Zane
-
Posts
4,362 -
Joined
-
Last visited
-
Days Won
11
Posts posted by Zane
-
-
1 hour ago, SaranacLake said:
So it sounds like you think the use-case I described above is okay.
Yes! Especially since you're not wanting to use JavaScript, it's as simple as putting links to the same php file but with a query parameter for the category. If you'd use JavaScript, you could do some AJAX magic and just change a portion of the page to reflect the category clicked. That's a bit more involved, though.
-
1
-
-
17 minutes ago, SaranacLake said:
Not gonna answer my questions, huh?
What? A bit impatient, aren't ya.
18 hours ago, SaranacLake said:What I have been asking about is how to make it so a user can click on different "categories" in a side menu and see the related products in that category/group/whatever.
First, you make a PHP script that grabs all products from a database where the category equals whatever is in the GET parameter in the URL
http://mysite.com/products?cat=movies
Then, you loop through the results and display them however you want.
It's also possible that a product is part of multiple categories. In that case, you'd have a table just for categories, and then another table linking the columns to products, and then the products table.
There's really no cut-and-dry answer here. You simply grab the category id or name or whatever identifier you want to use and grab the products from your database based on that category id.
-
17 hours ago, SaranacLake said:
what do you call that area of the website?
There are a handful of those kinds of pages.
Category Listing Page (CLP)
Typically, this is more or less what you'd call a homepage for a particular category where you explain what it is, provide pictures of different products in that category, etc... Typically, the CLP might have a few featured products, but doesn't show them all. Then again, it's up to you. A lot of times you'll find videos on this page, or some kind of introduction to the category.
Example: https://www.burpee.com/organics/
Product Listing Page (PLP)
This is a page listing your products. It's named as a Listing Page because the products are displayed in a list.
Example: https://www.burpee.com/herbs/container-herbs/#sz=24&start=0&type=list
Product Grid Page (PGP)
Whereas, on a product grid page, they are displayed in what you'd described as a matrix. For instance, 5 columns of products, each row containing 5 product squares.
Example: https://www.burpee.com/herbs/container-herbs/#sz=24&start=0&type=grid
From then on out, you just have your Product Detail Page (PDP) for products that were clicked on the PLP/PGP/CLP
-
2 hours ago, SaranacLake said:
Right now, I am trying to lay out (and ultimately code) a web page that looks like the link I pasted above
Sounds like you need to layout your design first and come back with code that you've tried already. You did mention that you have a history with PHP, so gives us a PHP problem to solve.
2 hours ago, SaranacLake said:How does that sound?
I'm not sure what you're asking. Are you asking if your thoughts sound good? Or, are you asking us what kind of effort it sounds like it would take to do such a task? Or, are you just asking how to do it all? So far, all I understand is that you want to show a list of products and filter it by category. You're also not using JavaScript, so you want these links to refresh the page when clicked and load a page with a pretty url like mysite.com/movies using mod_rewrite. It all sounds ... like the fundamentals of an ecommerce website really. List of products, add to cart, checkout, purchase, etc... Yet, you're only focused on the product listing part at this point and are simply asking how a list of products sounds.
-
Are you talking about filters? Drilling down the list of products depending on things like Color, Brand, whatever..
-
11 hours ago, SaranacLake said:
Does the use-case i outline above sound like a reasonable approach?
Yes. It's not only reasonable, it's common practice to do it that way (with mod_rewrite). Off the top of my head, I can't think of any other way to accomplish this.
-
1
-
-
Seems like you're only real question is whether or not you're going about this the right way. While there isn't a "right" way, per se, to do something, this is probably the most popular way. You didn't provide code, so I assume you've already set things up this way, no?
-
How are you generating these links?
-
1 hour ago, ajetrumpet said:
it has no id attribute
Why not? That's the whole point in having an id attribute, to identify it easily. Instead of having to use
textarea[name='LOOKUPADDRESS']you can use
#LOOKUPADDRESSTo get you textarea to populate, though, you'll need to listen for the click of the anchor tag, or modify what happens when it's clicked.
<a href="#nowhere" id="anchor">Click HERE</a> <textarea id="LOOKUPADDRESS"></textarea> document.getElementById('anchor').onclick(function(arg){ arg.preventDefault(); var t = document.getElementById("LOOKUPADDRESS").innerText = "<?php echo $col; ?>"; });
I haven't tested any of this code, so copy and paste at your own risk.
-
You lost me at machines hurting you.
-
6 hours ago, SheenLim08 said:
I did that at the end of the <script> tag
Ah, I completely missed that. I do agree with everyone else though.. Why are you not using a framework for this? With jQuery, you can do a POST request as easy as this:
jQuery.post('urlpost.php', { 'url':'facebook.com' });
Not only that, but you can add a callback function to do stuff with the data returned.
jQuery,.post('urlpost.php', { 'url':'facebook.com' }, function(data){ console.log(data); });
Why go about it in the most antiquated way?
-
You have to send the parameters with the send() function
request.open("POST", "urlpost.php", true); request.send(params);
-
The extension doesn't even have to be .php either. You could have myfile.notphp instead. It's arbitrary.
All you have to do is edit the webserver configuration.
<FilesMatch ".+\.ph(ar|p|tml)|.+\.notphp$"> SetHandler application/x-httpd-php </FilesMatch>
Obscurity only really draws attention though. I mean, if you're a spy trying to blend in, you're not gonna wear a hat saying "not a spy", hopefully.
-
It's been over 10 years since I messed with Authorize.net API. I first used it to allow people to make single secure payments from a web page of mine to a bank account. That's it. Back then, they didn't have all of this fancy new stuff. Therefore, i really don't have any valuable comparisons to give.
Also, I do not consider myself to be anything close to an expert (or even intermediate) level of creating secure systems. I ran a mail server about 6 years ago and that was a total nightmare. Literally, as soon as the server went live, it was plagued with bots and whatever else that started using my SMTP server as an open relay and my IP became blacklisted pretty quickly for spam. I google ad nauseum for how to secure this and how to secure that and what the best practices were, but I was in way over my head with absolutely no budget for anything to help me out. After 4 years of trying to maintain a mail server that successfully sent and received mail with no issues (though, there were still issues), I finally was able to convince my boss to switch to a Google Business account and let them handle all of that guff.
Mail servers are an absolute nightmare that I wouldn't wish upon my worst enemy. I mean, installing SSL certificates is easier than maintaining a mail server. Anyway, this topic has nothing to do with mail servers.
34 minutes ago, SaranacLake said:how secure do you think they are in this day and age of perpetual data breaches
You know, I've never tried to even perform a breach in my life. I've never even tried to breach myself. It's an exhausting realm of web development that I avoid like the plague. Really, what is secure? Unless you're a Fortune 1000 company or something, I doubt you're going to have a hoard of people trying to hack your site; don't flatter yourself. I was a web developer and ran probably the least secure site, in my opinion, but the audience for that site was so minuscule compared to that of large corporations. It's about the same concept as viruses. Most people running a *nix system do not really need to worry about viruses because *nix systems do not take up much of the market share for personal computers. However, Windows is always being probed and poked and molested because it has a gigantic user-base.
In any case, Authorize.net seems to have improved pretty much everything they had when I messed with it over a decade ago. Most, if not everything, of what I utilized is gone or deprecated. I mean, I would trust it.
At the end of the day, though, the most secure you'll ever be able to make your system is if you cut it off from the net. If it's not on the internet, you really have nothing to worry about. If you're not connected to the internet, you're not going to get any viruses anytime soon. I know that's not an answer, but it's a hard truth to accept. Online banking is really awesome in my opinion, but I know that at any particular time, something could go awry and cause my life hell.
-
1
-
-
The would remove any risk unless both your database and Authorize.net's database were breached.
17 minutes ago, SaranacLake said:is it as simple as just passing data back and forth to Authorize.net?
Fundamentally, yes. It's that easy. How you go about it though is up to you. Authorize.net provides sample PHP scripts for sending and receiving the data. It may look intimidating, but you're essentially just creating a JSON object and sending it to Authorize.net, from which you'll receive a response.
In your own database, all you'd need is your usual fields, and then you could add come columns that link it with Authorize.net's customer profile.
So, there's you typical user table
- user_id
- user_name
- user_pass
You could then add a column for the customer profile id that's generated from Authorize.net
- user_id
- user_name
- user_pass
- user_authorize_id
As for the payment profile, you'd store them in their own table, called say... payment_profiles. It would contain
- profile_id
- profile_authorize_id
- user_id
Some people roll their own form of sending data, some people use the official code provided
https://github.com/AuthorizeNet/sample-code-php/blob/master/CustomerProfiles/get-customer-profile.phpThis way, you don't have to hash anything or maintain anything PII related. You'll be able to login to Authorize.net as well and create reports of your customers with Customer Information Manager.
** This is all assuming that you're only using Authorize.net to handle your transactions. If you have other merchants, like Paypal, then you'll need to check out what they have to offer as well.
-
5 hours ago, SaranacLake said:
I *think*, but don't recall since I am learning about my payment gateway, that Authorize.net retains the payment details so I could do the above manually, but that wouldn't be practical, because I am trying to prevent one credit card holder from creating dozens of paid accounts.
If you are using Authorize.net, then you can setup Customer Payment Profiles, using their API. You can then store (or relegate) the customer payment profile id to your users table in your database. Then, you don't have to worry about storing credit cards info anywhere.
Maintaining reconciliation with Authorize.net customer profiles and your own database/table of users can allow you to do what you're attempting to do. Using the API, you can send a request for the current users list of payment profiles. If there are more than two profiles, then you can write in whatever logic you want in your PHP script, for instance, aborting the chance of a transaction from the user, showing them an error message. Everything you need and more is available in their API.
-
1
-
-
Could you explain the scenario a bit more?
Only two accounts per cardholder. So, a single user can purchase cards, and these are credit cards? It's not so clear what your idea is. Please elaborate.
Or maybe, it's a user cannot add more than two cards to their account.
-
Something like this could get your started
<?php $filepaths = array(); $filepaths[] = "/path/to/file/bob-villa-bvilla35"; $filepaths[] = "/path/to/file/jim-bob-dinosaur64"; $filepaths[] = "/path/to/file/abe-lincoln-alinkler"; $filepaths[] = "/path/to/file/michael-jordan-ncairman"; $filepaths[] = "/path/to/file/bart-simpson-eatmyshorts"; $s = "air"; $regex = "#\/path\/to\/file\/([^$]+)#"; $userregex = "#^\w+-\w+-(.*".$s.".*)$#"; $userKey = array_filter($filepaths, function($e) use ($s,$regex,$userregex){ $userString = preg_match($regex, $e, $m); $user = preg_match($userregex, $m[1], $o); if(count($o)) return strpos($o[1],$s)+1; }); $key = key($userKey); echo "The key is: " . $key . "<br>" . $filepaths[$key]; ?>
That would give you
QuoteThe key is: 3
/path/to/file/michael-jordan-ncairman -
There's no black and white way of answering this. You pick your method for security (hashing, encrypting, obfuscating, etc, all of the above) and basically cross your fingers; keep an eye out in your logs for intrusions/breaches. It's a full time job in itself. Lately, large corporations have been breached and they most likely have a team to handle security, yet the corporations were breached anyway. Experian, Capital One, Adobe, Equifax, and on and on. These are corporations that maintain tens of millions of very very sensitive PII. There will always be someone (even multiple people) out there that can breach a security setup if they so please. So, to ask what the "best" method is, is just.. so gray of an area to get into that I can't really explain it.
Also, for the record, you should just not store credit card information, like ever. That's a big liability to take on, a lot of responsibility. There are online merchant providers that can handle that kind of stuff, like Authorize.net. Let someone else host that stuff. If I were in your shoes, I wouldn't be dabbling and experimenting with security on a production level for things like credit cards, SSNs, etc... If you're wanting to get a firm grasp on the intrinsic minuscule details and drawbacks, create a "secure" environment, and try to hack it yourself. It's the only real way that you're going to get such a grasp that you seek on cryptography. Just like learning a new language (spoken or programming), you need complete immersion to catch on quickly. Otherwise, you may spend a decade or two just asking questions on online forums until you believe you're satisfied with what you know.
Anyway, as requinix has said, just use password_hash(), use salts, use "random" numbers. The idea is to take some piece of data, and run it through an irreversible algorithm that creates the hash. Then, to verify data, push the input through the same algorithm to see if it results in the same hash.
-
18 hours ago, requinix said:
Do you understand HMAC? SHA512? Salting? Fully? Like are you willing to apply for some sort of certification regarding cryptographic knowledge?
17 hours ago, SaranacLake said:Would you agree that bcrypt is probably one of the strongest ways to hash something in 2019?
I don't think requinix could have put it any better. Unless you're doing a master thesis on this stuff, there's really no point in asking such questions. There isn't so much one that is "better" than the other, they're just tools. It's up to the developer/engineer to use them as they see fit. MD5 has its bad rap, but perhaps someone needs it for whatever reason.
If I asked you what the best hammer to use for 2019, then you would get a myriad of answers and opinions.
-
So, if I'm understanding correctly, you have this HTML
<p>This is my question 1,</p><p>This is my question 2,</p><p>This is my question 3,</p><p>This is my question 4,</p>
And you want to turn it into this?
Array ( [0] => "This is my question 1" [0] => "This is my question 2" [0] => "This is my question 3" [0] => "This is my question 4" )If that's the case, then you can just load it into a DOMDocument, something like this.
$dom = new DOMDocument; $dom->loadHTML("<p>This is my question 1,</p><p>This is my question 2,</p><p>This is my question 3,</p><p>This is my question 4,</p>"); $paragraphs = $dom->getElementsByTagName('p'); $paragraph_values = array(); foreach ($paragraphs as $p) { $paragraph_values[] = $p->nodeValue }
-
@Chrisj What have you tried so far. It sounds like you're just grasping for an understanding of how to do what you're wanting to do with no knowledge of how to use the guidance given to you. It's as if you're asking us how to fly a rocket-ship, yet you have no rocket-ship at all. Or, how do I use a book binder without even owning one. There's no substance anymore to your questions.
What is hashing?
Hashing is when you take an object (a string, an array, a file, etc) and run it through an algorithm that returns a 32 character garbled string of "random" letters and numbers. It's irreversible. Well, there are ways of speculating what the hash came from, but that's an entirely different realm -- security.
Anyway, try something first and then come back telling us what you've tried. At that point you should be able to ask a clearer and less broad question.
-
1 minute ago, Barand said:
My cat [...] puked all over the keyboard
Yes another reason to stop watching the video.
-
The viewer make have taken off their glasses or been stabbed in the eyes. Perhaps the cat walked in front of the computer screen.
Implications of entity one-to-one relationships
in PHP Coding Help
Posted
Cars contain a motor. Motors do not contain cars.
Therefore, put a column for motor in the Cars table and link through the various motor ids.