0

Currently, I've reached conclustion that HTTP only works with a hot connection online, and can't be sent through localhosts or 127.0.0.1 calls because whenever my PHP file creates a 'http(send)' the file, no matter what directory I am in can't make the call to update the database.

What I mean is index.php calls vote.js with function onClick() vote.js calls vote.php with function HTTPSend (ERROR) vote.php updates database from mysql using server XAMPP

My first option is to try the rails, with bootstrap and new database My second option is to hire developers My third option is someone will be kind enough to take a look, and I will be glad to send a video demo by contacting woofwarrior@yahoo.com

Files:

/Index:

<tr>
    <td style="width: 10%">
        <span class="serial" id="<?php echo $images[$i]['imageID']; ?>"><?php echo $images[$i]['amount']; ?></span>

        <a href="javascript:create_window(<?php echo " '" . $image_name . "' " . ", " . $image_size[0] . ", " . $image_size[1] ?>)">
                            <img src="<?php echo $dir . "/" . $images[$i]['name']; ?>" alt=""/>
                        </a>
    </td>
    <td style="width: 40%;position: relative">
        <h3 class="text-effect" style="display: inline-block">
            <?php echo $images[$i]['desc']; ?>
        </h3>
        <span class="arrow">
          <a href="javascript:vote(<?php echo "'" . $images[$i]['name'] . "'" ?>)"><i
          class="fa fa-arrow-up"></i></a>
        </span>
    </td>
    <td>&nbsp;</td>
</tr>

/js/Vote.js

//ajax call to send upvote
function vote(name){
    var httpRequest;
    httpRequest = new XMLHttpRequest();
    //console.log('')
    if (!httpRequest) {
        console.log('Cannot create an XMLHTTP instance');
        return false;
    }else{
        httpRequest.onreadystatechange = alertContents;
        httpRequest.open('POST', 'vote.php', true);
        var data = "name="+encodeURIComponent(name);
        httpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
        //console.log(data);
        httpRequest.send(data);
    }
    function alertContents() {
        if (httpRequest.readyState === XMLHttpRequest.DONE) {

            if (httpRequest.status === 200) {
                console.log(httpRequest.responseText);
                var data = JSON.parse(httpRequest.responseText);
                if(data['imageID'] && data['new_amount']){
                    document.getElementById(data['imageID']).innerHTML = data['new_amount'];
                }
            } else {
                console.log(httpRequest.status+ 'There was a problem with the request.');
            }
        }
    }
}

/Vote.PHP

<?php
session_start();
include('mysql.php');

//check if user logged in and not anonymous voting
if(isset($_SESSION['userID']) && !isset($_POST['action']) && !isset($_POST['votePic'])){

    //get image id
    $result = mysqli_query($link, "SELECT `imageID` FROM `image` WHERE `name`='".$_POST['name']."';") or die(mysqli_error($link));
    $image_id = mysqli_fetch_assoc($result);

    //check if user already voted for certain image

    $result = mysqli_query($link, "SELECT * FROM `votes` WHERE `userID`=".$_SESSION['userID']." AND `imageID`=".$image_id['imageID'].";") or die(mysqli_error($link));
    $row = mysqli_num_rows($result);
    if($row == '0'){
        mysqli_query($link, "INSERT INTO `votes`(`userID`, `imageID`) VALUES (".$_SESSION['userID'].", ".$image_id['imageID'].");") or die(mysqli_error($link));

        $data = update_vote($image_id['imageID']);
        echo json_encode($data);

    }else{
        //already upvoted
        echo json_encode('upvoted before');
    }
}elseif(isset($_POST['votePic']) && !empty($_POST['votePic'])){
    //anonymous vote from main page

    $data = update_vote($_POST['votePic']);
    echo json_encode($data);

}else{
    //user not logged, cant vote
    $data = update_vote($_POST['votePic']);
    echo json_encode('not logged');
}

function update_vote($image_id){
    //get number of votes and update
    global $link;
    $data = array();
    $stmt = mysqli_prepare($link, "SELECT `amount` FROM `votes_amount` WHERE `imageID`=?;");
    mysqli_stmt_bind_param($stmt, 'i', $image_id);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_bind_result($stmt, $num);
    while (mysqli_stmt_fetch($stmt)) {
        $amount['amount'] = $num;
    }
    mysqli_stmt_close($stmt);

    $new_amount = $amount['amount']+1;

    $stmt = mysqli_prepare($link, "UPDATE `votes_amount` SET `amount`=".$new_amount." WHERE `imageID`=?;") or die(mysqli_error($link));
    mysqli_stmt_bind_param($stmt, 'i', $image_id);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);

    //return ajax data
    if(isset($_SESSION['userID']) && !isset($_POST['action']) && !isset($_POST['votePic'])){
        //insert scores
        mysqli_select_db($link, "woofwarr_users");

        $result = mysqli_query($link, "SELECT * FROM `scores` WHERE `userID`=".$_SESSION['userID']." ;") or die(mysqli_error($link));
        $row = mysqli_num_rows($result);
        if($row == '0'){
            mysqli_query($link, "INSERT INTO `scores`(`userID`, `scoreAmount`) VALUES (".$_SESSION['userID'].", '1');") or die(mysqli_error($link));
        }else{ 
            $result = mysqli_query($link, "SELECT * FROM `scores` WHERE `userID`=".$_SESSION['userID']." ;") or die(mysqli_error($link));
            $row = mysqli_fetch_assoc($result);
            $new_score = $row['scoreAmount'] +1;
            mysqli_query($link, "UPDATE `scores` SET `scoreAmount`=".$new_score." WHERE `userID` = ".$_SESSION['userID'].";") or die(mysqli_error($link));
        }
        mysqli_select_db($link, 'woofwarr_gallery');

        $data = array('new_amount'=>$new_amount, 'imageID'=>$image_id);
    }elseif(isset($_POST['action']) && $_POST['action'] == 'anonymous_voting'){
        //get another two images
        $result = mysqli_query($link, "SELECT * FROM `image` ORDER BY RAND() LIMIT 2;") or die(mysqli_error($link));
        //$data = array();
        while($row = mysqli_fetch_assoc($result)){
            $data[]=$row;
        }
    }

    mysqli_close($link);

    return $data;
}

?>
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Unhinged Titan
  • 97
  • 10
  • 1
    `XMLHttpRequest()` is the reason I started using jQuery ... :| – CD001 Oct 30 '17 at 16:59
  • Is the PHP in the same directory as the JavaScript? Assuming this line `httpRequest.open('POST', 'vote.php', true);` is what produces the 404 error your path to the PHP file is wrong. – Jay Blanchard Oct 30 '17 at 17:00
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 30 '17 at 17:01
  • 'vote.php' != 'Vote.php' ... it matters – YvesLeBorg Oct 30 '17 at 17:35
  • 1
    Uh.... tap, tap, tap...is this thing on? – Jay Blanchard Oct 30 '17 at 17:37
  • No, the /js/vote.js is in a directory above /. However the /index.php calls vote.js from the same directory as vote.php. – Unhinged Titan Oct 31 '17 at 18:03

0 Answers0