I have a situation where I post form to php parser via ajax call:

Example
$.post('parser.php', {
post_var1:var1,
post_var2:var
},

function(data)
{
console.log("Response: "+data);
});

then in the parser.php I submit this data to db. So I need to include init.php, header.php and securePage in the parser.

Example
<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/users/init.php';
require_once $abs_us_root.$us_url_root.'users/includes/header.php';
if (!securePage($_SERVER['PHP_SELF'])){die();}

if($f_var1 = $_POST['post_var1'] ) $fields[var1] = $f_var1;
if($f_var2 = $_POST['post_var2'] ) $fields[var2] = $f_var2;

$success = $db->insert('devices',$fields);

if(success) echo "1";
else echo "0";
?>

This should be pretty straight forward right?

Well the problem is that when I get echo from parser.php, the console.log prints the whole header (users/includes/header.php) + my echo 0 or 1.

I tryed to flush() and ob_flush() and then echo with no success. Problem occurs when I include header.php. If header.php is not included, the echo works OK. But then I'm stuck without DB class...

I also searched header.php and not found any of the echo routines. Also header.php is still original userSpice.

Also may I say that the header is echoed back regardless of what the parser.php is doing. Even if I comment out db->insert and $fields I'm stuck with that.

But there is one more interesting thing. If I access parser.php directly, the echo does show correct. Only 0 is echoed back (or 1 if the db->insert is successful).

Regards,
Jakob

Hello!

First, I'd like to say thank you for developing this.

I want to make an ajax call on a user restricted page. I set the target to the same php page and put the php code which handles the ajax call directly after the init script, but before header and navigation.

The Problem is, I need to tell the User ID within the ajax called php-handler. But since it is an ajax call, the user ID is not available (user token not submitted). Would it be safe to just submit the token within the ajax call? And if so, how do I get the token?

Thanks for advice!

Hello,

Tittle pretty much says all. I would like to know how to edit the login page to fit my template and custom design, I would also need to know how to connect my design // template with the database. Also, how would I go about changing the navigation bar, and customizing it for logged in users // guest?

Thanks!

Hi, all,
Is there any way to use the Validate class to verify if a combination of values is unique across multiple columns? I mean, in the same way that composite primary keys need to be unique. Or, will I have to do that a different way?
Thanks for the help,
Tim Meredith

Hello,
I have a single page application (bootstrap based) which uses modals / popups for login, registration and forgot my password.
I tried to understand how to integrate the userspice's functionality into those popups instead of moving my page to new URL, but the default use of separate page / php file prevented me from achieving that integration.

HELP! how it can be done?

Thank you!

Hey,

I'm new to PHP and programming in general.
There is something I noticed while working with the UserSpice profile feature.

users/profile.php is working properly, if $userQ gets an existing user id. (line 34)
if a user id, in my case profile.php?id=4, does not exist in the table, php throws the following:


Notice: Undefined offset: 0 in C:\xampp\htdocs\userspice\users\classes\DB.php on line 155

Notice: Trying to get property of non-object in C:\xampp\htdocs\userspice\users\profile.php on line 46

Notice: Trying to get property of non-object in C:\xampp\htdocs\userspice\users\profile.php on line 47

Notice: Trying to get property of non-object in C:\xampp\htdocs\userspice\users\profile.php on line 49


So, we're declaring variables in if(isset($_GET['id'])){ , but obviously missing a check, if user id is an existing db entry. The else (line 53) will excecute, when there is nothing "to get". If there is, we have no fallback.

My thought was to make another query for checking if the $userID is in the table (findById?). But that doesn't work as expected..

So, after $thatUser = $userQ->first(); on line 35, i tried

if(empty($thatUser)){
die('No entry');
} else{

But still have the problem, that $userQ->first(); does not exist and causes the offset:0 error.
I think there is a fast and smoother way to accomplish this but i don't get it. Like:

if id isset
// check the id
if id exists
//if yes, return
// if not, do something else (some static html 'User does not exist')

Would be awesome if someone can help.

Hello,

How would I go about customizing the current login page to have my own. I would need to know how to connect my custom login page to the database and all. Also, as far as the navigation bar, I just need to know how I can edit it and when it would change (logged in users, or guest)

Hi

I wanted to rack your brain and see what your thought process would be as well as ideas on the following:

1) I want to create a table and page where a "company" and associated data can be created. Then I want to associate users to a specific company. What do you think would be the best approach?

2) I would like to then assign permissions based on a company but also have the flexibility to utilise user groups and associated permissions?

Any suggestions, ideas, tips, pitfalls, tricks etc would be appreciated.

Thanks
-M

Hi,

I can't find in your code where is the "tab icon" line, I know it might be <link rel="" ...>.
Can you guys help me ? I feel really bad by asking this aha.

Hey,

noticed a XSS vulnerability in users/edit_profile.php on line 45:

$newBio = $_POST['bio'];
Should be: $newBio = Input::get('bio');

Otherwise we got some naked & public scripts in users bios