Category: PHP

I am trying to upload files from Postman using PHP API. I’m getting a 403 forbidden error:

<html>

<head>
    <title>403 Forbidden</title>
</head>

<body>
    <center>
        <h1>403 Forbidden</h1>
    </center>
</body>

</html>

I need to add a Customer custom attribute. Here is snippet of my code:

         $customerSetup->addAttribute(Customer::ENTITY, 'customer_mobile', [
            'type' => 'varchar',
            'label' => 'Customer Mobile',
            'input' => 'text',
            'required' => false,
            'visible' => true,
            'user_defined' => true,
            'sort_order' => 85,
            'position' => 999,
            'system' => 0,
            'visible_on_front' => true
        ]);

        $attribute = $customerSetup->getEavConfig()->getAttribute(Customer::ENTITY, 'customer_mobile')
            ->addData([
                'attribute_set_id' => $attributeSetId,
                'attribute_group_id' => $attributeGroupId,
                'used_in_forms' => ['adminhtml_customer', 'customer_account_edit'],
            ]);

        $attribute->save();

It successfully adds ‘customer_mobile’ in the admin. But it does not show on the front store, in edit user form. I check on the table customer_form_attribute and there are 2 rows with my new custom attribute with 2 forms. Do I need to override the customer_account_edit.xml to display? I try to work on this for 2 days, but no hope. Can anyone help me.

Thank you very much!

I wanna know how
do_action( ‘template_redirect’ ); is filling up [queried_object] => WP_Term Object
(
[term_id] => 43
[name] => media
[slug] => media
[term_group] => 0
[term_taxonomy_id] => 42
[taxonomy] => category
[description] =>
[parent] => 0
[count] => 0
[filter] => raw
[cat_ID] => 43
[category_count] => 0
[category_description] =>
[cat_name] => media
[category_nicename] => media
[category_parent] => 0
) in global $wp_the_query

if ( wp_using_themes() ) {
    /**
     * Fires before determining which template to load.
     *
     * @since 1.5.0
     */
    echo "checking global before in template_redirect";
global $wp_the_query;
print_r($wp_the_query);
echo "checking global before in template_redirect";


    do_action( 'template_redirect' );

    echo "checking global after template_redirect ";
    print_r($wp_the_query);
    echo "checking global after template_redirect ";
}

I printed the query one before and one after the do_action( ‘template_redirect’ );. removing do_action( ‘template_redirect’ ); empties $wp_the_query->queried_object

I used codegen of Swagger to generate php server code based on openAPI document. The interface is simple and not that much complex. However, the generated code has in total (after downloading all needed dependencies using composer) a size of 1.7 GB.

Is this possible and realistic? This is bigger than the size of a complete OS! Does someone have an explanation?

I understand that adding abstraction layers inbetween results in increasing the size, but anyhow 1.7 GB for a simple REST server is unbelievable and really HUGE.

I have added a function to my WordPress site to modify the login page by including a custom field. This field is intended to require users to enter a specific value in addition to their username and password. However, the custom field is not functioning as expected.

When users submit the login form, they can input any value in the custom field, and the login process does not validate this input against the expected value stored in the option portal_access_code. As a result, users can log in as long as they provide a valid username and password, regardless of the value they enter in the security code field.

I have checked the implementation using error_log and confirmed that it logs both the actual value of the option set ('portal_access_code') and the value entered by the user. However, the login process allows users to authenticate without validating the custom field, bypassing the intended check. It’s as if the login mechanism is running before the custom validation takes place, so users can log in without error, even if their input does not match the expected value. I think this happens after WordPress has already authenticated the user based on the username and password.

When any user trying to login, this code log both codes (code that stored in database, and code that user entered) on error_log file:

[31-Aug-2024 08:13:05 UTC] Portal Access Code: NTM-81641992@BRHPUL-nu581p
[31-Aug-2024 08:13:05 UTC] Submitted Security Code: 1234

So the actual code in the database is NTM-81641992@BRHPUL-nu581p (it’s generating automatically with another function) but users can bypass it by entering any value into the login field!

<?php

// Add the security code field to the login form
add_action('login_form', 'add_security_code_field_ntm');
function add_security_code_field_ntm() {
    echo '<p>
            <label for="security_code">'.__('Security Code').'<br />
            <input type="text" name="security_code" id="security_code" class="input" value="" size="100" required /></label> <!-- Added required attribute -->
          </p>
          <script>
            document.getElementById("loginform").onsubmit = function() {
                var securityCode = document.getElementById("security_code").value;
                if (securityCode === "") {
                    alert("Please enter the Security Code field"); // Alert message for the empty field
                    return false; // Prevent form submission
                }
                return true; // Allow form submission
            }
          </script>';
}

// Validate the security code
add_filter('authenticate', 'validate_security_code_ntm', 30, 3);
function validate_security_code_ntm($user, $username, $password) {
    // Check if the login form was submitted with a security code
    if (isset($_POST['security_code'])) {
        $portal_access_code = get_option('portal_access_code', 'error_code');
        $security_code = sanitize_text_field($_POST['security_code']);

        error_log("Portal Access Code: " . $portal_access_code);
        error_log("Submitted Security Code: " . $security_code);

        // Compare with the stored access code
        if (empty($security_code)) {
            return new WP_Error('empty_security_code', __('Please Enter the Security Code.'));
        }
        if ($security_code !== $portal_access_code) {
            return new WP_Error('invalid_security_code', __('Security Code is not correct!'));
        }
    }
    return $user; // Return the user object if there are no errors
}

// Restrict login methods except wp-login.php
add_action('init', 'restrict_login_methods_ntm');
function restrict_login_methods_ntm() {
    if (is_user_logged_in() || !isset($_REQUEST['log'])) {
        return;
    }
    $request_uri = $_SERVER['REQUEST_URI'];
    if (!preg_match('/wp-login.php/', $request_uri)) {
        wp_die('You should use normal way to login to admin panel!');
    }
    add_filter('xmlrpc_enabled', '__return_false');
}

I have two Laravel projects, each with its own repository:

sresth.com – This project serves the user-facing part of the website.
sresthadmin.com – This project serves the admin panel.
I want to merge these two projects into a single Laravel project with the following structure:

The user-facing part should remain accessible via sresth.com.
The admin panel should be accessible via sresth.com/admin.
Both projects are currently in separate repositories. I’m looking for the best approach to merge them into one project and one repository without losing any functionality or data. How can I achieve this?

Here are a few specific concerns:

How should I structure the directories and routes for the admin panel within the merged project?
How do I handle merging the environment configuration files (.env)?
What’s the best way to manage potential conflicts, such as overlapping routes, models, or migrations?
Any advice or step-by-step guidance would be greatly appreciated!

I have the following code to calculate what day it will be in 6 months from today.

// Java code
Date currentDate = (new SimpleDateFormat("yyyy-MM-dd")).parse("2024-08-30");
        
Calendar calendar = Calendar.getInstance();
calendar.setTime(currentDate);
calendar.add(Calendar.MONTH, 6);
Date sixMonthsLaterDate = calendar.getTime();
String sixMonthsLaterDateString = new SimpleDateFormat("yyyy-MM-dd").format(sixMonthsLaterDate);

System.out.println("sixMonthsLaterDateString: " + sixMonthsLaterDateString); // returns 2025-02-28

in Java, it returns “2025-02-28”

// PHP code
$currentDate = date_create_from_format('Y-m-d', '2024-08-30');
$sixMonthsLaterDate = $currentDate->modify('+6 month');
$sixMonthsLaterDateString = date_format($sixMonthsLaterDate, 'Y-m-d');
echo "sixMonthsLaterDateString: $sixMonthsLaterDateString"; // returns 2025-03-02

in PHP, it returns “2025-03-02”

Why are they different? Can anyone explain it? Thanks!

I have an import using WP ALL-IMPORT where the xml looks like this.

<ROW artnum="53241" klant="-1" week="35" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.2" artbtw="9"/>
<ROW artnum="53241" klant="-1" week="36" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.2" artbtw="9"/>
<ROW artnum="53241" klant="-1" week="37" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.2" artbtw="9"/>
<ROW artnum="54137" klant="-1" week="35" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.1" artbtw="9"/>
<ROW artnum="54137" klant="-1" week="36" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.1" artbtw="9"/>
<ROW artnum="54137" klant="-1" week="37" dag="0" jaar="2024" klantgroep="0" advprijs="2.95" artorg="3.1" artbtw="9"/>

artnum = product_ID

Week is the week the product is on sale
For example week 37 = ‘2024-09-09 to 2024-09-15’

I created a function to get the start date and the end date. it looks like this.

function get_current_year_week_start_date($week) {
    // Get the current year
    $year = date('Y');
    
    // Create a new DateTime object
    $dto = new DateTime();
    
    // Set the DateTime object to the start of the specified week in the current year
    $dto->setISODate($year, $week);
    
    // Return the start date of the week
    return $dto->format('Y-m-d');
}

So the problem now is that the import for product id 54137 is happening 3 times so it overwrites the data so the sale is only on week 37 and not from 35 to 37.

Is there a way to see in the import wich value is lower? or will it be better to skip already imported product_ids and only import the lowest week number?

I have tried to join two tables using hasOne association in my cakephp app
There are two tables users and admin. In both tables the id is primary key. i have linked the mobile field of admin to the add users table. So by hasOne association the user added in user table is supposed to be linked to admin and get added in admin table too. But i am unable to enter the user as an error is occuring

Here is the table structures

user table

admin table

Here is the code of add page of the user template. It is the page to enter users

<?php
/**
 * @var AppViewAppView $this
 * @var AppModelEntityUser $user
 */
?>
<div class="row">
    <aside class="column">
        <div class="side-nav">
            <h4 class="heading"><?= __('Actions') ?></h4>
            <?= $this->Html->link(__('List Users'), ['action' => 'index'], ['class' => 'side-nav-item']) ?>
        </div>
    </aside>
    <div class="column-responsive column-80">
        <div class="users form content">
            <?= $this->Form->create($user  , ['type'=> 'file']) ?>
            <fieldset>
                <legend><?= __('Add User') ?></legend>
                <?php
                    echo $this->Form->control('email');
                    echo $this->Form->control('password');
                    echo $this->Form->control('Re_enter_password');
                    echo $this->Form->control('admin.mobile');
                    echo $this->Form->control('image' , ['type'=> 'file']);
                ?>
            </fieldset>
            <?= $this->Form->button(__('Submit')) ?>
            <?= $this->Form->end() ?>
        </div>
    </div>
</div>

This is the user file in the Entity folder.I have added the admin = true in the accessible function so that admin will be accessible by user

  protected $_accessible = [
        'email' => true,
        'password' => true,
        'created' => true,
        'modified' => true,
        'articles' => true,
        'admin' => true,
        'status' => true,
        '*' => true,
        'id' => false

    ];

This is the add function in the UserController file. It is used to add new users

public function add()
    {
        $user = $this->Users->newEmptyEntity();
        if ($this->request->is('post')) {
            $user = $this->Users->patchEntity($user, $this->request->getData());

    
           if (!$user->getErrors) {
                $image = $this->request->getUploadedFiles();
                
               $name = $image['image']->getClientFilename();
               

         

               $targetPath = WWW_ROOT.'img'.DS.$name;

                if ($name) {
                   $image['image']->moveTo($targetPath);
                }

                $user->image = $name; 
            } else {
                echo "Error uploading" ;
                echo $user->getErrors;
            }


            if ($this->Users->save($user)) {
                $this->Flash->success(__('The user has been saved.'));

                return $this->redirect(['action' => 'index']);
            }
            $this->Flash->error(__('The user could not be saved. Please, try again.')); 
        }
        $this->set(compact('user'));
       
    }

This is the Users table file where i have defined the HasOne relation

 public function initialize(array $config): void
    {
        parent::initialize($config);

        $this->setTable('users');
        $this->setDisplayField('email');
        $this->setPrimaryKey('id');

        $this->addBehavior('Timestamp');

        $this->hasMany('Articles', [
            'foreignKey' => 'user_id',
        ]);

        $this->hasOne('Admin');
    }

I hashed my password using this PHP function,

$hashed_password = password_hash($password, PASSWORD_BCRYPT);

and everything looks fine in the database, but I cannot log in.

I tried this code for login but it won’t work

<?php require_once 'db.php'; 

// step 1 form submission check
if($_SERVER['REQUEST_METHOD'] == "POST"){

    // step 2 input validation
    $username = htmlspecialchars($_POST['username']);
    $password = htmlspecialchars($_POST['password']);

    if(empty($username) || empty($password) ){
        header('Location: login.php?message=Both Fields Are Required');
        exit();
    }else{
        // step 3 Database Query
        $stmt = $conn->prepare("SELECT * FROM mismatch_user WHERE username = :username");
        $stmt->bindParam(':username', $username);
        $stmt->execute();

        $result = $stmt->fetch(PDO::FETCH_ASSOC);

        // step 4 Authentication
        if (password_verify($password, $result['password'])) {
            session_start();
            $_SESSION['username'] = $username;

            header("Location: index.php");
            exit();
        }else{
            header("Location: login.php?message=Invalid Username or Password");
            exit();
        }
    }
}
?>

enter image description here

l5-swagger in config file
'annotations' => [ base_path(‘app/Swagger’), // You should add this line to work
base_path(‘app/’), ],
add but don’t work why
Most commonly this manifests with a warning about the required @OAInfo not being found. While most annotations have specific related code, the info annotation (and a few more) is kind of global.

The simplest solution to avoid this issue is to add a ‘dummy‘ class to the docblock and add all ‘global‘ annotations (e.g. Tag, Server, SecurityScheme, etc.) in a single docblock to that class.

I’m hoping someone can help. I have a custom field for WooCommerce products but I need to wrap the output in an HTML tag.

Please could someone help correct this?

I know it’s not the correct syntax, but this is what I have tried to do and hopefully you can see what I’m trying to achieve:

echo '<p> get_post_meta( get_the_ID(), '_textarea', true ) </p>';

I’m trying to use https://stackoverflow.com/a/46767123/499915 workaround for sending logs from Laravel Scheduler jobs to stdout. In fact, it’s just using a symlink like
ln -sf /proc/1/fd/1 /var/log/laravel-scheduler.log

This works nice, but Telescope module doesn’t like this symlink, it fails with

Failed to open stream: No such file or directory {"exception":"[object] (ErrorException(code: 0): file_get_contents(/var/www/logs/laravel-scheduler.log): Failed to open stream: No such file or directory at /var/www/vendor/laravel/telescope/src/Watchers/ScheduleWatcher.php:68)"}

Is there a way to eliminate this error?

In Laravel 10, I’ve noticed that routes with a name that start with ‘api.’ are automatically under the ‘api’ middleware group defined in the Kernel.php file.

I need to make an API route but I don’t want to link it to the ‘api’ middleware group.

Is there a way to undo this link?

I’ve tried to change the name of the route I’m trying to make, and it didn’t get registered under the ‘api’ middleware group. However, whatever I do to the group, it doesn’t do anything and I didn’t find anyone mentioning this phenomena.

I was making a clone to the famous service ZOHO Mail in Laravel. I made a simple mailer client that sends emails to provided users’ email addresses. I am using Gmail SMTP.
Now there is thing in ZOHO Mail client that offers brief analytics for each sent email using their service. These analytics included a count for “Times Opened” (not called exactly this, but to get the gist) for each email. I dug down the logic behind how it works, and found out that my app must send a 1by1 Pixel invisible image in the Email body itself, and when the pixel is loaded, you record it in the server (since it is being loaded from the server). So this way, whenever anyone opens the recieved email, the pixel gets loaded and i get a record in the database.
Here is the code for appending the TrackingPixel with the body,

$emailId = uniqid();
$trackingPixel = '<img src="' . route('tracking.pixel', ['id' => $emailId]) . '" width="1" height="1" style="display:block;" alt="" title="" />';
$bodyWithPixel = $request->body . $trackingPixel;

First thing is that when it is recieved in the email, it looks like this,

<img src=3D"http://127.0.0.1:8000/tracking-pixel/66d03=d818509c" width=3D"1" height=3D"1" style=3D"display:block;" alt=3D"" title==3D"" />

What even is this 3D, and the second this is that the image is not being loaded in the email. I don’t know if it is becuase of this 3D or something else.
I researched it, and found out that Google doesn’t allow loading images from unknown sites/links (I am using LocalHost for now). Maybe this could be the reason, but anyone could tell a way around this problem?

$emailId = uniqid();
$trackingPixel = '<img src="' . route('tracking.pixel', ['id' => $emailId]) . '" width="1" height="1" style="display:block;" alt="" title="" />';
$bodyWithPixel = $request->body . $trackingPixel;

a pixel image loaded in the email body, but there is no image being loaded there.
Any other way that i can implement to record the email being opened?