Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by gizmola

  1. One more thing that might help: It looks like it may be possible that the issue is related to the use of XFrocks, which is some sort of commercial addon to Xenforo.
  2. Educated guess: Xenforo? From what I can see it's a commercial closed source product. It seems a day doesn't go by where I find out about some php based product I've never heard of, that has a business built around it. If my suspicion is correct, there is very little help anyone here can offer, as it is unlikely anyone has any experience with it. My best advice would be to find an experienced PHP dev, and probably one who has familiarity with Xenforo. Your best chance of finding such a person, whether it be free advice or someone you can pay to help you figure out your issue, is going to be on the Xenforo Community forums. As requinix already stated, if it is not xenforo, the first thing we need to know is what forum software you are using. Be candid and provide details if you want further help. Things like the os of the server, version of php, and version of the software being run are important.
  3. Now that you have clarified, when there is a link to your site, and you click on that link in another tab, it is going to open a new tab, because it is a separate request. It is not going to override your existing session. If your goal is to make the work in progress in the first session visible to this new session, then you should 100% stick with using sessions. It is the only way you will provide a good experience across instances. I would also pair that with ajax, so when people add an item to the cart, you don't require a submit. The important thing is that during the ajax call you will store the state of the cart in your $_SESSION. That way, any new browser session will have the current state of the cart. Utilize your form post purely for the finalized submission of the cart.
  4. In most UI's all of this would be done with ajax. You have your UI visible and user enters an sku (ajax call runs), no submit necessary. User clicks a delete/remove button for an item, that would also be pure javascript (DOM manipulation) I would only have a traditional form submit for the finalized/order process. The more you describe these links the more it sounds like it could be handled purely by javascript. Write some javascript to handle the onclick for your links so it opens a new tab/window. You can try to use a "popup" but many people have popup blockers installed. Another option as I mentioned, would be to use a frameset, and have a hidden iframe that you load those linked sites into and display. Either way, it shouldn't interfere with the processing of your site. Last but not least, sessions are just a feature of the php server. They don't require login (but I have to think you knew that because you were already using them). If you don't like the idea of a block of 15 lines of code or several blocks, that's not unusual. Put them into a few functions. This is really what I meant in regards to structure. Breaking things down into functional units is the best way to start to eliminate any confusing logic concerns or reliability problems. This also makes creating unit tests even more viable. Writing a couple of unit tests for a couple of functions is not a big investment of time, and would go a long way towards giving you a comfort level in regards to your system. Even if that's beyond your current level of capability, writing functions surely isn't, and of course makes those functions reusable. At this point, we would really need to see some code from you to provide much more of value.
  5. There's a lot to unpack in your question, so I'll try and address a few things. As Barand already suggested, Ajax is the standard solution to this problem. Another possibility would be to use frames and have the lookup occur in an iframe. Without seeing your UI It's hard to understand the modality issue or possible solutions to it. This sounds like a "you" problem. Using sessions does not require 1k lines of code or anything close to it. If you have structure issues or something that doesn't work correctly, that probably relates to the structure (or lack thereof) in your code. One other issue that does sometimes crop up with manual regression testing, is that you can get into a situation where you are doing things that a normal user will never do, because you are repeatedly testing things with your browser which engages your local environment, making a session cookie and one or more sessions on the server. Unit tests and automated testing tools are valuable in separating things, because they offer a fresh client environment and repeatability. With unit tests, you avoid environmental issues entirely. If you are only able to do manual regression testing at this point, one suggestion I would make is that whenever you are doing testing, engage Incognito mode for that testing session and exit it when you're done. From a usability point of view sessions offer a feature that you can't get with pure HTTP GET/POST, and that is server side storage of values that is both "secret" and persists as long as you want it to persist. If someone accidently closes the browser or tab entirely, everything will be lost, whereas with sessions, they can get back exactly to the place they were. So beyond the out-of-band issue you currently face, sessions can facilitate many usability features that can only otherwise be handled in any form with some combination of cookies and POST/GET variables. Of course Sessions do rely upon a session cookie, but that should be, once configured, completely invisible to you, whereas direct cookie handling requires a detailed understanding of HTTP and how/when cookies can be set.
  6. Most decent editors show you syntax errors as you edit. What are you using? You can also use your command line php with -l for linting. php -l /path/to/script.php
  7. Same. I find the redefinition of things like !== and <= especially problematic. I don't want to have to learn a whole new symbology. There's also the portability of this (or lack thereof). There are a lot of different fonts out there you can use with your editor, most of which are free to download. Of course if you really love the font even without ligatures you can turn them off in the editor.
  8. The last screenshot I saw was of a bunch of broken image links. That suggests a couple of possible problems: Your database code is wrong and the image names are null/empty/wrong. the images are not available in "webspace" relative to the webroot. Pretty much any browser (chrome/firefox/safari/edge) has webtools that are either built in or available via plugin/configuration. You need to look at those broken links and determine which of the two problems I listed is the one effecting you. Since these images are being stored statically, what is a valid url in your your img src attribute that will display any of the images you know are there. Put in the raw html and insure that an image displays. At that point you just need to conform your code to integrate the variable image file name being stored in your database table. One thing that jumps out at me is your problematic use of a relative path to images. This is not what you want: <img class="w-100 mb-2 bg-dark" src="uploads/1.png"> What you want is a path relative to the "webroot" of your website. The webroot is a concept created by whatever is serving your website. Things from the webroot on down the hierarchy define "web space". Web space is what is exposed to clients browsing your site. So let's assume that your server directory structure looks like this: / └── var/ └── www/ └── yoursite/ ├── upload ├── images ├── js └── css Your webroot configuration for "yoursite" would configured within your web server to be "/var/www/yoursite". This means that to reference an image name 1.png in the images directory, one would use this relative path (from the root). <img class="w-100 mb-2 bg-dark" src="/images/1.png"> Notice the leading backslash! That indicates the root of the site, and for static assets, you want to use a path that is relative to the root, not to the location of whatever html page this markup is in. All of this has to do with how html and web servers and web browsers work. You can certainly have problems with your PHP code running on the server, but you can also have code that is essentially working, but is outputting bad/broken/problematic markup.
  9. I agree. There might come a time when you have problems you can't fix with a reasonable amount of effort, particularly if those problems are in libraries where you can't upgrade, but for anything new, you should just fix the issues, or as many as you can. Turning all the messaging off means you won't even know about many of the things that should be addressed.
  10. A standard array variable definition is either: $table = array(); // or $table = []; This is your code: //Fetch the result into an associative array while ( $row = mysqli_fetch_assoc( $result ) ) { $table[] = $row; //add each row into the table array } You should realize that the problem with the code you wrote, is that it might never enter the while loop, which appears to be the problem you are having. Probably you are getting an empty result set, so the loop where $table gets an assignment is never entered, and thus $table is undefined prior to trying to pass it to count() after this loop. You can (and should) make this error go away by simply adding an empty array assignment to $table, prior to the loop. Fixed $table = []; //Fetch the result into an associative array while ( $row = mysqli_fetch_assoc( $result ) ) { $table[] = $row; //add each row into the table array }
  11. Just based on the title of this thread: error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT Do you understand what the & and ~ do here, in terms of bitwise operations? Hopefully you understand that this starts with everything, and suppresses notices, deprecation messages and "strict" checking. Warnings are covered by E_WARNING. So if you truly want to suppress warnings, then you should have: error_reporting = E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT Changing settings in a script doesn't always work, depending on the type of error in your code, and to Barand's point, doesn't make sense in most cases, when you can just make settings what you want them to be in the .ini.
  12. It looks like you might be coming to PHP from javascript. There are a few things to keep in mind: PHP has "page scope". Since PHP is running on the server, a PHP script is loaded, executes and ends as soon as execution has completed. Variables declared in a script are not available inside functions unless you declare them using the "global" keyword inside the function. Exceptions to this rule are "superglobals" created by PHP like $_SESSION, $_GET, $_POST, $_COOKIE and in fact there is a $GLOBALS variable. Using $GLOBALS is a way around having to use the "global" keyword Functions, classes definitions etc. are available to be used globally once declared. To be clear these are not variables, however. If you instantiate an object, it is not available inside a function. This is not really a PHP best practice, but a generally acknowledged best practice in all programming languages. Functions should use parameters to access variables, and return a result. This avoids the common bug/pitfall of "side effects" that can easily occur when code manipulates global variables. In an ideal world, you have unit tests for your functions, and in order for those to be of value, you want isolation of data going in and coming out of a function. If a function doesn't return a result, you can now return "void", so with the available syntax, you can always declare a function return type in your function definitions. I understand the appeal of writing functions that echo output, but with the availability of php template libraries like twig, or just the use of "PHP templating" you can avoid functions that send output, even if these examples use that. Here's way to do what you are asking to do, even though it is ill advised: <?php $foo = 'Foo set'; function myfunction($name) { $GLOBALS[$name] = "Hello world."; } function myFunction2($name) { echo $GLOBALS[$name]; } myfunction('foo'); myfunction2('foo'); // outputs Hello world. With that said, here's sane rewrite of your examples: function myfunction(): string { return "Hello world."; } function myfunction2(string $name): void { echo $name; return; } $var = "testname"; $var = myfunction(); myfunction2($var); I realize this is not really what you were looking for, and yes PHP has "variable variable" syntax, that people avoid using. One of the reasons for this is that you have other far better options for organizing data (arrays/objects). PHP arrays offer features that many other languages only implement via separate constructs (ie. javascript array, map, set). PHP arrays can be declared and/or accessed either via their 0- based element order, or by array key. So you can have code like this: function printLocation(string $key, array $location): void { $element = $location[$key] ?? 'unknown'; echo "The value of $key is $element\n"; } $location = array(); $location['city'] = 'Albany'; $location['state'] = 'NY'; $location['longitude'] = -73.756233; $location['latitude'] = 42.652580; $display = ['city', 'state']; foreach ($display as $value) { printLocation($value, $location); } // Returns // The value of city is Albany // The value of state is NY Hopefully this illustrates why PHP arrays have great utility as intermediary data structures, and also why the "variable variable" features of PHP aren't used, and should be avoided.
  13. So it appears that you require at least one variable here. Are you using PHP? Where is your PHP query code, because you have to be using either PDO or MySQLi, or some wrapper of one of those like DBAL. I'd expect something like this (PDO Example): $query = "SELECT * FROM History WHERE entrydate BETWEEN ? AND ? AND action = 'Outgoing Record Recorded' AND interface = 'Outgoing Stock'"; $stmt = $pdo->prepare($query); $stmt->execute([$fromDate, $toDate]); $user = $stmt->fetch(); Make sure you know when to use a single quote ( ' ) and when to use a backtick ( ` ) in a mysql query. Backticks go around mysql table and column names. They are optional, but may be needed if you used a mysql keyword as a table or column name. Most of the time, you don't need to use backticks.
  14. I think you missed the point of my question. You have a field named "acs_admininister in ACS and you have a field named "ap_administer" in app. Then to top it all off, you state that you have magical app # 3, that you will also query all the time. Why? If a user is a "superadmin" who can just do everything, then why don't you just have a column in User named "is_super_admin"? As it is now, you repeatedly and inefficiently are doing a query against a table that will hardly ever change for no reason. As for an app, what is the purpose of ap_administer vs. a user with acs_administer? Why do you have both columns? You have several major relational design mistakes, the most obvious being repeating groups. You have employed repeating groups in both the ACS and the App table, which makes trying to optimize anything pretty much of a lost cause. But you also have a design that does almost nothing for security, because you don't have anything that represents a feature to be secured. I was hoping you might see the problem? Yes you have a bunch of items that are another "repeating group" in app, although it is impossible to tell if any of those represent "features", but even if they did/do, there is nothing database driven that anyone can use to determine in even a semi-sophisticated way, whether or not someone should have access to do something in your system. There is no granularization possible. If I have "modify" does that mean I can add/edit/delete all my data? What about other data? Is there some data I should be able to add/edit, but other data I shouldn't be able to? Maybe some things I should delete but other things I shouldn't be able to? You don't have a sql optimization problem, you have a database design problem. You have an inept database design for security purposes, and you can combine and reduce the number of queries (which might save you a few hundred milliseconds), but that doesn't really change much internally from a database efficiency standpoint, and what is worse is that your security scheme does almost nothing useful, and doesn't make sense. The code you build upon it, is not going to be valuable, maintainable or extensible. I know this is blunt, but I think the best value I could bring to you here, is to just be brutally honest. Here is an adequate normalized multi-system ACL schema. It tries to maximize reuse across applications by having the main string keys (role name, access_name) in tables so that those standard names can be reused, which makes this look a little more complicated than it actually is. The important things are that an app_access record is something to be secured for an app. These get grouped up at app setup by role. So you configure all the accesses a non-authenticated user should be able to do see/do. Then all the things a normal user should be able to see/do. In normal operation functions are simple: - Users get one or more roles assigned to them, based on whatever logic you desire. -You query the database for a user user ->role(s) ->app->accesses -You have simple unit testable function for access that only needs 3 things: app_id, user_id, access_name.name Let's imagine that function was named userCanDo($appId, $userId, $accessName). Your only "magical" access would be a bypass based on someone having a "SUPERADMIN" role, which just needs a "IS_SUPER_ADMIN" access for an app. Access would boil down to something simple like: if (userCanDo($appId, $userId, 'IS_SUPER_ADMIN') || userCanDo($appId, $userId, 'THING_TO_DO')) { // Proceed } else { // Show Access Error } I don't expect you to adopt this system, but at very least you should be comparing the functionality, simplicity and configurability it provides, to what you are doing, and noticing the significant differences as well as missing pieces in yours.
  15. It's not clear at all how/what you are trying to secure. Why do you have a separate app for "admin" purposes which requires a relation through acs? What is the purpose of admin then?
  16. Laminas has a flexible generic acl component based on roles and permissions. You might consider using it and save yourself a lot of time? https://docs.laminas.dev/laminas-permissions-acl/usage/ Laminas was formerly Zend Framework, and has a lot of well known PHP developers working on it. It's highly de-coupled, even to the degree that the acl system leaves storage and retrieval of your acl's so you can use it with any scheme you might currently have for persisting data.
  17. Regex can do amazing things, but it will never be simple and elegant. Here's a relatively simple regex solution to your question, with a single capture group. I can't speak to relative performance vs. Barand's solution, or perhaps if there are issues with the input that weren't clear to me. (\([^(]*required.*?\))
  18. This also reminds me that I recently came across this channel, and he provides some of the best modern PHP topic tutorials I've seen. Very lucid explanations and examples. These might help you climb the mountain of stuff I brought up: While there is mention of PHP8 for a lot of these, most if not all the material is relevant to 7.4 as well, and even earlier versions, although they are all pretty much end of life at this point. I didn't watch this one, but it looks promising for the email topic:
  19. Glad to have been of help. Lately I've been doing quite a lot of email configuration and administration, that just reminds me how important all these different elements are for email delivery. Being able to setup SPF records correctly, reverse DNS, DKIM (which also requires some substantial sysadmin configuration if running your own MTA) and topping it all off with DMARC, is a great reminder of how complicated email sending now is, especially if you don't want your emails rejected. I was just debugging something that involved IP's on a couple of RBL lists due to spammers coming from a few hundred of over 100k ip's the hosting company controls. What a nightmare!
  20. Well yeah, it looks like someone is using curl to generate a request that is hitting your server, and the http "Host" header, that is supposed to be a Host:port combination, is passing a string with those variable contents. Probably it's some sort of exploit attempt. Laravel seems to be catching this and throwing the exception, which is what you want to have happen here, so -- yeah laravel! The IP is coming from Indonesia, and has a lot of abuse reports filed against it here: https://www.abuseipdb.com/ If you see this is consistently coming from there, you might want to IP ban them, although in my experience, like roaches, once you ban one, other client ip's will appear, as these are bots. I still IP ban on a frequent basis, even though I know it's only a minor deterrent.
  21. At minimum, I think we will need the structure of your table(s). We need some typical/sample data Need to know the structure of a $RowItem You need to further explain what you mean by "when it finds a cell with 0 value to use previous value thats not 0." What is "it". How rules exactly, will dictate a value to replace a "0" and why is that needed?
  22. If this is the code you have, I will reiterate that it is invalid: $ip = $php_path.'GetUserIpAddr()'; You can't refer to a function in a file like this. The function is in your 'GetUserIpAddr.php' script if I recall, so you have already included that code in your config.php. All you need do is use the function -- it is available globally. $ip = GetUserIpAddr();
  23. Foxtest: Please start a new thread. The error you posted has nothing to do with prior changes you made. Most likely you have a .htaccess file, with some rewrite rules in it, and something is wrong with directives you have in your .htaccess file, or your server isn't even setup to support mod_rewrite, although more than likely it is, and there is some other issue with the format of your directives.
  24. Ok, let me clarify a few things for you. There is no such thing as phpmail. You are introducing confusion thinking that such a thing exists. PHP has a mail() function, which is somewhat configurable via the php.ini. By default it pipes mail input directly to whatever the local "Mail transfer agent" aka "MTA" is. The MTA is operating system dependent, but it's some server process that implements Simple Mail Transfer Protocol (SMTP) which is the protocol mail *servers* use to send and receive emails. Whether or not those emails actually get sent as expected or received, after mail has been called, has many complicated issues associated with it, and is the domain of experienced email system administrators. In your case, that is entirely within the purview of Network Solutions. I will offer just a few issues: To send email requires DNS, specifically MX records for a domain. In most cases systems are not sending email directly out of a specific application server. They instead are using the hosting companies email servers. To send email on behalf of a domain requires at very least SPF, and increasingly DKIM setups for the email servers on behalf of a domain The network solutions script is a red herring. We need to see what your script is doing. There are many ways to send email. We also need to understand more about these emails you send. What is the from address? Is it from you at your domain? What do the headers look like for the test emails you can send out? Is NS proxying your emails for you? What code packages the "html" version THe RFC's for how emails work has specific requirements for what an email is supposed to look like. An "html" email is not a replacement for a standard email. Technically an html email is just a attached version of the email that should be packaged with an original ascii only version. Email clients then will retrieve the html version and display that. Many email systems are highly fault tolerant, and not unlike the way browsers will tolerate broken html and still display something for you in most cases, that doesn't mean you should or your software should ignore the standard and correct format for emails. It is never correct to take code that would send an html email and then just add html tags to the body and send that instead, even if it has worked for you to some degree in the past. Some email systems will reject that email outright and you will likely never know that they were rejected. Some mail clients won't work or the email will look bad. Viewing html emails is actually a choice for the email client. Some people use clients that don't render html or they intentionally turn it off. That might be the minority, but it is another reason to have a properly constructed email. You really have a number of issues: You have limited control of your hosted environment? You aren't an expert on how email administration works or php You're running a really old script on a version of php that has been End of life for a long time You don't seem to have any test environment, so you're experimenting with your production environment, with limited visibility into that Apparently your script has some bugs, but again we haven't seen it, or any portion of it. To summarize. Yes you should use PHP 7.4 (at minimum). That is the *oldest* supported PHP version available. You might very well be better served by using one of the many current supported PHP mail libraries rather than something as low level and hosting dependent as mail(). For example, many libraries actually implement SMTP themselves, and give you a lot more control over the process of sending emails programmatically, while at the same time insuring that the delivered email data is actually compliant with email standards For any email sending you need a good handle on the questions I raised previously (how will you actually "send" email, in terms of what user@domain the email is coming from. Is this from your domain, and if so, is the email setup for the domain valid and workable. Anyone can setup something that "delivers" emails via smtp that will promptly be rejected or accepted and deleted with you never being the wiser. Here is an article talking about the best known php mailer libraries. The ones I would suggest considering are listed below. phpmailer https://github.com/PHPMailer/PHPMailer Probably this is the library you should use in renewing your existing email script. symfonymail https://symfony.com/doc/current/mailer.html This took over for the popular swiftmailer you may see mentioned as an alternative The php Composer tool was released a decade ago. There is no excuse left for a project that is not using composer to manage your dependencies. This is also why you probably need a dev/test environment within which you can run composer. Composer will download and manage your dependencies. It will build a standards compliant autoloader for your application that you include so that class libraries like phpmailer can be properly autoloaded Porting your email script is probably the path to getting something reliable and supported. I hope this helps you start moving yourself in the right direction. If you want to start answering some of the questions I posed, and need help and advice in doing so, feel free to follow up. Sending email seems simple but it has become a very complicated endeavor over the years, and like many things that seem simple on the surface, have a lot of hidden complexity to them, especially when things go wrong.
  25. I don't have any specific recollection of such a thing, but a lot of things have changed in the css world, most notably the standardization of flexbox and grid that make older techniques and tricks of css layout obsolete. You just don't need those things anymore when flexbox or grid can take care of your layout needs with simple, consistent and easy to understand syntax. There was a time when you needed to know the ins and outs of floats and clear fix, and other arcane tricks of css, but that's basically obsolete knowledge. People also use to use tables inside tables inside tables to get their "pixel perfect" layouts, but that also has given way to a focus on creating layouts that adapt from desktop to mobile. This guy (Kevin Powell) has become well known in the css/web design world, and he really knows his stuff. This video covers flexbox. If you work through the examples with him, you will learn what you need. He also has a corresponding Grid video. If you want something more interactive, lots of people love Scrimba, and in particular Per Borgen, who is one of the Scrimba founders. He happens to have a free scrimba course covering grid and flexbox, so that is another way you can learn flexbox, if you want something more interactive. The free Scrimba Grid/Flexbox course is here: https://scrimba.com/learn/cssgrid
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.