0

I appear to have run into a problem with PHP functions not working after a server upgrade. They upgraded their server to PHP7.2 this last week, but the software was working fine until then. So they've just temporarily downgraded the account to 7.0.

Please see below the code:

if($_POST['create_appointment']){ 
    $customer_id   = htmlspecialchars($_POST['customer'], ENT_QUOTES);
    $category_id   = htmlspecialchars($_POST['category'], ENT_QUOTES);
    $date       = htmlspecialchars($_POST['date'], ENT_QUOTES);
    $start_time = htmlspecialchars($_POST['start_time'], ENT_QUOTES);
    $end_time   = htmlspecialchars($_POST['end_time'], ENT_QUOTES);
    $booked_by  = htmlspecialchars($_POST['booked_by'], ENT_QUOTES);
    $booked_for =  post_array_to_explode($_POST['booked_for']);
    $notes      = htmlspecialchars($_POST['notes'], ENT_QUOTES);
    $session_id = htmlspecialchars($_POST['session_id'], ENT_QUOTES);
    $time       = date("Y-m-d H:i:s");
    $agent_id   = get_agent_from_session($session_id, 'id');

    $start_date = $date.' '.$start_time;
    $end_date = $date.' '.$end_time;

    $start_date = format_datetime_mysql($start_date);
    $end_date = format_datetime_mysql($end_date);

    $insert = $dbh->exec("INSERT INTO calendar(start_date, end_date, notes, category_id, customer_id, added_by, booked_by, booked_for, date_added) VALUES ('$start_date', '$end_date', '$notes', '$category_id', '$customer_id', '$agent_id', '$booked_by', '$booked_for', '$time')");
        if($insert){
            $notification_msg[] = array(type=>'alert-success', h4=>'Success!', msg=>'Appointment Created');
            push_browser_notify('New appointment booked', format_date($start_date).' - '.get_customer_json('business_name', $customer_id).' ('.get_customer_json('first_name', $customer_id).' '.get_customer_json('last_name', $customer_id).') ', '');     

            header('Location: ' . $_SERVER['HTTP_REFERER']);

        }else{
            $notification_msg[] = array(type=>'alert-warning', h4=>'Warning!', msg=>'Appointment NOT Created');
        }
}

The software is on a subdomain, of which the main domain has an SSL certificate attached. I seem to have the HTTP referer problem occur when I have SSL activated on the subdomains. Right now, it will just come up with the problem of "Appointment NOT Created".

Can someone please help? I'm happy to reword the question if this doesn't make sense.

The error message I get when SSL is activated is:

"(index):1 Failed to load https://agent.[domain].co.uk/ajax/livelead-new.php?session=0e9b832ead36586de0f56aba52079301641362a811363690298da1970b7ecb3d: No 
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 
'http://agent.[domain].co.uk' is therefore not allowed access."

if($insert){
            $notification_msg[] = array(type=>'alert-success', h4=>'Success!', msg=>'Appointment Created');
            header('Location: ' . $_SERVER['HTTP_REFERER']);
        }else{
            $notification_msg[] = array(type=>'alert-warning', h4=>'Warning!', msg=>'Appointment NOT Created');
        }
Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
Paul M
  • 115
  • 12

1 Answers1

0

I believe you just have to do the following if you're trying to access code from a different server. I don't think it's secure, but should work if you place it on the page that handles the request:

<?php header('Access-Control-Allow-Origin: *'); ?>
Dino Cajic
  • 138
  • 1
  • 7
  • Hi - thanks for answering. I just tried that and unfortunately didn't work. I put it in the header. – Paul M Aug 29 '18 at 14:51
  • Dang, main header or the header of that file? – Dino Cajic Aug 29 '18 at 15:04
  • Main header - its placed as an include. – Paul M Aug 29 '18 at 15:06
  • Also. it's not from a different server. Its the same server on a subdomain. – Paul M Aug 29 '18 at 15:08
  • I would try and place it in the actual file that processes the request. I hear ya. I had the same problem with Ajax/PHP even though it was on the same domain. Added that to my file and worked fine. I was using Codeigniter and placed it directly above the class declaration. – Dino Cajic Aug 29 '18 at 15:11