Scratch

P110 wrote:

jvvg wrote:

trinary wrote:

Something which they are currently /not/ doing.

It\'s a problem. 
When I took programming at school, one of the units was in security. We learned absolutely nothing there. The whole class was a total waste of my time. 

I learned real programming security through the internet, where I learned that whenever outputting HTML user-submitted data, it needs to be escaped, no matter what context. I also learned that all submitted data used in a SQL query must be escaped.

Man I suddenly hate sql

That's why some of my older sites used files instead. 

XenoK wrote:

jvvg wrote:

P110 wrote:

Man I suddenly hate sql

That's why some of my older sites used files instead. 

yet it's still inefficient, I will fix everything.  on second thought, P110 fix everything.  (Please)

Yeah, that's why I use MySQL now.

XenoK wrote:

hey, jvvg!  I was wondering where I can find the code for how you implemented the AJAX user search, I looked on the page, but there wasn't anything there that seemed like it would do what it's supposed to except outputting the user.

It's in the JS code on the page. (it isn't in the repo yet, I'm pushing changes this weekend).

The code for that specific page is...

<script type="text/javascript">
//<![CDATA[
function searchUser(query) {
    if (window.XMLHttpRequest) {
        req = new XMLHttpRequest();
    } else {
         req = new ActiveXObject("Microsoft.XMLHTTP");
    }
    document.getElementById('users').innerHTML = 'Working...';
    req.open("POST", "/users", true);
    req.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
    req.send("query=" + encodeURIComponent(query));
    
    req.onreadystatechange = function() {
        if (req.readyState==4 && req.status==200) {
            document.getElementById('users').innerHTML = req.responseText;
        } else {
            document.getElementById('users').innerHTML = 'Error: ' + req.status;
        }
     }
}
//]]>
</script>

Last edited by jvvg (2012-10-05 15:39:23)

XenoK wrote:

That would be compatible with this page, correct?  I'd just have to change references to id's

That would work, but you also need server-side code that outputs JUST THE RETURNED RESULT.

XenoK wrote:

jvvg wrote:

XenoK wrote:

That would be compatible with this page, correct?  I'd just have to change references to id's

That would work, but you also need server-side code that outputs JUST THE RETURNED RESULT.

I know how to do that, but could I see your code for that?

My code is just this:

function getUsers($query = false) {
    global $db;
    $result = $db->query('SELECT username,id,permission FROM users
    WHERE status<>\'disabledbyadmin\'' . ($query ? ' AND username LIKE \'' . str_replace('*', '%', $db->escape($query)) . '\'' : '') . '
    ORDER BY username ASC') or error('Failed to get users', __FILE__, __LINE__, $db->error());
    ?>
    
    <?php
    if (!$db->num_rows($result)) {
        echo '<p>Your search returned no results! :(</p>';
    }
    while ($cur_user = $db->fetch_assoc($result)) {
        echo '<p>' . parse_username($cur_user) . '</p>';
    }
}
if (isset($_POST['query'])) {
    ob_end_clean();
    getUsers($_POST['query']);
    die;
}

XenoK wrote:

lets see.... I have just a bit of tweaking to do then.

Yep. I actually just copy-paste that AJAX script to use for just about everything.

XenoK wrote:

well, I got the AJAX part to work, it just renders an error pretty wierdly...  try it out jvvg

You probably put the response text in the wrong place, and the page that gets the users is returning an error.
Also, we use our own database driver for Mod Share, so you'll need to change the functions around.

XenoK wrote:

You know what, I'm going to give you FTP later for helping us out on the ajax search, but only that, and you can look at the other files too, but mainly the only ones worth checking out are the ones that start with user_

Ok.

Something's up with your database...

Errors:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in [server root]/html/includes/maintenance.php on line 13

Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in [server root]/html/index.php on line 27
Could not connect: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

user_admin_delete.php finished.      I'm gonna start user_admin_edit.php tonight, hopefully finish it, and revise all the code in the users section, and if I'm lucky, I'll be able to move on to the messages section!

I just finished the final admin file for the users section.   I can now start in on messaging!  But first, I may add some enhancements to the files.

implementing message_index.php now.