Ajax Post Security Question - ajax

so i have a problem, i have this code:
$params = "'plname=" . $player->username . "&plmiss=" . $player->miss . "&plmaxdmg=" . $player->maxdmg . "&plmindmg=" . $player->mindmg . "&plhp=" . $player->hp . "&plmhp=" . $player->maxhp;
$params .= "&enname=" . $enemy->username . "&enmiss=" . $enemy->miss . "&enmaxdmg=" . $enemy->maxdmg . "&enmindmg=" . $enemy->mindmg . "&enhp=" . $enemy->hp . "&enmhp=" . $enemy->hp . "'";
buttonform("pvm.php","Attack",$params);
buttonform function:
function buttonform($page,$texto,$params)
{
?><input type="button" onclick="ajaxpost('menu','<?php echo $page;?>',<?php echo $params;?>);" class="button" value="<?php echo $texto;?>"><?
}
so you guessed it the function will create a button that when be clicked will send an ajax request for the pvm.php + $params.
but the problem is that $params is confidential and should not be avaiable to change. but if we enter in the page code (ive done this with google chrome developer tools) we can change those variables to what we want, and that is what i dont want. if anyone can help me to make those variables not avaiable for change, THANKYOU!

Anything loaded into the user's browser is available for change. You'll have to store that information server-side.
To that end, take a look at PHP sessions:
http://www.w3schools.com/PHP/php_sessions.asp
http://www.php.net/manual/en/book.session.php

Related

Storage/File delete methods don't delete the file from storage

I am uploading images to storage/uploads and have a queue job that uploads those images to AWS. Here is the code of the job:
$path = storage_path() . '/uploads/' . $this->fileId;
$fileName = $this->fileId . '.png';
if (Storage::disk('s3images')->put('profile/' . $fileName, fopen($path, 'r+'))) {
File::delete($path);
}
Once the image has been uploaded to AWS the job is supposed to delete the image from storage/uploads but it's not doing that. The images are successfully uploaded to AWS. I tried to delete specific files directly without the if-statement but nothing seems to work. I even tried with Storage::delete but that didn't work either. Could someone point me in the right direction please?
You may use
Storage::delete('upload/profile/' . $fileName);
See Documentation
If your specifying the full directory path of the file you can use unlink a native way to delete files from the server.
$path = storage_path() . '/uploads/' . $this->fileId;
$fileName = $this->fileId . '.png';
$isUploaded = Storage::disk('s3images')->put('profile/' . $fileName, fopen($path, 'r+'));
if ($isUploaded) {
unlink($path);
}
Documentation: unlink php

Laravel Dusk Visit method keeps going back to APP_URL

I have the following on my TimelineTest Dusk file
$browser->visit('/wall/' . $this->username . '/' . $this->userID)
->assertTitleContains($this->username . ' - SiteName');
But although I am specifying the url to visit, my test fails because Dusk still visits the root / and not the url I specified /wall/' . $this->username . '/' . $this->userID
I dumped the current url using
$url = $browser->driver->getCurrentURL();
dd($url);
And it is the correct one, but my assertion fails saying that my title was not found in the page title, which corresponds to the one in the index page /
Did anyone have Dusk not visiting the URL they specified?

Locking specific cells with a password phpExcel

I am uploading an excel file from a folder in my computer to a folder in the server, after the upload i am loading the uploaded file so that i can protect certain cell, the first method i used below does not work at all
function LockCertainCells(){
$labref= $this->uri->segment(3);
$objReader = new PHPExcel_Reader_Excel2007();
$path = "analyst_uploads/" . date('Y') . '/' . date('M') . '/'. $labref .'/'. $labref . ".xlsx";
$objPHPExcel = $objReader->load($path);
$objPHPExcel->setActiveSheetIndexbyName('Sample Summary');
$objPHPExcel->getActiveSheet()->protectCells('A17:G85','PHPExcel');
$objPHPExcel ->getActiveSheet()->getProtection()->setSheet(true);
}
This second one
function LockCertainCells(){
$labref= $this->uri->segment(3);
$objPHPExcel = new PHPExcel;
$path = "analyst_uploads/" . date('Y') . '/' . date('M') . '/'. $labref .'/'. $labref . ".xlsx";
$objSheet = $objPHPExcel->load($path);
$objSheet->setActiveSheetIndexbyName('Sample Summary');
$objSheet->protectCells('A17:G85', 'PHP');
$objSheet->getProtection()->setSheet(true);
}
Throws me this error:
Fatal error: Call to undefined method PHPExcel::load() in C:\127.0.0.1\htdocs\NQCL\.....
suggestions!
The PHPExcel class doesn't have a load method, which is precisely why you get that error.... the first method is the method provided by the PHPExcel library for loading a file into a PHPExcel object, the second is not. Use the method that works (and is the method described in all the documentation); not the one that doesn't exist.
The first method for locking the cells isn't doing anything with the PHPExcel object (such as saving it) after you have set cell protection; so as soon as the LockCertainCells function terminates, it will be out of scope and discarded by the PHP script. If you want to make the changes in the file, you need to save the file again. I believe that MS Excel itself requires you to save a file if you want to make any changes to that file permanent.
EDIT
You also miss setting the password for the protected cells:
$objSheet->getProtection()->setPassword('mypassword');

Magento: include and app/code/core from another location(above webroot)

I am looking for a way to include magentos app/code/core from above webroot.
It is no problem to do this with /lib, just add the path at the end of the include path in your php.ini
Something like
.:/existing/path:/home/yourdomain/magento/lib
For demo-stores or development servers this means saving 30mb or more than 3000 files per installation.
Therefore I would love to do the same with app/code/core as it is another 26mb and more than 5000 files per installation.
Did open a thread here
http://www.magentocommerce.com/boards/viewthread/457181/
Any help would be appreciated.
One way to do this...
Modify app/Mage.php where you will find the following lines that add paths to check when you include files...
$paths[] = BP . DS . 'app' . DS . 'code' . DS . 'local';
$paths[] = BP . DS . 'app' . DS . 'code' . DS . 'community';
$paths[] = BP . DS . 'app' . DS . 'code' . DS . 'core';
$paths[] = BP . DS . 'lib';
$appPath = implode(PS, $paths);
set_include_path($appPath . PS . Mage::registry('original_include_path'));
You could change BP to wherever you move the code, or change these entirely.
If you move the entire app directory, then change your index.php file in your web base directory. You'll see this line
$mageFilename = MAGENTO_ROOT . '/app/Mage.php';
You'll want to change this to wherever you moved it. Mage.php is what bootstraps the whole operation.

Localhost and fopen

We are now working in a local environment, rather than working live, which is a good thing. However, I've run into a hiccup I don't know how to fix. My code (CodeIgniter) looks like this:
if (!is_dir(base_url() . 'channel-partners/html/camera-registration/' . $name_url)) {
mkdir(base_url() . 'channel-partners/html/camera-registration/' . $name_url);
}
$handle = fopen('/path/to/file/channel-partners/html/camera-registration/' . $name_url . '/index.html', 'w') or die('Can\'t open file');
fwrite($handle, $html);
fclose($handle);
But since I'm running MAMP, $_SERVER['DOCUMENT_ROOT'] equals Applications/MAMP/htdocs, so that won't work. So what can I do to write a file in PHP that would work in both a production environment and a local environment?
Use the FCPATH or APPPATH constants.
FCPATH will give you the path to the directory where the front controller is located (index.php).
APPPATH will give you the path to the application directory.
Usage:
fopen(FCPATH . 'path/relative/to/frontcontroller/etc/' . $name_url . '/index.html', 'w') ...

Resources