suggestions
  23. Thanks for your reply. Can you give me an example of that type of script?
  24. Or is there a way to keep the /videos/ folder from being available unless a potential viewer is logged-in to the web site?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.