Jump to content

Chrisj

Members
  • Posts

    537
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Chrisj

  1. I am using this a modal window(jBox) - with a web Form in it, that requires the Form (just Name & Email) to be completed and Submitted in order to close the modal window - allowing access to the main page.

    The Form uses this corresponding ../submit.php which this:

    if (empty($_POST['name'])|| empty($_POST['email'])){
    $response['success'] = false;
    } else {
    $response['success'] = true;
    }
    
    echo json_encode($response);

    where, upon Form > submit, successfully shows 'error' if the Form fields are not populated, and 'success' when the Form fields are populated/submitted.

    I'd like the Form to require a proper/valid email address and avoid spam and header injection
    (maybe honeypot protection and implement a form of rate limiting (a single ip may not send more than x messages per day)).

    Any assistance/guidance is appreciated

     

  2. The goal it to close the jBox upon success and not close it upon Error. Which I believe needs validation from the submit.php to successfully close the Form/jBox.
    I attempted adding this call back validation code ( everything above if($_POST) ) in the submit.php file, without success:

    <?php
    header('Content-type: application/json');
    $errors         = array();  
    $data           = array();  
    
        if (empty($_POST['name']))
            $errors['name'] = 'Name is required.';
    
        if (empty($_POST['email']))
            $errors['email'] = 'Email is required.';
    
        if ( ! empty($errors)) {
    
            $data['success'] = false;
            $data['errors']  = $errors;
        }
        echo json_encode($data);
    
    if($_POST){
    	$to = 'chrisj....@hotmail.com';
    	$subject = 'Thank You';
    	$name = $_POST['name'];
    	$email = $_POST['email'];
    	$message = $_POST['message'];
    	$message1 = $_POST['message'];
    	$headers = $name;
    	$headers = 'from: support@web-site-name.com';
    
    	$message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." ";
    
    	$message = "Hello {$_POST['name']}, ~ Thank you\r\n\r\n";
    
       		mail( $to, $subject, $message1, $headers );
       		mail( $email, $subject, $message, $headers );
    
    		//header('Location: https://web-site-name.com');
       exit;
    }
    ?>

    And I have the .js:

    var myConfirm;
    $(document).ready(function() {
    
      myConfirm = new jBox('Confirm', {
        content: $('.my-jbox-form'),
        width: 830,
        height: 205,
        cancelButton: 'Return Home',
        confirmButton: 'Continue',
        closeOnConfirm: false,
        closeOnEsc: false,
        confirm: function() {
        $.ajax({
      url: 'https://...../submit.php',
      method: 'post',
      data: {
        name: $('#name').val(),
        email: $('#email').val()
      },
      success: function (response) {
        console.log(response);
        if (response.success) {
          alert('Success');
        } else {
          alert('Error');
        }
      }
    });

    And I’ve tried to add: myConfirm.close(); into the .js code, but not sure where is the best place to put it.

    After excuting the Form, still get a dialog box, on the Form page, that shows “web-site-name.com says Error”, yet the Form’s field info gets sent successfully.

    And after Form submit, in the dev tools > Console it only shows one line,

    [ ] upload.html:78

    And, of course, the Form (jBox) doesn’t close.


    Any additional guidance/suggestions with call back and validation, and close() is appreciated.

  3. Ok, I have removed his code and am back to this:

    <?php
    if($_POST){
    	$to = 'chrisj...@.....com';
    	$subject = 'Thank you for your info';
    	$name = $_POST['name'];
    	$email = $_POST['email'];
    	$message = $_POST['message'];
    	$message1 = $_POST['message'];
    	$headers = $name;
    	$headers = 'from: info@.....com';
    	$message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." ";
    	$message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n";
       		mail( $to, $subject, $message1, $headers );
       		mail( $email, $subject, $message, $headers );
    		header('Location: https://....');
       exit;
    }
    ?>

    and this:

    var myConfirm;
    $(document).ready(function() {
    
      myConfirm = new jBox('Confirm', {
        content: $('.my-jbox-form'),
        width: 830,
        height: 205,
        cancelButton: 'Return Home',
        confirmButton: 'Continue',
        closeOnConfirm: false,
        closeOnEsc: false,
        confirm: function() {
        $.ajax({
      url: 'https://...../submit.php',
      method: 'post',
      data: {
        name: $('#name').val(),
        email: $('#email').val()
      },
      success: function (response) {
        console.log(response);
        if (response.success) {
          alert('Success');
        } else {
          alert('Error');
        }
      }
    });

    I look forward to any guidance with adding "validate the input and then send some response back".

  4. Thanks for your reply,

    yes I have considered that - this section:

    function errorOutput($output, $code = 500) {
        http_response_code($code);
        echo json_encode($output);
    }

    but I'm not sure what with that or what to do next - any suggestion/solution is appreciated

  5. Thank you for your reply.

    I now have this:

    <?php
    /* Makes it so we don't have to decode the json coming from javascript */
    header('Content-type: application/json');
    
    /* Grab decoded incomming data from Ajax */ 
    $incomming  = $_POST['data'];
    
    $data['outgoing'] = 'stop';
    
    if ( $incomming === 'proceed') {
    
    	$data['outgoing'] = "send"; 
    }
    
    if ( $data['outgoing'] === 'send') {
       output($data);
    } else { 
       errorOutput('error');
    }
    
    /* Something went wrong, send error back to Ajax / Javascript */
    function errorOutput($output, $code = 500) {
        http_response_code($code);
        echo json_encode($output);
    }
    
    /*
     * If everything validates OK then send success message to Ajax / Javascript
     */
    function output($output) {
        http_response_code(200);
        echo json_encode($output);
    }
    if($_POST){
    	$to = 'chrisj...@.....com';
    	$subject = 'Thank you for your info';
    	$name = $_POST['name'];
    	$email = $_POST['email'];
    	$message = $_POST['message'];
    	$message1 = $_POST['message'];
    	$headers = $name;
    	$headers = 'from: info@.....com';
    	$message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." ";
    	$message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n";
       		mail( $to, $subject, $message1, $headers );
       		mail( $email, $subject, $message, $headers );
    		header('Location: https://....');
       exit;
    }
    ?>

    But I am now seeing this Error Code in the Console:

    jquery.min.js:6 POST https://web-site-name/submit.php 500

    Any additional assistance with resolving this error is appreciated

     

     

     

  6. I have this php file that processes Form field entries. Apparently I need to modify it, I'm told, to "validate the input and then send some response back":

    <?php
    if($_POST){
    	$to = 'chrisj...@.....com';
    	$subject = 'Thank you for your info';
    	$name = $_POST['name'];
    	$email = $_POST['email'];
    	$message = $_POST['message'];
    	$message1 = $_POST['message'];
    	$headers = $name;
    	$headers = 'from: info@.....com';
    	$message1 .= "\r\n\r\nName: ".$_POST['name']." \r\n Email: ".$_POST['email']." ";
    	$message = "Hello {$_POST['name']}, ~ Thank you for your input\r\n\r\n";
       		mail( $to, $subject, $message1, $headers );
       		mail( $email, $subject, $message, $headers );
    		header('Location: https://....');
       exit;
    }
    ?>

    The corresponding js looks like this:

    $.ajax({
      url: 'https://...../submit.php',
      method: 'post',
      data: {
        name: $('#name').val(),
        email: $('#email').val()
      },
      success: function (response) {
        console.log(response);
        if (response.success) {
          alert('Success');
        } else {
          alert('Error');
        }
      }
    });

    I look forward to any guidance with adding "validate the input and then send some response back".

     

  7. There are several db tables ( phpmyadmin ) working with the web php script that I’m using (but did not write).

    The ‘user’ table has many fields, but pertaining to purchases it has these fields: ‘ip_address’ ‘username’ ‘wallet’ and ‘balance’.

    The ‘paid_videos’ table has these fields: id_user, video_play_price, id_video, user_id_uploaded, video_title, earned_amount, time_date, short_id, session_key
    video_id, time.

    The ‘transact’ table has these fields: username, id_user, amount, balance, wallet, wal_bal, user_id_uploaded, earned_amount, time_date.

    When a purchase is made a single row is populated in the ‘paid videos’ table and a single row is populated in the ‘transact’ table.

    Additional info: when a purchase is made, an amount of 50% of the price (‘earned_amount’) appears in uploader’s (user_id_uploaded) ‘earned_amount’ field,
    and gets added to the uploader’s ‘balance’ field.

    And that amount is also reflected in ‘amount’ by a negative number, and reduces the purchaser’s ‘wallet’ or ‘balance’ by that same amount.
    Also, wal_bal is total of wallet and balance.

    I am looking for comments/suggestions for improvement. And/or besides improvement, what am I missing?

  8. the php web video script that I'm trying to modify allows Users to purchase videos successfully, however, the video price that is reflected in the db ('u_paid_videos') table (where transaction info is stored) appears to show the default video price (video_play_price from the 'config' db table) every time, instead of the accurate video price. I'm not sure if this code needs to be tweaked so that the actual price will show in the 'video_play_price' column (in 'u_paid_videos' table):

    // get cost video // get the default video price, to use if there is no per video play price
    	$db->where('name', 'video_play_price');
    	$db_cost = $db->getOne('config');
    	$video_cost = (float)$db_cost->value;
    
    	// the number of submitted videos - used to determine if all records were inserted
    	$count_video = count($id_array);
    	$user_id = $user->id;
    
    	$wallet = (float)str_replace(',', '', $user->wallet);
    	$balance = (float)str_replace(',', '', $user->balance);
    
    	// add up the video prices
    	$amount = 0;
    	foreach ($id_array as $id) {
    
    	$video_id = (int)PT_Secure($id);
    
    	// get video data
    	$video = $db->where('id', $id)->getOne(T_VIDEOS);
    
    	// add the video play price if any, or the default price
    	$amount += $video->video_play_price?$video->video_play_price:$video_cost;
    	}
    
    	// determine if the user has enough credits
    	if( ($wallet >= $amount) OR ($balance + $wallet >= $amount) ) {
    
    		$db->startTransaction();
    
    		$inserted_records = 0;
    		foreach ($id_array as $id){
    
    			$video_id = (int)PT_Secure($id);
    
    			// get video data
    			$video = $db->where('id', $id)->getOne(T_VIDEOS);
    
    			// use the video play price if any, or the default price
    			$video_cost_new = $video->video_play_price?$video->video_play_price:$video_cost;
    
    			$uploader_amount = $video_cost_new *0.50;
    
    			// add data to paid table
    			$insert_buy = $db->insert('u_paid_videos', [
    				'id_user' => $user_id,
    				'id_video' => $video_id,
    				'session_key' => $_SESSION['session_key'],
    				'video_play_price' => (string)$video_cost,
    				'video_title' => $video->title, 
    				'user_id_uploaded' => $video->user_id, 
    				'earned_amount' => $uploader_amount
    				]);
    
    

     

     

     

     

     

  9. I have added this to .htaccess:

    RewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
    RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]


    and added a validate.php file, containing this:

    <?php
    $v = $_GET['video'] ?? null;
    
    if(file_exists($v)) {
        unlink($v);
        header('Content-type: application/mp4');
        header('Content-Disposition: inline; filename=video.mp4');
        readfile("./mytestvideo.mp4");
    } else
       http_response_code(404);


    to the root directory. And then searched and played a video, but still see the unmasked url/path to the video, instead of this type of url/path:

    http://mymp4.com?validate.php?video=40f677a45113eb829e345d278b8d1d31

    as I was hoping for.

    I'm sure I must have something incomplete.

    Any additional guidance you'd like to share is much appreciated.

    Much thanks again

  10. Many thanks again for your posting/reply.  I have added this code to an .htaccess file:

    RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
    RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]

    I have added this php file:

    <?php
    $v = $_GET['video'] ?? null;
    
    if(file_exists($v)) {
        unlink($v);
        header('Content-type: application/mp4');
        header('Content-Disposition: inline; filename=video.mp4');    
        readfile("./mytestvideoo.mp4");    
    } else
       http_response_code(404);

    named validate.php to the main directory.

    I just don't know what to do with this:

    //Generate the link
    
    $normalText = "this is just your average string with words and stuff";
    
    $hashedText = md5($normalText);
    
    fopen($hashedTest, 'w');
    
    echo "<a href='validate.php?video={$hashedText}'>Link to the video</a>

    should I put it in a .txt file and add it to my main directory? If so, named what?

    That's just what I'm not clear on before I test all this.

    I look forward to your comments/anything you'd like to share.

  11. Thanks for your reply.

    Which one would work best for my request: " Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?"

  12. How about something like this:

    RewriteEngine OnRewriteCond %{REQUEST_URI} \.(mp4)$ [NC]
    RewriteRule ^ validate.php?request_url=%{REQUEST_URI} [L]
    # To disable or prevent the directory access/listing
    Options -Indexes

    with this validate.php?:

    <?phpsession_start();
    if (!isset($_SESSION['login'])) {
    header ('Location: index.php');
    exit();
    } else {
    // Get server document root
    $document_root = $_SERVER['DOCUMENT_ROOT'];
    // Get request URL from .htaccess
    $request_url = $_GET['request_url'];
    // Get file name only
    $filename = basename($request_url);
    // Set headers
    header('Content-type: application/mp4');
    header('Content-Disposition: inline; filename='.$filename);
    // Output file content
    @readfile($document_root.$request_url);
    }

    I look forward to any additional guidance/comments/suggestions

     

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.