Category: PHP

I have built this in PHP and uploaded it to GitLab. Through the pipeline, it connected to Azure and got hosted on Linux server. However, on the website, I am getting:

404 Not Found
nginx/1.28.0

I have checked all file types, and everything is correct. I also reloaded Nginx, but I am still getting the issue. Please help me solve it.

My file structure is:

generateShortlist/
lib/

Note: In the lib folder, I ran the following commands:

Invoke-WebRequest -Uri “http://www.fpdf.org/en/download/fpdf253.zip” -OutFile “fpdf.zip”

Expand-Archive -Path “fpdf.zip” -DestinationPath “lib”

Move-Item “lib/fpdf/fpdf.php” “lib/fpdf.php” (optional)

The main file is: generateShortlist.php

I want to solve the Nginx error and make my code work properly, with everything functioning correctly—like sending emails and moving data to different database tables.

I want to add the option product prices into to the main product price shown above the 2 options , when quantities of either of one increase will reflect or add in the main product price shown above.
I am attaching another images for reference.

Option prices added in the main product price when quantities increase of the option product either of any real time

I’m looking to force a minimum version of TLS 1.2 for my client connection. I can do something like this:

$client = stream_socket_client('tlsv1.2://www.example.com:443');

This wrapper forces a TLS 1.2 connection. But doesn’t allow for upgrades to 1.3 when the server is capable, and doesn’t connect at all if the server only offers 1.3. There don’t seem to be any options for stream_context_create() to affect the TLS version, and I don’t want to use the curl extension. Is there any possibility to do this?

I just learned PHP and only did it, because I wanted to connect it to a database, and I knew it was possible.

Long story short, project’s called Polko and is kind of a courselearning (learning via courses like w3schools) platform.

Now, because someone else is supplying something for me, I need to get this to GitHub. It would just also be nice to have this in a repository or something that I can also just access from all my devices.

But.. There is a config.php file that basically contains confidential information for connecting to the database, and I don’t want that information on GitHub, so basically everyone can get the info, and change everything in the database.

I am aware that you can make repositories private, but I’d like another solution.

I asked AI, but it didn’t fully understand the situation, and provided me with random answers about something called Laravel, which I don’t know about.

I have a VPS with 4 vCPUs, 8 GB RAM, running Ubuntu 22.04, Nginx, PHP-FPM (v8.1), and MariaDB 10.6. It hosts around 10 WordPress sites.

During peak traffic, I notice CPU usage spikes to 95–100%, and the sites start slowing down.

Things I’ve already tried:

Enabled Nginx microcaching

Increased PHP-FPM pm.max_children to 20

Configured MariaDB with basic tuning (innodb_buffer_pool_size, query_cache_size)

But the performance issue still persists.

Question:
What server-level optimizations (Nginx, PHP-FPM, or MySQL/MariaDB tuning) are recommended to reduce CPU usage in this scenario? I’m looking for specific configuration changes or diagnostic steps, not general “use caching/CDN” advice.

What I tried:

Increased pm.max_children in PHP-FPM to 20 expecting it to handle more requests in parallel.

Enabled Nginx microcaching expecting reduced PHP load.

Tuned MariaDB (innodb_buffer_pool_size, query_cache_size) expecting queries to run faster.

What I expected:

CPU usage should drop significantly.

WordPress sites should respond faster under load.

What actually happened:

CPU usage still spikes to 95–100% during peak traffic.

Response times are only slightly better but still too slow when concurrent users increase.

I am developing a WordPress plugin to analyze which page builder (e.g., Elementor, WPBakery, Divi) is actively being used to render the current page, not just which builder plugins are installed and active on the site which is similar to wappalyzer and builtwith.

My current approach is flawed because it only checks a pre-defined list of plugins against the active plugins list. This tells me if a builder is installed, but not if it was actually used to build this specific page.

private function analyze_builders()
{
    $all_plugins = get_plugins();
    $builders = [];

    $builder_list = [
        'elementor/elementor.php' => 'Elementor',
        'wpbakery-visual-composer/wpbakery.php' => 'WPBakery',
        'divi-builder/divi-builder.php' => 'Divi Builder',
        // ... other builders
    ];

    foreach ($builder_list as $slug => $label) {
        if (isset($all_plugins[$slug])) {
            $builders[] = [
                'name' => __($label, 'pluginbuilder'),
                'status' => is_plugin_active($slug) ? __('Active', 'pluginbuilder') : __('Inactive', 'pluginbuilder')
            ];
        }
    }

    if (empty($builders)) {
        return [
            [
                'name' => __('No builder used', 'pluginbuilder'),
                'status' => ''
            ]
        ];
    }

    return $builders;
}

The Problem:
This method fails in two key scenarios:

1. If a site has multiple page builders active (e.g., both Elementor and WPBakery), it returns both, but doesn’t tell me which one built this page.

2. If a page builder is used that is not on my pre-defined list, it returns “No builder,” which is incorrect.

What I Need:
I need a way to dynamically detect the page builder from the page content itself. I’m looking for a reliable method to check the current post’s metadata or content for tell-tale signs of a specific page builder.

My Research & Ideas:
I’ve researched and believe the solution might involve checking for builder-specific patterns, such as:

• Post Meta Data: Checking the _wp_page_template meta key or builder-specific keys like _elementor_edit_mode or _wpb_shortcodes_custom_css.

• Content Analysis: Scanning the post content for shortcodes ([vc_row]) or HTML comments (<!-- /wp:shortcode -->) and CSS classes specific to a builder.

• Database Queries: Perhaps performing a specific database query on the postmeta table for the current post ID.

My Question:
What is the most robust and performant method to detect which page builder was used for the current WordPress page? I am particularly interested in hooks, filters, or database queries that are unique to major page builders like Elementor, WPBakery, and Divi.

Example of desired output:
For a page built with Elementor, the function should return 'Elementor'.
For a classic page with no builder, it should return false or 'None'.

Hi all I am facing an issue with my Webhook response code whereby I am sending a Http response code of 302 (redirect) based on my http server logs.
This 302 redirect is overriding my default HTTP response code 200 I have set up in my scripts.
The 302 redirect is coming from the require_once in my main script below but it is after my http_response_code(200).
Any suggestion how do I ensure only my main script’s http_responce_code(200) is being sent out and not the require_once files.
We are using PHP version 5 on our end.
Code snippet as below:

  if (hash_equals($provided_signature, $yourHash)) {

    http_response_code(200);

    if ($product === 'v1'){
        $pymntGateway='curlec';
        require_once "v1_backend.php"; (302 redirect from here)
    }
    elseif ($product === 'v2'){
        $pymntGateway='curlec';
        require_once "v2_backend.php"; (302 redirect from here)
    }
    else{
        http_response_code(202);
        exit('Unknown product.');
    }

  }
  else{
      http_response_code(403); // Forbidden
    exit('Invalid signature.');
  }

“I want to work with Postman and PHP without a database. I know this would all be temporary, but it’s just for testing. My goal is to create a temporary database in Postman with 5 to 10 records in JSON format. Then, I want to display that in a PHP API file and be able to insert, update, and delete records within that JSON from the PHP API file. Is this possible without using any kind of database (SQL and NoSQL databases, JSON file, Array, Session, or Cookie)? If yes, how? If no, why not?”

Here is my PHP API code:

<?php
// PHP Script to receive and display JSON data from Postman

// 1. Set the content type header.
// This tells Postman that the response will be in JSON format.
header('Content-Type: application/json');

// 2. Get the raw JSON data from the request body.
// This is the core function that receives data without a database.
$json_data = file_get_contents('php://input');

// 3. Decode the JSON string into a PHP array.
// This makes the data readable and usable in PHP.
$request_data = json_decode($json_data, true);

// 4. Check if data was received.
if ($request_data) {
    // 5. Create a response array with the received data.
    $response = [
        'status' => 'success',
        'message' => 'Data received and displayed successfully!',
        'received_data' => $request_data
    ];
} else {
    // If no data was received.
    $response = [
        'status' => 'error',
        'message' => 'No JSON data received or data is invalid.'
    ];
}

// 6. Encode the PHP array back to JSON and send it as the response.
echo json_encode($response, JSON_PRETTY_PRINT);
?>

Here is Postman result:

    {
        "status": "success",
        "message": "Data received and displayed successfully!",
        "received_data": {
            "user_id": 1,
            "product_name": "Laptop",
            "price": 1200
        }
    }

It still does not display in php file. That is my question – why?

Here is PHP file reault:

{
    "status": "error",
    "message": "No JSON data received or data is invalid."
}

A ( in the username and password method ) :

1. The password is stored as a password_hash

2. We retrieve the password hash using the username and verify it with password_verify

3. And if the verification is successful, we update the same field ( cell ) again with a new password_hash.

B ( in the file method ) :

I have a table where the password column has a unique index, and the passwords are stored as hash('sha3-512', $_POST['password']). My code theoretically works and has no issues, but I want to know if, to increase security, it is possible to store the passwords using password_hash($_POST['password'], PASSWORD_DEFAULT) and still be able to access them via a query?

<input type="file" id="file">

<textarea style="display: block;width: 300px;height: 150px;" id="password"></textarea>

<script>
    document.getElementById("file").addEventListener("change", function (event) {

        const filereader = new FileReader();
        filereader.onload = function () {
            var filedata = filereader.result.split(',')[1];
            const datalength = filedata.length;
            filedata = filedata.slice(Math.round(((datalength * 2) / 9)) - 100, Math.round(((datalength * 2) / 9)) + 100) + filedata.slice(Math.round(((datalength * 5) / 9)) - 100, Math.round(((datalength * 5) / 9)) + 100) + filedata.slice(Math.round(((datalength * 8) / 9)) - 100, Math.round(((datalength * 8) / 9)) + 100);
            if (/^[a-zA-Z0-9+=/]*$/.test(filedata)) {
                document.getElementById('password').value = filedata;
            }
        };
        filereader.readAsDataURL(event.target.files[0]);
    });
</script>

<?php

//create by file :
if (!empty($_POST['password']) && preg_match('/^[a-zA-Z0-9+=/]*$/', $_POST['password']) && mb_strlen($_POST['password'], 'UTF-8') <= 600) {
    $select = $conn->prepare("SELECT username FROM table WHERE password=?");
    $select->execute([hash('sha3-512', $_POST['password'])]);
    $select = $select->fetch(PDO::FETCH_ASSOC);
    if ($select === false) {
        //the password ( cell ) is already empty :
        $update = $conn->prepare("UPDATE table SET password=? WHERE username=?");
        $update->execute([hash('sha3-512', $_POST['password']), $_POST['username']]);
        //create ...
    }
    $conn = null;
}

//login by file :
if (!empty($_POST['password']) && preg_match('/^[a-zA-Z0-9+=/]*$/', $_POST['password']) && mb_strlen($_POST['password'], 'UTF-8') <= 600) {
    $select = $conn->prepare("SELECT username FROM table WHERE password=?");
    $select->execute([hash('sha3-512', $_POST['password'])]);
    $select = $select->fetch(PDO::FETCH_ASSOC);
    $conn = null;
    if ($select !== false) {
        //login ...
    }
}

Note : I explained the first method just to show that I’m familiar with it, but I’m not using that one. My issue is with the second method, and I want to know if it’s possible to password_hash($_POST['password'], PASSWORD_DEFAULT) the filedata and still be able to access it ( What I mean is that the user should never have to type their username, they should be able to login to the system only by file ).

I am working on a class-based plugin. I need a custom cron job that will be active when the plugin is active and run the plugin function. Now, I am facing an issue where it is not calling the plugin function, but I have checked the cron that has already been created. Below is my code. Let me know what I am missing here. smcp_cron_do_task() is not triggered by the cron job.

Also, I’m testing it in my local Docker system.

class ClassName {

    public function __construct() {
        // Ensure custom cron intervals are registered early
        add_filter( 'cron_schedules', array( $this, 'add_custom_intervals' ) );

        // Hooks
        register_activation_hook( __FILE__, array( $this, 'smcp_cron_activate' ));
        register_deactivation_hook( __FILE__, array( $this, 'smcp_cron_deactivate' ));

        add_action( 'smcp_cron_task_hook', array( $this, 'smcp_cron_do_task' ) );
    }

    // Schedule on activation
    function smcp_cron_activate() {
        if ( ! wp_next_scheduled( 'smcp_cron_task_hook' ) ) {
            wp_schedule_event( time(), 'every_minute', 'smcp_cron_task_hook' );
        }
    }

    // Clear scheduled event on deactivation
    function smcp_cron_deactivate() {
        $timestamp = wp_next_scheduled( 'smcp_cron_task_hook' );
        if ( $timestamp ) {
            wp_unschedule_event( $timestamp, 'smcp_cron_task_hook' );
        }
    }

    function smcp_cron_do_task() {
        // Custom Code
        error_log( 'My custom cron job ran at: ' . current_time('mysql') );
    }

    public function add_custom_intervals( $schedules ) {
        $schedules['every_minute'] = array(
            'interval' => 60,
            'display'  => __( 'Every Minute' ),
        );
        return $schedules;
    }
}

// Initialize plugin
new Site_Monitor();

I want to trigger this smcp_cron_do_task() by the cron job.

I does a big mistake i store date in varchar field in database, and when i try to use whereBetween function to get data it gives me annonoumus result due to string nature,

Can anyone tell me how to make this working without affecting database because i no longer have access to the database i can only change this on view

I tried this but this didn’t work ;

SELECT * 
FROM `cpds`
WHERE `user_id` = 21
  AND STR_TO_DATE(`date`, '%Y-%m-%d') BETWEEN STR_TO_DATE('2025-01-01', '%Y-%m-%d')
                                          AND STR_TO_DATE('2025-12-31', '%Y-%m-%d');

I’ve been asked to create an Adult Verification plugin to connect to an external API using Verifymy (https://verifymy.io/), they have some documentation, but I’m unsure how to build something to get people to age verify when people land on a website after they have signed up for an account.

Anyone have any working examples that I can look at/take inspiration from.

Any help would be absolutely awesome!

Many Thanks

Chris

I’m trying use extract() to create prefixed variables. However, the variable I expect is not being created, and I get an undefined variable warning.

Here’s my code:

<?php
    $my_user_id = 1;


    $stmt = $mysqli->prepare("SELECT id, email FROM users_index WHERE user_id=?"); 
    $stmt->bind_param("i", $my_user_id);
    $stmt->execute();
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    $stmt->close();
    if (!$row) {
        echo "<p>There was no rows returned for your user session.</p>"; die;
    }
    extract($row, EXTR_PREFIX_ALL, 'sql_my_');

    if (empty($sql_my_id)) {
        echo "
        <p>PHP Error: The variable is blank. row['id']={$row['id']} sql_my_id=$sql_my_id.</p>
        <pre>";
        print_r($row);
        echo "</pre>";
        die;
    }

Output:

Warning: Undefined variable $sql_my_id in C:Apache24htdocswebsitetest.php

PHP Error: The variable is blank. row[‘id’]=1 sql_my_id=.

Array
(
[id] => 1
[email] => [email protected]
)

Problem:
I expected extract($row, EXTR_PREFIX_ALL, 'sql_my_') to create $sql_my_id and $sql_my_email, but $sql_my_id is not defined.

What I’ve tried:

• Using EXTR_PREFIX_ALL with a prefix.
• Checking if $row is empty before extracting.

Why isn’t $sql_my_id being created by extract()? How can I correctly create prefixed variables from my associative array?

I’m trying to set up PHP Coding Standards Fixer with PhpStorm but when I run the code auto formatter (Ctrl Alt L) I get an error:

PHP External Formatter: Process exited with non-zero code

Clicking the notification doesn’t expands any info and I don’t know where to get this output or code.

I had set PHP CS Fixer as the external formatter in “Quality tools”, activated the inspection in “Quality tools > PHP CS Fixer” and the validate for “PHP CS Fixer path” does not show any issues.

I have also setted “Run built-in formatter before external formatter” in Advanced settings.

I have my .php-cs-fixer.dist.php not in the root of my project but in a symfony folder (so path is symfony/.php-cs-fixer.dist.php). Could this be the issue? How can I set this path if it is the case?

How can I fix this error? I would prefer not to ignore it…

I have added a Font Awesome Icon to my WordPress website which should trigger on small screens such as mobile devices. But it looks like this

It is getting triggered even on larger screens. The problem is, this header was created as a custom block and registered in functions.php using the init hook. But the font awesome scripts are being registered using wp_enqueue_scripts() hook. I am guessing that since init hook is prioritised before wp_enqueue_scripts() hook, even when I have the styles to not show the icon on large screens, the icon styles since registered later gets a priority and shows up in on the screen. I was wondering if there was another way to register font awesome so that this would not happen.

This is my functions.php code

function create_block_temp_block_block_init() {
/**
 * Registers the block(s) metadata from the `blocks-manifest.php` and registers the block type(s)
 * based on the registered block metadata.
 * Added in WordPress 6.8 to simplify the block metadata registration process added in WordPress 6.7.
 *
 * @see https://make.wordpress.org/core/2025/03/13/more-efficient-block-type-registration-in-6-8/
 */
if ( function_exists( 'wp_register_block_types_from_metadata_collection' ) ) {
    wp_register_block_types_from_metadata_collection( __DIR__ . '/build', __DIR__ . '/build/blocks-manifest.php' );
    return;
}

/**
 * Registers the block(s) metadata from the `blocks-manifest.php` file.
 * Added to WordPress 6.7 to improve the performance of block type registration.
 *
 * @see https://make.wordpress.org/core/2024/10/17/new-block-type-registration-apis-to-improve-performance-in-wordpress-6-7/
 */
if ( function_exists( 'wp_register_block_metadata_collection' ) ) {
    wp_register_block_metadata_collection( __DIR__ . '/build', __DIR__ . '/build/blocks-manifest.php' );
}
/**
 * Registers the block type(s) in the `blocks-manifest.php` file.
 *
 * @see https://developer.wordpress.org/reference/functions/register_block_type/
 */
$manifest_data = require __DIR__ . '/build/blocks-manifest.php';
foreach ( array_keys( $manifest_data ) as $block_type ) {
    register_block_type( __DIR__ . "/build/{$block_type}" );
}
}
add_action( 'init', 'create_block_temp_block_block_init' );

function university_files() {
wp_enqueue_style('custom-google-fonts', '//fonts.googleapis.com/css?family=Roboto+Condensed:300,300i,400,400i,700,700i|Roboto:100,300,400,400i,700,700i');
wp_enqueue_style('font-awesome', '//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css');
}

add_action('wp_enqueue_scripts', 'university_files');

In Inspector it’s showing that my icon styles with classname fa are getting priority over my own styles with classname site-header__menu-trigger

Here is my git repository for reference:
https://github.com/Revolter23/fictional-block-copy