forked from Hostname47/PHP-CHAT
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathz__important_notes.txt
69 lines (55 loc) · 5.56 KB
/
z__important_notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Author: MOUAD NASSRI
Created at: 22 / 12/ 2020
-------------- IMPORTANT NOTES TO READ --------------
I used composer autoload script along with classmap standard, so that every php web page will be created need to require
the autoload in composer vendor directory.
init.php file include configurations and it's also needed along with autoload in every page deals with configurations
Hint:
functions/sanitize.php file could not be included by adding the following statement inside init.php:
require_once functions/sanitize.php
because this will be available only in root directory and because index.php is in the root directory, it will work fine, but if we include our
init.php file in a different position in directory system it will generate a Fatal error because functions/sanitize.php is
relative to root directory. SO we need to include it also with autoload and init file if the calling script needs it.
[IMPORTANT#1]: When you add a class and attach it to a namespace, don't forgtet to update composer so it could used
it in classmap array
[IMPORTANT#2]: When you get an error don't be hurry to look at the solution, most of the times the solution is there, you
ONLY NEED TO READ THE ERROR CLOSELY AND CAREFULLY
[IMPORTANT#3] About tokens and sessions: The user first of all will get a generated token in token hidden input and this token is also set into $_SESSION of this user,
what happens then is that this user submit the form, we use Token::check(Input::get("token")) function to check if first a session exists
by the condition: if(Session::exists($token)) and then the token that the user supplied matches the SESSION token; if the two condition successful,
we need to delete that token because we don't want this session anymore and we return true. That can be a good practice against CSRF (CROSS-SITE REQUEST FORGERY)
Hint: Notice we add token check inside register button check because we only need to check the token if the user press register
that way we prevent users from entering data in the URL, and only check tokens matching if register button get pressed
[#1] TOKENS_CONFLICT_ERROR [FIXED]: 2 hour before suicide lol: There are 2 inputs(login and register submits buttons) generate 2 tokens when page loaded and session token variable take the last token generated by register
because I used only one token in init.php file to store the generated token so when we want to login we get mismatches in tokens.
I resolved this problem by separating tokens places by adding array of tokens in init file and passe the token holder name as
argument to check function to fetch the token name from tokens array and use that name as session name so at the end of the day
we'll have $_SESSION["register"] and $_SESSION["login"] so we won't have any conflict between the two and if for example we add
a form with submit button we can add a token related to this button by adding the name of it in tokens array in init file
[IMPORTANT#4] About user login: In login page we create a user and check the credentials by login. If credentials are right we
add a session so that next time we create a user we'll have already the session exists and we fetch data with value inside session
which is id So we get all data of user from that id that's why you see only user instantiation but still get its data.
[IMPORTANT#5] When you tend to use send messages using Mailgun don't forget to replace the 'pem' file in:
vendor/guzzle/guzzle/src/Guzzle/Resources/cacert.pem by the latest version of cacert.pem file in curl website in :
https://curl.haxx.se/docs/caextract.html
[IMPORTANT#6] Maybe this note will be updated later.
Notice when we search for users and we get result in form of divs, we want when we click on a specific user to move to its
profile but we need something to identify this user, and because the credentials like username could be changed from inspector we need
a secure way to get its username to identify this user and redirect to its profile.
[#2] TOKEN_CHANGED_BETWEEN_SESSIONS_ERROR (I get stuck 3 hours in that problem) [FIXED]
When Token is generated by using Token::generate("logout"), sometimes this generate function called twice on the same page and the
session data get changed and therefore the account could not disconnect. To solve this problem before generating a token we check if the
session already have a token in it; If so we just return this session by using Session::get() method; Otherwise we generate
a new token and push it to $_SESSION by using Session::put() method.
[#3] LONG POLLING LOOP DOESN'T STOP [FIXED TEMPORARILY]
I change the the request type in the long polling file to POST because we get receiver id as post varaible and I thnk that was
the reason why sometimes messages doesn't seem to be sent !
NOTICE: that the ports in xampp change everytime I access chat page, I think that was the first reason behind this bugs
[IMPORTANT#7] How do we now that a user is active or not !
When a user logged in to the system, we update the last_active_update column in its user record denoting that the last time this user
logged in is the current date, and when we list the ontacts in right master pannel or chat friends, we compare that date
with the last_active update if the difference is lessthan 5 minutes meaning it's online, otherwise it's offline.
By the way the user constantly mark his presence by updating the last_active update each 2 minutes as long as he's logged
in by sending a request to the server to update his presence date
His friends then check it's last_active_update, If the difference between now and this time is less than 5 minutes, well
that is a sign that he's online.