Jump to content

CodeRed-Alpha

Members
  • Posts

    14
  • Joined

  • Last visited

Profile Information

  • Gender
    Male
  • Location
    USA
  • Age
    40

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

CodeRed-Alpha's Achievements

Member

Member (2/5)

0

Reputation

  1. I am trying to encrypt just the directory part of the path in a URL. We have users downloading and viewing documents (pdf, doc, jpg, etc..) The filename does not ned to be encrypted but it can be. Essentially I want to it to look like this. https://mydomain.com/documents/123.pdf Should show as https://mydomain.com/Adslk$ksd)dsajka^sSPd/123.pdf The purpose: To ensure that a user cannot browse directly to the folder just by removing the filename. We do not use any GET variables in our URLs for security reasons. Is there a way this can be done without decrypting it so the user can see it? There are tons and tons of article about encrypting the GET variables and URL parameters but I don't really see anybody doing just the file path without the file name being decrypted. We already disallow any user not logged in or with valid permissions to view the page or access the directory. But we do not even want the users to be able to know what directory this stuff is even stored in. Any suggestions? Thank you.
  2. Yep i spotted that as well and that did have an affect. My eyes are so bad, certain characters are hard to distinguish. Thank you.
  3. I corrected the typos. I believe I am getting at least a response on the POST. In my if(isset($_POS I have a redirect which it seems to be hitting. Should I be reading as $_POST['evac.id'] or what? I have echo '<script console.log("Echo This")</script>'; How to print my array to the console log just to see how they are named and values?
  4. That was correct. What am i missing to define the JSON object. As I get getting a blank object and nothing more. Even my latest and most simple method is not working. No errors, just not getting any POST value. function removeNotification(Record_Id){ var evac = {}; evac.id = Record_Id; evac.queue = 'Documents'; jsonString - JSON.stringify(evac); let remove_data=new XMLHttpRequest(); remove_data.open("POST", "scripts/Notifications_Delete.php", true); remove_data.setRequestHeader("contrnt-typr", "application/x-www-form-urlencoded"); remove_data.send(jsonString); } My PHP side is not getting anything. If I console.log the jsonString at the point of send, I am getting the object there. but not receiving it.
  5. I am just trying to pass 2 simple variables from my jaascript to my php page. My php is not receiving them. Why not? Javascript function. function removeNotification(Record_Id){ var remove = { remove_id: Record_Id, queue: "Documents", }; let remove_data=new XMLHttpRequest() remove_data.open("POST", "scripts/Notifications_Delete.php", true); remove_data.setRequestHeader("Content-Type", "application/json"); remove_data.onreadystatechange=function(){ if (remove_data.readyState===4 && remove_data.status===200){ console.log(Record_Id); } }; remove_data.send(JASON.stringify(remove)); } My PHP to receive it. $remove = json_decode(file_get_contents("php://input"), true); $Remove_Id = $remove["remove_id"]; $Queue_Name = $remove["queue"]; echo 'Your Remove ID is: '.$Remove_Id;
  6. I ended up packaging my form data up into a single string package. JSON encoding it and then JSON decoding it on the SQL SELECT query return of data. ISo I am having a SIMILAR issue but unrelated to the other one and I did not feel like it should be in it's own thread, but we'll see. I am running a sql query that requires the Id of a document or a record to be passed from javascript. The reason I have to do it this way is the same as before. We do not use GET variables here for security purposes so I have to run the delete trigger through an onclick. My javcascript looks like this. function removeNotification(Record_Id){ let remove_request=new FormData(); remove_request.append('REMOVE_NOTIFICATION', Record_Id); let remove_data=new XMLHttpRequest(); remove_data.onreadystatechange=function(){ if (remove_data.readyState===4 && remove_data.status===200){ console.log(Record_Id); } } remove_data.open('POST', 'scripts/Notifications_Delete.php', true); remove_data.send(remove_request); } And my Notifications_Delete.php is trying to get the POST data but I am not receiving the Record ID i am passing. if(isset($_POST['Record_Id'])) { $doc_id = $_POST['Record_Id']; $Queue_Name = 'Documents'; } My doc_id is not being set so I am receiving no POST data from my js.
  7. Ok, So my PHP MySQL update is working fine. If I set the values manually. We don't use GET variables. Error Uncaught TypeError: Cannot set properties of null (setting 'innerHTML') function updateBeneData(step, val){ let benefits_form=new FormData(); benefits_form.append('STEP', step); benefits_form.append('VAL', val); let update_benefits=new XMLHttpRequest(); update_benefits.onreadystatechange=function (){ if (update_benefits.readyState===4 && update_benefits.status===200){ document.getElementById(step).innerHTML=update_benefits.responseText; } } update_benefits.open('POST', 'scripts/Update_Benefits.php', true); update_benefits.send(benefits_form); } Really all I want to do is call 'Update_Benefits.php' from my onlick but I need to pass 2 variables through a POST method in my onClick. my onlcick currently looks like this. onlick="updateBeneData(1, 1)" Obviously i am overlooking something very straight forward.
  8. Thank you. I have never tried to invoke a PHP function from JavaScript before like this. I rarely packaged things up into JS Json in the past most of my work work used direct PHP output or I was getting my data from an API prebuilt.
  9. I am realizing now that the checkbox htmlk is run through javascript. So I know I have to call the php update function from a javascript function. However my rust with js is evident at this point. Here is what I have so far. function Set_Checks($Data_Connect, $user, $step) { if (!mysqli_error($Data_Connect)) { $upd_qry = "UPDATE `Benefits_Steps` SET `Step_".$step."_Check`='1' WHERE `Username` ='".$user."'"; if (!$Data_Connect) { die("Connection failed: " . mysqli_connect_error()); } if (mysqli_query($Data_Connect, $upd_qry)) { header('Location: Benefits.php'); } else { echo "Error updating record: " . mysqli_error($Data_Connect); } } } <script language="javascript> function Update_Checks(con, user, step) { var stepname = "<?php echo $stepcount ?>"; document.getElementById("Benefits_Task_").innerHTML = "<?php Set_Checks($Data_Connect, $usrname, $stepcount); ?>"; </script>
  10. Good day all, I have a function that does not work when implemented onto my app. The function works fine by itself and I verified the action takes place if I just call the function with appropriate arguments. The issue I am having is that the checkbox is being created dynamically and the output of it comes from another page which is included on this page. So... On file called Benefits.php I have a function What I want to happen: When checkbox is clicked, it kicks up a MySQL update query to place 1s in any column with the checkbox checked. I am focused on trying to get this to execute just one at time to verify its function. Benefits.php function Set_Checks($Data_Connect, $user, $step) { if (!mysqli_error($Data_Connect)) { $upd_qry = "UPDATE `Benefits_Steps` SET `Step_".$step."_Check`='1' WHERE `Username` ='".$user."'"; if (!$Data_Connect) { die("Connection failed: " . mysqli_connect_error()); } if (mysqli_query($Data_Connect, $upd_qry)) { header('Location: Benefits.php'); } else { echo "Error updating record: " . mysqli_error($Data_Connect); } } } Based on the output conditions this page generates a package and assigned to a variable on a page called Page_components.php Object generating the actual Checkbox and rest of row data coming from Page_Components.php 'Benefits_Module'=>'<article class="benefits_module %s"><div class="module_information"><div class="task_number"><img src="images/icons/%s" alt="%s"></div><div class="task_instructions">%s</div><div class="benefits_task"><input type="checkbox" id="%s" name="%s" onclick="%s" value="%s"%s><label for="%s"></label></div></div><section class="module_admin_edit"></section></article>', Finally, the while statement producing the arguments/variables for the output are like this. Generated from Benefits.php $Insurance_Task.=sprintf($Page_Bones['Benefits_Module'], $insurance_data['Class_Marker'], $insurance_data['Task_Image_Link'], $insurance_data['Task_Image_Alt'], $insurance_data['Task_Message'].$insurance_data['Task_Links'], 'Benefits_Task_'.$insurance_data['Benefits_Task_Id'], $insurance_data['Task_Name'], 'Set_Checks($Data_Connect, '.$usrname.', '.$stepcount.')', '', ${"Task_Checked_" . $stepcount}, 'Benefits_Task_'.$insurance_data['Benefits_Task_Id']); All of this is being displayed and marked up on page Benefits.php Ultimately this is the error I keep receiving. nefits.php:49 Uncaught ReferenceError: Set_Checks is not defined at HTMLInputElement.onclick (Benefits.php:49:1969) onclick @ Benefits.php:49 As I watch the variables, they are producing the right output into the statement. however, I am thinking it is the way that I am trying to handle my connection string that is does not like? I know it is alot easier to all this from a single page, but this is the workflow here and I cannot change it without potentially ruining other stuff. Is my syntax just wrong? Is my approach wrong? I should note that the arguments being passed coming from that package string are 'Set_Checks($Data_Connect, '.$usrname.', '.$stepcount.')' And it is obiously trying to kick off SET_CHECKS()
  11. I have a search bar for personnel for my company website. I want the search bar to to provide suggested names (based on available names list from a data table) This should provide suggestions based on the user input into the search field. I will have a human-wait-state as a listener to see what potential suggestions are available after the user stops typing for a second or however long. There is form data coming in from the search bar on a page called 'Personnel.php' I don't know if you need to see the form code as it is standard html. I know I am missing a part or 2 in the php search side to allow for the suggestions to come down. I would imagine it would be easier to just look up the user by 'full_name' which is a field in the table instead of cross referencing the ID. This search feature should be string/text based and now using an JQuery. Obviously we can omplish this using AJAX/JQuery but we are trying to accomplish this a different way. let Store_Stuff=null; function find_people(){ let dataset=new FormData(p_search_form); dataset.append('ACTION', '123'); let request=new XMLHttpRequest(); request.onreadystatechange=function(){ if(request.readyState===4 && request.status===200){ if(request.responseText!==''){ ///Do more stuff try{ let content=JSON.parse(request.responseText); if(content.status==='OK'){ document.getElementById('Landing_Zone').innerHTML=btoa(content['content']); }else{ console.log(content.status); } }catch(error){ console.log(error); } }else{ console.log('No connect'); } } } request.open('post', '../Personnel.php', true); request.send(dataset); }
  12. Thank you. Much has changed in regards to built in logic but not too much has changes in regards to coding logic.
  13. Thank you for all of your input. We use Sprintf() here has we only try to pass strings and we have a zero trust policy so everything will be stripped or filtered as such. However i agree with everything that your are saying. Much of this code was written by an employee who is no longer with us and it seems as though much of the application could use some reworking including the data structure itself. If I were to rewrite this app, I would separate the vehicle information and the service records table and just have them referencing each other. I will take a deeper dive in to the dataabase today as well as the functions utilized through.
  14. Thank you for such a fast response. I agree, I probably approached trying to figure out he cause of the problem incorrectly. Unfortunately I have just started this week and will not have direct access to the MySQL Data until Monday. I completely agree that more than likely the culprit is just that the MySQL Query is most likely just not limiting the results to one as I do not see that 'limit' in the query itself. I will also not have acccess to the Dev environment to test my theories until monday either. I think my first step is to get to know the actual data structure and the data inside of it. Run the current Query and see what my set of results is. Narrow it down from there. More than likely, if I limit the results to one record, the select to edit feature will work. Then I also need to address why it is not recognizing that there is already a record with that Vehicle Number already entered and how to handle it then. Again, I probably reached out for help a little pre-maturely without have eyes directly on the data and the database. Thank you for your input. I wish I had better background info. That will come with time and access and some more conversations with the uers themselves. I will keep you posted next week as I gain the access to test out our findings and results.
  15. Hello, I have a select statement that seems to only work 'mo st' of the time. I am trying to correct somebody else's coding in a proprietary application. The function is seyup to allow the manager to select and edit a vehicle, however the Fleet Manager mentioned that this does not seems to work on certain vehicles that seemed to be entered in to the system more than once. I believe the truck number is supposed to be Unique, but I was shown a few examples where that vehicle shows up in the dashboard multiple times, which in turn does not bring up an editable record when selected. I think that there should be some kind of verification that restricts the results to a single(latest) record if in fact there are more than one record returned. Does this seem like a plausible cause for this behavior? I could be missing something entirely. I have only had 1 day to review the code and how it interacts with the users. //case for filling out the edit truck form when a truck is clicked case key_exists('truckRequest', $_POST): $selectStatement = sprintF("SELECT truck_num, oil_due, inspect_date, active FROM Trucks WHERE truck_num = %s", $_POST['truckRequest']); $query = mysqli_query($web_mysql_connect,$selectStatement); while($queryArray = mysqli_fetch_array($query)){ echo (json_encode($queryArray)); } break;
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.