|
PHP - Single Task/route Tokens
I am using JWT for an API authentication and like them. Previously, I would query both some GUID and the user's ID (which wasn't their PK but a unique key per GUID), but now I just include both the account and user's DB PK in the token. Also, including something regarding the user's permissions, however, I still haven't bought into this approach as I don't know how to deal with changing permissions and still having some JWT with different permissions floating around. I suppose I could save the JWT's timestamp in the DB, but that seems to eliminate the benefit of token expirations... Sorry, back to the question at hand. I now have a need to provide emails with a reduced subset of endpoints to either view some resource or update some status. I don't want to make the user first go to some website and then include the JWT in the header, but instead just a single click action. Problem is now I have their JWT which is effectively their password in some email which isn't ideal, and their is no way to ensure that the specific user was the individual that viewed the resource or performed some action. Then I thought maybe I would make some common low access JWT and use the exact same GET routes as I would do so normally and create some new GET routes to emulate main application POST/PUT/PATCH routes. Before going down that path, I would like to investigate other solutions. Often single use tokens are used to reset passwords and other actions which should only performed once and this is not my need but maybe close. I am thinking of creating a token that includes the actual resource path with URL parameters along with the HTTP method. Since everything is in the token, I wouldn't need a typical REST path to identify the resource but would have a single endpoint to retrieve them. I searched for related information and didn't find anything which makes me concerned I am going down a rabbit hole. Any thoughts on how to implement this? Thanks Similar TutorialsI have noticed that many websites and php software generate a random token and put it in a hidden form field to be sent to the php page that gets the form. I was just wondering, if anyone knows how this makes a php script more secure? And is it worth it to put this in my application? I have read up a few tutorials on this, but it doesn't specifically say why this is more secure than not having it. The only reason I could find is that it helps making sure you don't make duplicate form submissions, however, I have always gone around this through by redirecting the user to a page saying the form was submitted successfully. Cheers for your help. Im creating a token system where if a user uploads notes they get tokens and can download other peoples notes. My problem is I am not sure where to store the information for who has bought the note for future download. Should I store the information in the database under the table that looks after the notes, in its own table, or in a file that has arrays of the Note names and the users who are allowed to download it. I figured the best way would to have it in the db table that looks after the users but im not sure how I would get about making it so that every time the user bought another note I didnt have to add a new field. Hi Is it necessary to hash stored access and refresh tokens that are stored in a database. Both these tokens have limited lifespan (access token - 20 minutes but refresh token is 14 days). The reason I ask is I have hashed the tokens using the password_hash function but a user can have multiple active sessions if they want (so there is a sessions table with user id (not username), access token, token expiry date/time, refresh token and refresh token expiry date/time. So in order to refresh the access token I have to do a look up to see which session it relates to, what I have found is that I must retrieve all rows where the refresh token hasn't expired and then run password_verify against the tokens stored with the tokens provided to check each session to see if they match. What I have found is that it takes a while to run the password_verify function (by design I think) for each row (could be many if the users has been silly and logged in lots of time) which would cause an unacceptable delay when calling an API with an access token that needs refreshing (my tests resulted in times upwards of 30 seconds for a user who has around 10 active sessions). If both tokens were not hashed the same action to refresh a token for a user who has 10 active sessions takes less than a second which is much more acceptable. Edited December 15, 2018 by mds1256I need to develop a web based bulk SMS application to integrated into my existing website which is written in PHP.
That means I shall use my authentication script to lock it down.
The application should be able to pull phone numbers from MYSQL database, and from a specified list.
If you can do this or need more information, reach out to me.
Thanks.
Hello, I am hoping to get some advice on how to make my code work. What I would like to do is display a "you are already subscribed" message if the user experiences error 1062 (duplicate entry) and die, or if it's a different error that occurs I would just like it to display the raw error message and die. I've tried it this and way and that but I'm stumped (obviously I'm also pretty new to this). Here is my code: Quote <?php $con = mysql_connect("localhost"); if (!$con) { die ('Could not connect: ' . mysql_error()); } mysql_select_db("subscribe", $con); $sql="INSERT INTO subscribe_init (id, notes) values ('$_POST[id]','$_POST[notes]')"; if (!mysql_errno() == 1062) echo 'You are already subscribed.'; elseif (!mysql_query($sql,$con)) die ('Error: ' . mysql_errno() . mysql_error()); else echo "Thank you for signing up!"; mysql_close($con) ?> Any advice is greatly appreciated. Thank you! How to draw the path of individual planes that avoid the intersection of their paths for safety and optimization of routes?!
Note:
Same number of planes. ( = M )
Same number of coordinates for airports ( junctions ). ( = N )
Add new points to avoid Intersection of paths of the planes!
flights 12 1.JPG 16.44KB
0 downloads
flights 12.JPG 16.08KB
0 downloads
Edited by Vamsi19, 17 September 2014 - 10:57 PM. i want to make virtual money (credits, tokens) whatever you want to call it but make no mistake this is not for profit at this point but i like the concept of visitors having something to do with other members of site for example to kill bordom and create a reason to play games, compete in competetions, it will have to conversion to real money at this point but i wish to do this script using php and mysql and have very basic coding skills in these areas anyone please help me make this script... reply and let me know if you like this idea please help me as this is achievable as fb has it and more sites are moving toward these same ideas, even tho fb is real money it is more to do with fun at this point until we do this stage another stage canot proceed it. Hi y'all. First off, posting this here to hopefully avoid the noise that's happening in the Applications sub-forums, so mods please feel free to move if it's too inappropriate here. Anyway, I'm currently doing a skills assessment for a potential new job in Laravel - if I wasn't using Laravel I would've been done hours ago, but one of the requirements is Laravel. Honestly, for the most part I dig it - it's pretty simple, despite it's reliance on magic. Anyway, I've written a couple API routes and when I visit them in the browser everything works exactly as expected and desired. However, when I run the pre-built test file, I get a Symfony\Component\HttpKernel\Exception\NotFoundHttpException for /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php. The route as defined in api.php:
use App\Http\Controllers\User;
/**
* I tried using a Resource Collection here - there's obviously something about those
* that I'm missing, because it actively refused to do anything worthwhile. I'd pass in
* UserModel::with('timelogs')->get() like I use in \App\Http\Controllers\User::getTotalSeconds(),
* and it didn't care. Just printed out absolute garbage, no matter what I fed to it.
*/
Route::get('/user-timelogs', function(Request $request) {
$u = new User;
return $u->getTotalSeconds();
});
And the controller code:
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\User as UserModel;
class User extends Controller
public function getTotalSeconds()
{
$users = UserModel::with('timelogs')->get();
$ret = [];
foreach($users as $user){
array_push($ret, [
'user_id' => $user->id,
'seconds_logged' => $this->calculateTime($user->timelogs)
]);
};
return json_encode($ret);
}
private function calculateTime($logs)
{
$totalTime = 0;
foreach($logs as $log){
$totalTime += $log->seconds_logged;
}
return $totalTime;
}
}
The model file for good measu
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
use Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password', 'id',
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
/**
* The attributes that should be cast to native types.
*
* @var array
*/
protected $casts = [
'email_verified_at' => 'datetime',
];
public function timelogs()
{
return $this->hasMany('App\Timelog');
}
}
Again, when I visit localhost/api/user-timelogs, the user IDs and correct total of seconds is right there. It's just in the test file that it's an issue. Anybody have any ideas? Edited September 21, 2019 by maxxdwas totally not done typing... Hi;
I have succesfully managed to route all the traffic to the file controller.php using this command line of .htaccess :
RewriteEngine On RewriteRule (.*) /var/www/html/site/controller.php [L,QSA]Now how to tell the controller.php to process the url that was passed. For example i have tried that: controller.php :
<?php
include( $_SERVER["REQUEST_URI"] );
?>
but the controller.php didn't do anything i keep getting a blank page when i browse any webpage such as site/index.php
so how to tell controller.php to echo the content of the request ? because the user shouldn't notice any change as if there is no controller.php.
Thank you.
PHP script return 20 UL LIST values like, < ul >
A < /ul > How to display UL LIST into row wise 5 columns like
A B C D Hi, I've been scratching my head for a while now about how to do this, I'm relatively new to php and mysql and perhaps foolishly taking on creating a user area for a website. I have everything else working, all of my register account functions and confirmations and all of the login scripts etc. I have created a profile page which returns various information to the user (this bit works fine) and I've got some nice show/hide toggles running with some javascript/css but my intention is to allow the user to change thier information (e-mail address, contact phone number and also whether they are subscribed to the e-mail list), it also displays any support tickets or messages. So after the long intro, here's what I'm struggling with... I have a form in a visibility toggled <div> which submits a 'change_email' script, so a user wants to change their e-mail, clicks on change, the <div> appears, they bang in the new e-mail and hit submit. My php script appears to work (because it doesn't throw up any errors), until you realise that actually it's not updated the record in the db... I'm using mysql_query("UPDATE users SET email='$new_email' WHERE username='$user'"); Do I need to setup variables for all of the information in the db (name, username, password, email, contno etc etc) and include them in the command to get it to work or should that just pick the correct record and then update it? If that is the case is there a way I can include 'blank' variables so I don't have to set them all up... e.g. mysql_query("UPDATE users SET user='',password='',email='$new_email', etc WHERE username='$user'"); Many thanks in anticipation EDIT: It would seem i placed this in the wrong section. Can we have a mod move this? I'm gonna go ahead and admit that this is a task that my school left me for my course in PHP and mySQL but i won't just ask for someone to construct the code for me but just to give me advice and assistance in my code. What i'm trying to do is request a number from a user and generate random integers between 1 to 100 as many as the user specified. The task told me to place all the numbers in an array and that i can use a foreach loop to go through and indicate what numbers are lower than 50 and what is higher than 50. The output should be similar to this: All your numbers: 45 23 14 79 99 22 56 Numbers lower than 50: 45 23 14 22 Numbers higher than 50: 79 99 56 This is my code: Code: [Select] <!DOCTYPE html PUBLIC "-//w3c//DTD XHTMLm 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmnlns="http://www.w3.org/1999/xhtml" xml:lang="sv" lang="sv"> <head> <meta http-equiv="Content-Type" content="text/html; charset="utf-8" /> <title>Task</title> </head> <body> <?php $Nummer=$_REQUEST['nummer']; for ($count=1;$count <= $Nummer; $count++){ $testSlump = rand(1, 100); echo $testSlump . "</br>"; } $testArray = array($testSlump); foreach ($testArray as $n) { if ($testArray > 50){ echo $testArray . echo 'this number is lesser than 50'; } } ?> </body> </html> I've googled, read through the litterature but none seem to help me. I thought to myself that one solution might be placing all values generated in a for loop in an array and then using the foreach loop to confirm what is what. Class notes and our schools PHP help site doesnt have anything that would help me finish this task. How do you place for loop values in an array? (if i'm on the right track) Any help etc is greatly appreciated. wanting to take a variable and use that variable to search my sql table for another variable
example : (from outside prog XXX is sent in as 'killacct')
$killacct = $_GET['killacct'];
now take 'killacct' and search table 'blahblah' for the row 'variable'
so if the table was
killacct = XXX | blahblah = YYY
so then i can pull a second variable from my first one
XXX is associated with YYY
sorry this was probably really hard to understand im very exhaused lol
hi. i want to send an email with php, but i need this email should be a task invitation in outlook. i searched at google, but i couldn't find anything that solves my problem. any ideas? thanks in advance.... I have a client that has a youtube video on his page that he changes everyday. I have been wrestling with being able to allow him to login to an admin page, that returns a simple form for him to input the new video id from his youtube link which then posts to a txt file. This text file is then included in the html for to supply the correct youtube video. Basically the way it is now the html page has Code: [Select] <iframe class="youtube-player" type="text/html" width="566" height="266" src="http://www.youtube.com/embed/Video Id Here" frameborder="0"> </iframe> Now I have been completely unsuccessful just creating a form that will let him change just the "Video Id" so we have been working on copying and pasting the entire iframe code in the form. My first attempt created backslashes in the txt file where quotes are, I then added stripslashes to fwrite and that posted nothing to my txt file. So I'm not sure if the code I have is worth a spit or if I should restart with some assistance. My main goal (if achievable) is to remove the iframe code from the html page and use a php include to include the text file that has the iframe in it. Then create a page for my client to login to to paste either the video url or just the video id and have this change on the fly. Any help would greatly be appreciated! Hello, I have come to a dead end. What I'm trying to do is simple: have a dynamic title for my php page (something that would be executed by, for example, Code: [Select] <title><?php echo $title; ?></title>). I'm not an experienced coder. I've tried about 15 different variations to try to achieve the result I want, and none of them have worked. I'm using a dynamic web template (DWT), which has editable regions for the Code: [Select] <title> section and for the main body of the webpage. I'm also using a Smarty template, called display_post.tpl, which, along the php file that is attached to the DWT, called display_post.php, are provided below as originally written: Smarty template: Code: [Select] <table cellpadding="8"> <tr> <td valign="top"> {section name=mysec loop=$posts} <h2>{$posts[mysec].title}</h2><br> {$posts[mysec].body|nl2br} <br> {/section} </td> </tr> </table> display_post.php: Code: [Select] <?php require_once('db_login.php'); require_once('config.php'); $conn = mysqli_connect($db_host, $db_username, $db_password, $db_database) or die ('Error connecting to MySQL'); $post_id = $_GET['post_id']; $query = "SELECT * FROM posts WHERE post_id=$post_id"; $result = mysqli_query($conn, $query); while($row = $result->fetch_array()){ $test[] = $row; } $smarty->assign('posts', $test); $smarty->display('display_post.tpl'); mysqli_close($conn); ?> Everything works as is. Part of the problem is that I don't know whether to do this through the DWT/php file or through Smarty. I've tried variations on both approaches, which I can provide for food-for-thought if need be. For now, I would love to read any possible solutions that you can come up with. Thanks bunches! Maat
Hi my name is Alexander and i am new to coding. i am in need for tommorow for this task , but i cant figure out how to make it. Can anyone explain where is my mistake and how the code should look? I have some code but its full with errors....
Hey Ok i'd say i'm pretty average with HTML, CSS and PHP I have my own website - www.leedsmethockey.co.uk and i want to develop a new section... i'll try and explain as best i can i have a database with all the players and their email address... When someone is selected for a match i wish the website to email their email address to let them know... please could someone advice me where i need to start and what sort of code i need to be looking into? Many Thanks if($_GET['task']=='del') { $id=$_GET['id']; $name=$_GET['new_image']; mysql_query('delete from tbl_gallery where id="'.$id.'"' ); unlink ($name); } Ok this should be straight forward but my tired brain cannot work this out. I'm creating a simple contact form and for some reason the validation isn't working. It wont go past the check fields are filled in validation. Can anyone spot what I'm doing wrong? Code: [Select] <form method="get"> <h1 class='contact_form_h'>Contact Us</h1> <div id="login_response"></div> <input type='text' name='name' id='name' class='contact_form_input' value='Name' onfocus="if(!this._haschanged){this.value=''};this._haschanged=true;" /> <input type='text' name='email' id='email' class='contact_form_input' value='Email' onfocus="if(!this._haschanged){this.value=''};this._haschanged=true;" /> <textarea name='enquiry' id='enquiry' class='contact_form_textarea' rows='10' cols='10' onfocus="if(!this._haschanged){this.value=''};this._haschanged=true;">Enquiry</textarea> <input type='submit' name='contact' id='contact' class='contact_form_submit' value='Contact Us' /> </form> Code: [Select] <?php //Check if form is submitted if(isset($_GET['contact'])) { //Require check email function require "check_email.php"; //Variables $err_name=stripslashes($_GET['name']); $err_email=stripslashes($_GET['email']); $err_enquiry=stripslashes($_GET['enquiry']); $to="xxx@xxxx.com"; $subject="Website Contact Form"; $from = stripslashes($_GET['name'])."<".stripslashes($_GET['email']).">"; $message = $err_enquiry; $headers = "From: $from\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: multipart/mixed;\r\n" . " boundary=\"{$mime_boundary}\""; //Check all form fields are filled in if ($_GET["name"]!='' OR $_GET["name"]!='Name' OR $_GET["email"]!='' OR $_GET["email"]!='Email' ) { if (isValidEmail($_GET['email'])){ //Send Mail if (@mail($to, $subject, $message, $headers)) { echo "3 - sent"; } else{ echo "2 - not"; } } else { echo "1 - not valid"; } } else { echo"0 - Fill in"; } } ?> Below is the check email script. Code: [Select] <?php // This function tests whether the email address is valid function isValidEmail($email){ $pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$"; if (eregi($pattern, $email)){ return true; } else { return false; } } ?> |
|||||||