I want delete my model via post , but I always get Invalid Request
this is my view
<?php
echo CHtml::link(CHtml::encode('Delete image'), array('gambar/delete', 'id' => $data->id), array(
'submit' => array('data/delete', 'id' => $data->id),
'class' => 'delete', 'confirm' => 'This will remove the image. Are you sure?'
)
);
?>
and this is my action in GambarController
public function actionDelete() {
if (Yii::app()->request->isPostRequest) {
// we only allow deletion via POST request
$this->loadModel()->delete();
if (!isset($_GET['ajax']))
$this->redirect(array('index'));
}
else
throw new CHttpException(400, 'Invalid request. Please do not repeat this request again.');
}
But I always get Invalid Request, I have read some forums, but I cannot get it. Anyone can help me ?
In most cases you can not use link (<a>) to POST. Instead, use the <form> like this
<form action="<?php echo $this->createUrl('/gambar/delete/'.$model->id);?>" method="post">
<button
type="submit"
name="id"
value="<?php echo $model->id?>"
onclick="if (!confirm('Are you sure to delete this image?')) return false;">
<i class="icon-white icon-trash"></i> Delete
</button>
</form>
You are using CHtml::link, this will generate an html <a> tag. When you click on a <a>, your browser send HTTP GET request(not POST request) to the server. So if(Yii::app()->request->isPostRequest) is always false and therefore you see Invalid request error. You should remove this condition from the action. Also, $this->loadModel()->delete() is invalid, because loadModel get an id as parameter. So $this->loadModel($_GET['id'])->delete() is correct.
Use the below code
$this->loadModel(primarykey, 'TableName')->delete();
Should work!
Related
I am planning to use Google invisible Recaptcha V3 in my application. I want the suggestion by which method I can go. In the developer document, I could see 2 ways,
Automatically bind the challenge to a button (https://developers.google.com/recaptcha/docs/v3)
Programmatically invoke the challenge
for the 2nd option, I know we are doing the server-side validation to check the token from my site and we are getting the scores.
I want to know if I am going to use the 1st option, and how it gets validated from the ReCaptcha server.
If you want to use the 1st option, you just include a submit button inside your form, and you will receive the reCaptcha token in the 'g-recaptcha-response' key from the POST field (e.g.: $_POST['g-recaptcha-response'], if you're using php).
<script src="https://www.google.com/recaptcha/api.js"></script>
<form method="post" action="login" id="loginForm">
<label for="password">Password:</label>
<input type="password" name="password" value="">
<!--Recaptcha button-->
<button class="g-recaptcha"
data-sitekey="#your_site_key"
data-callback='onSubmit'
data-action='submit'>Submit</button>
</form>
<script>
function onSubmit(token)
{
document.getElementById("loginForm").submit();
}
</script>
Then, validate the token submiting it to "https://www.google.com/recaptcha/api/siteverify" as you would do with the 2nd option.
If you are on php, login page from the form's action attribute, would look like this:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query([
"secret"=>"#yourSecretKey"
, "response"=>$_POST['g-recaptcha-response']
, "remoteip"=>$_SERVER['REMOTE_ADDR']
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$recaptcha = json_decode(curl_exec($ch), true);
/** $recaptcha:
Array
(
[success] => 1 // or 0
[challenge_ts] => 2022-07-16T12:34:38Z
[hostname] => host // hostname
[score] => 0.9 // 0.0 to 1.0
[action] => submit // data-action attribute from reCaptcha button
)
*/
if ($recaptcha["score"] >= 0.5 && $recaptcha["action"] === 'submit')
{
// action on success
} else {
// action on false
}
?>
About which one to use, I don't know how to answer that... But I guess that both options work similarly, so go with the one that is easier for you to implement.
I'm trying to learn out Cro (and Perl6 simultaneously) ;)
My study app is based on the documentation of Cro. I added some authentication which does work, but the user session gets forgotten immediately.
You can check out the code at https://gitlab.com/ecocode/beaverapp
go to the login pasge and login with "user" and "pwd". You get rerouted to / (which indicates the login succeeded), but the message there is "Current user: -". So the session gets lost.
The relevant part of Routes.pm6 :
class UserSession does Cro::HTTP::Auth {
has $.username is rw;
method logged-in() {
defined $!username;
}
}
my $routes = route {
subset LoggedIn of UserSession where *.logged-in;
get -> UserSession $s {
content 'text/html', "Current user: {$s.logged-in ?? $s.username !! '-'}";
}
get -> LoggedIn $user, 'users-only' {
content 'text/html', "Secret page just for *YOU*, $user.username()";
}
get -> 'login' {
content 'text/html', q:to/HTML/;
<form method="POST" action="/login">
<div>
Username: <input type="text" name="username" />
</div>
<div>
Password: <input type="password" name="password" />
</div>
<input type="submit" value="Log In" />
</form>
HTML
}
post -> UserSession $user, 'login' {
request-body -> (:$username, :$password, *%) {
if valid-user-pass($username, $password) {
$user.username = $username;
redirect '/', :see-other;
}
else {
content 'text/html', "Bad username/password";
}
}
}
sub valid-user-pass($username, $password) {
# Call a database or similar here
return $username eq 'user' && $password eq 'pwd';
}
}
sub routes(Beaverapp $beaverapp) is export {
route {
# Apply middleware, then delegate to the routes.
before Cro::HTTP::Session::InMemory[UserSession].new;
delegate <*> => $routes;
}
}
I think the problem is due to the middleware session management not working. How should I correct this? Or maybe the problem is due to something else?
The behavior you saw was indeed caused by a bug in cookie-treatment inside of HTTP/2 stack.
As for now, the bug is fixed and the code in OP post works.
After discussion on cro irc channel, this problem only appears when using https 2. So the code above is correct.
Hi how do you post the login error message within the originating page where the user was attempting to login ?
Below I was able to stay on the current page if user login successfully but for login error it will obviously just go to the logonprocess page and display the error message.
Sorry that I remove a lot of validation below as the codes can really be very long.
Index.php
<?php
//set the session cookie parameter
ini_set("session.save_path", "sessionData");
session_start();
?>
<?php
if (!isset($_SESSION['uName'])) { ?>
<form method="post" action="logonProcess.php">
<div>Username <input type="text" name="userName" placeholder="Username"></div>
<div>Password <input type="password" name="pwd" placeholder="Password"></div>
<div><input type="submit" value="Logon"></div>
</form>
<?php } else { }?>
<?php
if (isset($_SESSION['uName'])) {
$username = $_SESSION['uName'];
echo "<p>Welcome $username</p>\n";
?>
Logout</br></br>
LogonProcess.php
$loginerror = array();
if (empty($username)) {
$loginerror[] = "You have not entered all of the required fields";
}
elseif (strlen($passWD) < 8) {
$loginerror[] = "You have not entered all of the required fields";
}
if (!empty($loginerror))
for ($a=0;$a<count($loginerror);$a++)
{
echo "$loginerror[$a] <br />\n";
}
else
if (mysqli_stmt_fetch($stmt))
{
if (password_verify($passWD, $passWDHash))
{
$_SESSION['uName'] = $username;
echo "<p>Login successful</p>";
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
else
{
echo "<p>Please try to login again</p>";
}
why dont you put ur login error in $_SESSION["login_error"] and check in ur origin page if the session exits show the error then destroy the session after it.
I am using FU-5.0.8 on Ubuntu14, apache2 php5. I successfully created page to drag n drop file, create signature and upload to my AWS S3 bucket.
I then integrated that code into an existing form, using the qq-form. The FU element and the form are generated correctly, I am able to enter data and the data is posted to my DB including the key file name generated by FU.
Issue 1: FU is not pointing to the bucket I have identified in my script. Instead of the correct bucket as before, it make my domain the target bucket name.
Issue 2: FU provides a progress bar and shows the upload is complete and returns 200. I don't know how this is possible, do FU check that the file actually exists upon completion?
Here are the standalone upload script and the script with the form. As you can see they have an identical endpoint. I have included the POST created from the qq-form where you can see the endpoint is incorrect.
FU in the JSON POST is setting the bucket to www.biggytv.com, which does not exist. It should got to btv_upload_org.s3.amazonaws.com
You assistance is appreciate.
FORM CODE
<form action="https://www.biggytv.com/btvChannels/FSsubmit.php" id="qq-form" class="span6">
<div id="fineuploader-s3" class="span6"></div>
<div class="form-group span2">
<label>Program Title</label>
<input type = "text" class="span4" name="program_title" maxlength="200" autofocus="" required>
</div>
<div class="form-group span6">
<label>Program Description</label>
<textarea name="description" maxlength="1000" class="span8" id="count_me" placeholder="Please do not include links in the Program Description. Add any links to content on other sites as part of your profile." required></textarea>
</div>
<div class="form-group span5">
<label>Video Language</label>
<select name="vid_language" class="span4" required>
<option value=""></option>
<?php $language->data_seek(0);
while($language_row = $language->fetch_assoc()){
$languageid = $language_row['short'];
$languagename = $language_row['name'];
echo "<option value=\"$languageid\">
$languagename
</option>";
}?>
</select>
</div>
<div class="form-group span5">
<label>Target Audience</label>
<select name="Audience_DART1" class="span4" required>
<option value=""></option>
<?php $audience->data_seek(0);
while($audience_row = $audience->fetch_assoc()){
$audienceid = $audience_row['tar_aud_code'];
$audiencename = $audience_row['tar_aud_name'];
echo "<option value=\"$audienceid\">
$audiencename
</option>";
}?>
</select>
</div>
<div class="form-group span5">
<label>Genre</label>
<select name="genre" class="span4" required>
<option value=""></option>
<?php $genre->data_seek(0);
while($genre_row = $genre->fetch_assoc()){
$genreid = $genre_row['genre_id'];
$genrename = $genre_row['genre_name'];
echo "<option value=\"$genreid\">
$genrename
</option>";
}?>
</select>
</div>
<div class="form-group span5">
<label>Rating</label>
<select name="Rating_DART" class="span4" required>
<option value=""></option>
<?php $rating->data_seek(0);
while($rating_row = $rating->fetch_assoc()){
$dartid = $rating_row['dart_rating'];
$dartname = $rating_row['dart_rating_name'];
echo "<option value=\"$dartid\">
$dartname
</option>";
}?>
</select>
</div>
<input type="hidden" name="content_owner_name" value=<?php echo $content_owner_name;?>>
<input type="hidden" name="channel_id" value="801102">
<div class="span6 offset2">
<input id="submitButton" type="submit" value="Submit" class="span4">
</div>
</form>
QQ-FORM
jQuery(document).ready(function ($) {
$('#fineuploader-s3').fineUploaderS3({
request: {
endpoint: "btv_upload_org.s3.amazonaws.com",
accessKey: "XXXXXXXX"
},
template: "qq-template",
signature: {
endpoint: "/finesig/"
},
forceMultipart: {
enabled: true
},
debug: true,
cors: {
expected:true,
},
resume: {
enabled: true
},
objectProperties: {
acl: "public-read"
},
validation: {
itemLimit: 1,
sizeLimit: 150000000,
acceptFiles: "video/mp4, video/quicktime, video/x-flv, video/x-ms-wmv",
allowedExtensions: ["mp4", "mov", "flv", "wmv"],
},
})
});
POST JSON
JSON
conditions
[Object { acl="public-read"}, Object { bucket="www.biggytv.com"}, Object { Content-Type="video/mp4"}, 12 more...]
0
Object { acl="public-read"}
1
Object { bucket="www.biggytv.com"}
2
Object { Content-Type="video/mp4"}
3
Object { success_action_status="200"}
4
Object { key="e001946c-a472-4412-9854-b44fede53e72.mp4"}
5
Object { x-amz-meta-program_title="Marcus%20Johns"}
6
Object { x-amz-meta-description="Marcus%20Johns"}
7
Object { x-amz-meta-vid_language="en"}
8
Object { x-amz-meta-audience_dart1="U"}
9
Object { x-amz-meta-genre="6"}
10
Object { x-amz-meta-rating_dart="G"}
11
Object { x-amz-meta-content_owner_name="MarcusJohns"}
12
Object { x-amz-meta-channel_id="801102"}
13
Object { x-amz-meta-qqfilename="7920637590280230638.mp4"}
14
["content-length-range", "0", "150000000"]
expiration
"2014-10-14T00:11:08.742Z
Uploader Log
[Fine Uploader 5.0.8] Sending simple upload request for 0
custom.....0.8.js (line 207)
[Fine Uploader 5.0.8] Submitting S3 signature request for 0
custom.....0.8.js (line 207)
[Fine Uploader 5.0.8] Sending POST request for 0
custom.....0.8.js (line 207)
POST https://www.biggytv.com/finesig/
200 OK
552ms
custom.....0.8.js (line 3810)
[Fine Uploader 5.0.8] Sending upload request for 0
custom.....0.8.js (line 207)
POST https://www.biggytv.com/btvChannels/FSsubmit.php
200 OK
938ms
custom.....0.8.js (line 9849)
[Fine Uploader 5.0.8] Received response status 200 with body: Array
(
[key] => 05a829e8-bea1-44f6-b35d-1f620f1043af.mp4
[AWSAccessKeyId] => XXXXXXXXX
[Content-Type] => video/mp4
[success_action_status] => 200
[acl] => public-read
[x-amz-meta-program_title] => Marcus%20John
[x-amz-meta-description] => Mar
[x-amz-meta-vid_language] => en
[x-amz-meta-audience_dart1] => U
[x-amz-meta-genre] => 6
[x-amz-meta-rating_dart] => G
[x-amz-meta-content_owner_name] => MarcusJohns
[x-amz-meta-channel_id] => 801102
[x-amz-meta-qqfilename] => 7920637590280230638.mp4
[policy] => eyJleHBpcmF0aW9uIjoiMjAxNC0xMC0xNFQwMDozNzoxNS44NjZaIiwiY29uZGl0aW9ucyI6W3siYWNsIjoicHVibGljLXJlYWQifSx7ImJ1Y2tldCI6Ind3dy5iaWdneXR2LmNvbSJ9LHsiQ29udGVudC1UeXBlIjoidmlkZW8vbXA0In0seyJzdWNjZXNzX2FjdGlvbl9zdGF0dXMiOiIyMDAifSx7ImtleSI6IjA1YTgyOWU4LWJlYTEtNDRmNi1iMzVkLTFmNjIwZjEwNDNhZi5tcDQifSx7IngtYW16LW1ldGEtcHJvZ3JhbV90aXRsZSI6Ik1hcmN1cyUyMEpvaG4ifSx7IngtYW16LW1ldGEtZGVzY3JpcHRpb24iOiJNYXIifSx7IngtYW16LW1ldGEtdmlkX2xhbmd1YWdlIjoiZW4ifSx7IngtYW16LW1ldGEtYXVkaWVuY2VfZGFydDEiOiJVIn0seyJ4LWFtei1tZXRhLWdlbnJlIjoiNiJ9LHsieC1hbXotbWV0YS1yYXRpbmdfZGFydCI6IkcifSx7IngtYW16LW1ldGEtY29udGVudF9vd25lcl9uYW1lIjoiTWFyY3VzSm9obnMifSx7IngtYW16LW1ldGEtY2hhbm5lbF9pZCI6IjgwMTEwMiJ9LHsieC1hbXotbWV0YS1xcWZpbGVuYW1lIjoiNzkyMDYzNzU5MDI4MDIzMDYzOC5tcDQifSxbImNvbnRlbnQtbGVuZ3RoLXJhbmdlIiwiMCIsIjE1MDAwMDAwMCJdXX0=
[signature] => d48Ibli+V6/RmN3bUUZKVJ0woew=
)
custom.....0.8.js (line 207)
[Fine Uploader 5.0.8] Simple upload request succeeded for 0
Update
In the FU documentation you referred to "Integrating with existing html forms", the "simple example" 'action' is set to a script not a S3 bucket, that is why I am confused.
However, I have configured my script in the manner of your answer.
When I set the Action to the bucket, the uploadSuccess: {endpoint} POST does not include any of my form data, just key, uuid,name,bucket,etag.
If I set the Action as to https://www.biggytv.com/btvChannels/FSsubmit.php, the form data is sent in the POST and FU returns a 200 that the file was uploaded to www.biggytv.com, a bucket that does not exist.
So my issue is the uploadSuccess: {endpoint} is not including any of my form data in the POST.
Thank you.!
The action attribute in the form serves the same purpose as the request.endpoint option. You should leave the request.endpoint option off of your JavaScript configuration. The action attribute will define the S3 endpoint where your files will be uploaded. If you want the file to be sent to "btv_upload_org.s3.amazonaws.com", then that should be the value of the form's action attribute. Again, leave request.endpoint off your JavaScript config.
In your JavaScript config, you can (and must) define a signature.endpoint option. Fine Uploader will send a POST to this endpoint to sign each request before a request is sent to the S3 endpoint defined in the action attribute.
You may also define an uploadSuccess endpoint in your JavaScript config. Fine Uploader will POST to this location when the file is successfully in S3.
You can find all information regarding form support on the associated feature page.
After I send the request, I will announce the result to the user via SET FLASH. What is the way to show a message when the user sends a request?
For example when sending a message form : Display -> form is being send and then a flash message is displayed
Check the wiki on the Yii framework website:
http://www.yiiframework.com/wiki/21/how-to-work-with-flash-messages/
In your controller you can put:
Yii::app()->user->setFlash('success', "Form posted!");
In your view you can echo the flash message by:
<?php echo Yii::app()->user->getFlash('success'); ?>
Optionally you can check if a flash message exists by using the hasFlash method, so the code in your view would look like this:
<?php if(Yii::app()->user->hasFlash('success')):?>
<?php echo Yii::app()->user->getFlash('success'); ?>
<?php endif; ?>
Add setFlash in your controller. Something like this:
if($comment->save())
{
Yii::app()->user->setFlash('commentSubmitted','Thank you for your comment.');
$this->refresh();
}
And in your views, display flash message something like this:
<?php if(Yii::app()->user->hasFlash('commentSubmitted')): ?>
<div class="flash-success">
<?php echo Yii::app()->user->getFlash('commentSubmitted'); ?>
</div>
<?php endif; ?>
In your controller you can put:
if(conditions)
Yii::app()->user->setFlash('success', "Success text");
else
Yii::app()->user->setFlash('error', "Error text");
In your view you can echo the flash message by:
<?php
if(Yii::app()->user->hasFlash('success'))
Yii::app()->user->setFlash('success', '<strong>Well done!</strong> '.Yii::app()->user->getFlash('success').'.');
else
Yii::app()->user->setFlash('error', '<strong>Error!</strong> '.Yii::app()->user->getFlash('error').'.');
$this->widget('bootstrap.widgets.TbAlert', array(
'block'=>true, // display a larger alert block?
'fade'=>true, // use transitions?
'closeText'=>'×', // close link text - if set to false, no close link is displayed
'alerts'=>array( // configurations per alert type
'success'=>array('block'=>true, 'fade'=>true, 'closeText'=>'×'), // success, info, warning, error or danger
),
)); ?>