unidox

I dont know whats wrong, but I keep getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 My file is: <?php $page = "admins"; $mysql_table = "cp_levels"; require_once("inc/db.inc.php"); require_once ("files/levels.php"); $selecta = "4.All&3.Roster&2.Staff&1.Admin"; $checkfields = "title"; $errors = "Please enter your name!"; $titles = "Your Name:&Login:&Home:&News:&Roster:&Links:&Leagues:&Matches:&Servers:&Sponsors:&Downloads:&Media:&Demos:&Setting:&Change_Pass:&Users"; $fields = "title&login&home&news&roster&links&leagues&matches&servers&sponsors&downloads&media&demos&settings&changepass&users"; $type = "text&select&select&select&select&select&select&select&select&select&select&select&select&select&select&select"; $size = "40&null&null&null&null&null&null&null&null&null&null&null&null&null&null&null"; $maxlength = "20&null&null&null&null&null&null&null&null&null&null&null&null&null&null&null"; $id_type = "level_id"; if ($_REQUEST['m'] == "4") { $choose = explode(".",$_POST['level_id']); $access = $choose[1]; $access2 = "title,login,home,news,roster,links,leagues,matches,servers,sponsors,downloads,media,demos,settings,changepass,users"; MYSQL_QUERY("UPDATE $mysql_table SET level_id='$access' WHERE $id_type=$id") or die (mysql_error()); showSuccess('Admin User Level Update'); header ("Location: index.php?page=admin_users"); } if (!$_REQUEST['m']) { getHeader(); createJSValid($checkfields,$errors); createForm($titles,$fields,$type,$size,$maxlength,'4'); } ?> The db is: `level_id` int(11) NOT NULL auto_increment, `title` varchar(20) NOT NULL default '', `login` int(2) NOT NULL default '0', `home` int(2) NOT NULL default '0', `news` int(2) NOT NULL default '0', `roster` int(2) NOT NULL default '0', `links` int(2) NOT NULL default '0', `leagues` int(2) NOT NULL default '0', `matches` int(2) NOT NULL default '0', `servers` int(2) NOT NULL default '0', `sponsors` int(2) NOT NULL default '0', `downloads` int(2) NOT NULL default '0', `media` int(2) NOT NULL default '0', `demos` int(2) NOT NULL default '0', `settings` int(2) NOT NULL default '0', `pass` int(2) NOT NULL default '0', `users` int(2) NOT NULL default '0', PRIMARY KEY (`level_id`) ) TYPE=MyISAM AUTO_INCREMENT=38 ;

Hey steven! WHat things does it throw off?

bump

I have a problem, the access for the user levels arnt working. Even members have admin access. Here are the files: I have it so when u make a user, a number 1,2,3 goes in the db. 1 For admin, 2 for staff, 3 for member. part of the func2.inc.php: require_once 'config.inc.php'; $oncolour = "#BCD5FE"; $offcolour = "#FFFFFF"; $bdrcolour = "#F0F0F0"; $islogged = preg_match("/index.php?page=login/", $_SERVER['PHP_SELF']); if ($islogged == "0") { if ($_COOKIE['uniqueid'] == "") { header ("Location: index.php?page=login"); exit; } } if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } Config.inc.php: <?php ############################################### // Folder Locations $template_folder = "template/"; $folder = "/"; $imagefolder = "pics/"; $imagefilepath = $folder . $imagefolder; // Vulgarity on or off // 1: On, 0: off $vulgarity = 0; // Special Character // Default: | $special_character = "&"; // Max Links & Roster Characters // Default: 20 $max_length = 16; // Max News Posts Displayer Per Page // Default: 8 $max_news = 8; // Do not change $root = $_SERVER['DOCUMENT_ROOT']; $imagefullpath = $root . $imagefilepath; // Access Levels // 1: Master, 2: Staff, 3: Members, 4: All Users $levels = array(); $levels[login] = "4"; $levels[index] = "3"; $levels[news] = "2"; $levels[roster] = "3"; $levels[links] = "2"; $levels[leagues] = "2"; $levels[matches] = "2"; $levels[servers] = "2"; $levels[faq] = "2"; $levels[sponsors] = "2"; $levels[downloads] = "2"; $levels[meda] = "2"; $levels[demos] = "2"; $levels[settings] = "1"; $levels[changepass] = "3"; $levels[admins] = "1"; $levels[config] = "1"; ?> The SQL structure is: `user_id` int(11) NOT NULL auto_increment, `username` varchar(20) NOT NULL default '', `password` varchar(255) NOT NULL default '', `cur_ip` varchar(25) NOT NULL default '', `last_logged` varchar(25) NOT NULL default '', `access` int(2) NOT NULL default '0',

I tried, i looked at the source of the page, and this is what it came out with... <tr width="100%" height="10"> <td width="30%">Test</td> <td width="30%">asd</td> <td width="20%">asd</td> <td align="right" width="20%"><a href="/index.php?page=admin_demos&m=3&id=4"><img alt="0" style="display: none;" src="images/ad_edit.gif" border="0"></a> <a href="/index.php?page=admin_demos&m=5&id=4"><img style="display: none;" alt="0" src="images/ad_delete.gif" border="0"></a></td> </tr> Could it be the style? I looked in all my files and I didnt find anything that had no display...

bump

It says in the source the value is Array, so how do I fix this?

I have a problem, all of the input fields say Array, when I want them to be saying whats in the db. Here is my code: admin_settings.php: <?php $page = "settings"; $mysql_table = "cp_settings"; require_once("inc/db.inc.php"); require_once ("inc/func2.inc.php"); require_once ("req/settings.inc.php"); $checkfields = "clan_info&website_title&owner&owner_email&clan_name&clan_tag&bdrcolour&colourone&colourtwo"; $errors = "Enter your clan information&Enter your website title&Enter the owners name&Enter the owners email&Enter a clan name&Enter a clan tag!&Enter a border colour!&Enter a 1st colour& Enter a 2nd colour!"; $titles = "Clan Information:&Website Title:&Owner Name:&Owner Email:&Clan Name:&Clan Tag:&Border Colour:&Colour One:&Colour Two"; $fields = "clan_info&website_title&owner&owner_email&clan_name&clan_tag&bdrcolour&colourone&colourtwo"; $type = "textarea&text&text&text&text&text&text&text&text"; $size = "null&40&40&40&40&10&10&10&10"; $maxlength = "null&100&100&100&100&15&7&7&7"; $id_type = "setting_id"; if ($_REQUEST['m'] == "1") { $clan_info = remslash($_POST['clan_info']); $website_title = remslash($_POST['website_title']); $owner = remslash($_POST['owner']); $owner_email = remslash($_POST['owner_email']); $clan_name = remslash($_POST['clan_name']); $clan_tag = remslash($_POST['clan_tag']); $bdrcolour = remslash($_POST['bdrcolour']); $colourone = remslash($_POST['colourone']); $colourtwo = remslash($_POST['colourtwo']); MYSQL_QUERY("UPDATE $mysql_table SET clan_info='$clan_info', website_title='$website_title', owner='$owner', owner_email='$owner_email', clan_name='$clan_name', clan_tag='$clan_tag', bdrcolour='$bdrcolour', colourone='$colourone', colourtwo='$colourtwo'") or die (mysql_error()); showSuccess('Settings Update',$_SERVER['PHP_SELF']); } if (!$_REQUEST['m']) { getHeader(); $result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE $id_type='0'") or die (mysql_error()); while ($mysql=mysql_fetch_array($result)) { $mysql_values = getContent($mysql[clan_info],'1') . "&" . getContent($mysql[website_title],'1') . "&" . getContent($mysql[owner],'1') . "&" . getContent($mysql[owner_email],'1') . "&" . getContent($mysql[clan_name],'1') . "&" . getContent($mysql[clan_tag],'1') . "&" . getContent($mysql[bdrcolour]) . "&" . getContent($mysql[colourone]) . "&" . getContent($mysql[colourtwo]) . "&" . getContent($mysql[template]); createJSValid($checkfields,$errors); createForm($titles,$fields,$type,$size,$maxlength,'1',$id_type,$id,$mysql_values,'1'); } } ?> Settings.inc.php: <?php function showAsk($typo,$id = '',$m = '6') { global $bdrcolour; echo " <form action=\"" . $_SERVER['PHP_SELF'] . "?page=admin_links&m=" . $m . ""; if ($id != '') { echo "&id=" . $id . ""; } echo "\" method=\"post\"> " . startTable() . " <tr align=\"center\"> <td " . setMouse('0') . ">" . $typo . "<br><br></td> </tr> </table> " . showDiv() . " <input type=\"button\" value=\"No\" onclick=\"history.back();\"></input> <input type=\"button\" value=\"Yes\" onclick=\"this.form.submit();\"></input> </form>"; } function createForm($titles,$fields,$type,$size,$maxlength,$m,$idtype = '',$id = '',$mysql_values ='',$backoff = '') { global $selecta; $title = explode("&",$titles); $field = explode("&",$fields); $fieldtype = explode("&",$type); $fieldsize = explode("&",$size); $fieldmax = explode("&",$maxlength); if ($mysql_values != '') { $mysql = explode("&",$mysql_values); } if (count($title) != count($field)) { showError('Your $title/$fields do not match'); } elseif (count($title) != count($fieldtype)) { showError('Your $title/$type do not match'); } elseif (count($title) != count($fieldsize)) { showError('Your $title/$size do not match'); } elseif (count($title) != count($fieldmax)) { showError('Your $title/$maxlength do not match'); } elseif (count($field) != count($fieldtype)) { showError('Your $fields/$type do not match'); } elseif (count($field) != count($fieldsize)) { showError('Your $fields/$size do not match'); } elseif (count($field) != count($fieldmax)) { showError('Your $fields/$maxlength do not match'); } elseif (count($fieldtype) != count($fieldsize)) { showError('Your $type/$size do not match'); } elseif (count($fieldtype) != count($fieldmax)) { showError('Your $type/$maxlength do not match'); } elseif (count($fieldsize) != count($fieldmax)) { showError('Your $size/$maxlength do not match'); } else { echo " <form action=\"" . $_SERVER['PHP_SELF'] . "?page=admin_links&m=" . $m; if ($id != '') { echo "&id=" . $id; } echo "\" method=\"post\""; if ($m == '8' || $m == '12') { echo " enctype=\"multipart/form-data\""; } echo "> " . startTable(); $total = count($field); for ($i = 0; $i < $total; $i++) { if ($fieldtype[$i] == "date") { echo " <input type=\"hidden\" name=\"" . $field[$i] . "\" value=\""; if ($m == "2") { echo date("m/d/Y"); } else { echo $mysql[$i]; } echo "\"></input>"; } else { echo " <tr valign=\"top\"> <td " . setMouse("title" . $i) . ">" . $title[$i] . "</td> <td " . setMouse("input" . $i) . ">"; if ($fieldtype[$i] == "select") { echo "<select name=\"" . $field[$i] . "\">"; $options = explode("&",$selecta); for ($o = 0; $o < count($options); $o++) { echo "<option value=\"" . $options[$o] . "\""; if ($mysql_values != '') { if ($mysql[$i] == $options[$o]) { echo " selected"; } } echo ">" . $options[$o] . "</option>"; } echo "</select>"; } elseif ($fieldtype[$i] == "textarea") { echo "<textarea cols=\"60\" rows=\"10\" name=\"" . $field[$i] . "\">"; if ($mysql_values != '') { echo $mysql[$i]; } echo "</textarea>"; } else { echo "<input type=\"" . $fieldtype[$i] . "\" name=\"" . $field[$i] . "\""; echo " value=\"" . $mysql[$i] . "\""; if ($mysql_values != '') { } if ($fieldsize[$i] != 'false') { echo " size=\"" . $fieldsize[$i] . "\""; } if ($maxfield[$i] != 'false') { echo " maxlength=\"" . $fieldmax[$i] . "\""; } echo "></input>"; } echo "</td> </tr>"; } } echo " </table>". showDiv(); if ($backoff == '') { echo "<input type=\"button\" value=\"Back\" onclick=\"history.back();\"></input> "; } echo " <input type=\"button\" value=\"Go!\" onclick=\"isformValid(this.form);\"></input> <input type=\"reset\" value=\"Refresh\"></input></div> </form>"; } } ?> func2.inc.php: <?php require_once 'config.inc.php'; $oncolour = "#BCD5FE"; $offcolour = "#FFFFFF"; $bdrcolour = "#F0F0F0"; $islogged = preg_match("/index.php?page=login/", $_SERVER['PHP_SELF']); if ($islogged == "0") { if ($_COOKIE['uniqueid'] == "") { header ("Location: index.php?page=login"); exit; } } if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } function getContent($content,$sql = '') { global $special_character; if ($sql == '') { $content = eregi_replace( "([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])","<a href=\"\\1://\\2\\3\" target=\"_blank\" target=\"_new\"><b>\\1://\\2\\3</b></a>", $content); $content = eregi_replace("([_a-z0-9\-\.]+)@([a-z0-9\-\.]+)\."."(net|com|gov|mil|org|edu|int|biz|info|name|pro|[A-Z]{2})"."($|[^a-z]{1})", "<a href=\"mailto:\\1@\\2.\\3\"><b>\\1@\\2.\\3</b></a>\\4", $content); $content = nl2br($content); } $content = str_replace($special_character,"'",$content); return $content; } function remslash($content) { global $special_character; $output = str_replace("\'",$special_character,$content); return $output; } function setMouse($id = '') { global $oncolour, $offcolour; $output = "class=\"bdr\" bgcolor=\"" .$offcolour . "\" id=\"area" . $id . "\" onmouseover=\"bgOn(this,'" . $oncolour . "');\" onmouseout=\"bgOff(this,'" . $offcolour . "');\""; return $output; } function showDiv() { $output = "<div width=\"100%\" style=\"padding-top: 3px\" align=\"right\">"; return $output; } function startTable() { global $bdrcolour; $output = "<table cellspacing=\"1\" cellpadding=\"7\" width=\"100%\" bgcolor=\"" . $bdrcolour . "\">"; return $output; } function createTr($content,$id = '',$class = '') { echo "<tr> <td " . setMouse($id) . ">"; if ($class != '') { echo "<span class=\"" . $class . "\">"; } echo $content; if ($class != '') { echo "</span>"; } echo "</td> </tr>"; } function showError($error) { echo" <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html><head> <META http-equiv=Content-Type content=\"text/html; charset=windows-1252\"> <title>Error</title> <link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head> <body bgcolor=\"#FFFFFF\"> <div align=\"center\"><b>An Error has occured: <span class=\"error\">" . $error . "</span></b></div> </body></html> "; } function showSuccess($success,$page,$refresh = '1') { echo " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html><head> <META http-equiv=Content-Type content=\"text/html; charset=windows-1252\"> <meta http-equiv=\"Refresh\" content=\"" . $refresh . "; url='" . $page . "'\"> <title>Congratulations</title> <link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head> <body bgcolor=\"#EEEEEE\"> <div class=\"success\" align=\"center\">Congratulations: " . $success . " successfull<br>Redirecting to " . $page . ".<br>If this does not work <a href=\"" . $page . "\">click here</a>.</div> </body></html>"; } function getHeader() { global $page, $imagefullpath, $imagefilepath; if (file_exists("req/header.inc.php")) { include("req/header.inc.php"); } else { showError("Unable to Require file : \"req/header.inc.php\""); } } function getFooter() { if (file_exists("req/footer.inc.php")) { include("req/footer.inc.php"); } else { showError("Unable to Require file : \"req/footer.php\""); } } function createJSValid($required,$errors) { $field = explode("&",$required); $alert = explode("&",$errors);; if (count($alert) != count($field)) { showError('Required Fields/Error Msgs do not match'); } else { echo "<script language=\"javascript\"> <!-- function isformValid(form) {"; $i = 0; while ($i < count($field)) { $thisfield = $field[$i]; $thiserror = $alert[$i]; echo " if (!form." . $thisfield . ".value) { alert(\"" . $thiserror . "\"); form." . $thisfield . ".focus(); return false; }"; $i++; } echo " else { form.submit(); } } //--> </script>"; } } ?> What is wrong?

I get: <tr height='10' width='100%'> <td width='30%'><b>News 2</b></td> <td width='30%'>SAPPER</td> <td width='20%'>06/24/2007</td> <td width='20%' align='right'> <a href="/index.php?page=admin_news&m=3&id=50"><img height='14' width='14' border='0' alt='' src='images/ad_edit.gif'></a> <a href="/index.php?page=admin_news&m=5&id=50"><img height='14' width='14' border='0' alt='' src='images/ad_delete.gif'></a></td> </tr>

No images show fine.

I have this code: <tr height='10' width='100%'> <td width='30%'><b>" . getContent($mysql[news_topic]) . "</b></td> <td width='30%'>" . getContent($mysql[news_author]) . "</td> <td width='20%'>" . $mysql[topic_date] . "</td> <td width='20%' align='right'> <a href=\"" . $_SERVER['PHP_SELF'] . "?page=admin_news&m=3&id=" . $mysql[$id_type] . "\"><img height='14' width='14' border='0' alt='' src='images/ad_edit.gif'></a> <a href=\"" . $_SERVER['PHP_SELF'] . "?page=admin_news&m=5&id=" . $mysql[$id_type] . "\"><img height='14' width='14' border='0' alt='' src='images/ad_delete.gif'></a></td> </tr> I can see the images fine in IE, but when I use FF, the images never show. How can I fix this?

Can you tell me whats messed up?

I kinda need this done soon... Can I PM you my source?

I did, but nothing changed...

www.team-unidox.com I am coding that now, but why are there many spaces?

How do I disable all <script><html> and tags like that in an <input in my php

You need to clean up your code. Make it W3C

I am trying to have different user levels, but no matter what, it gives admin access to all users :/ login.php: <?php $page = "login"; require_once ("inc/db.inc.php"); require_once ("inc/func3.inc.php"); require_once ("req/login.inc.php"); if ($_REQUEST['m']) { if ($_REQUEST['m'] == "1") { $loginpass = $_POST['login_pass']; $password = md5($loginpass); $loginname = $_POST['login_name']; $checkrows = mysql_query ("SELECT * FROM cp_users WHERE username='$loginname' && password='$password'") or die (mysql_error()); $rowcount = mysql_num_rows ($checkrows); if ($rowcount == "0") { showError("User/Login Error"); } if ($rowcount != "0") { header ("Location: index.php?page=admin"); $time = date("h:i:a"); $date = date("m/d/Y"); $last_logged = $time . "\n(" . $date . ")"; $ip = getenv ("REMOTE_ADDR"); MYSQL_QUERY("UPDATE cp_users SET last_logged='$last_logged', cur_ip='$ip' WHERE username='$loginname'") or die (mysql_error()); while ($mysql=mysql_fetch_array($checkrows)) { setcookie("access", $mysql[access],time()+60*60*24*30); } setcookie ("uniqueid",$loginname,time()+60*60*24*30); exit; } } elseif ($_REQUEST['m'] == "2") { header ("Location: index.php?page=login"); setcookie ("uniqueid"); setcookie ("access"); exit; } } else { if ($_COOKIE['uniqueid'] == "") { $checkfields = "login_name&login_pass"; $errors = "Enter a username&Enter a password!"; $titles = "Username:&Password:"; $fields = "login_name&login_pass"; $type = "text&password"; $size = "30&30"; $maxlength = "25&25"; createJSValid($checkfields,$errors); createForm($titles,$fields,$type,$size,$maxlength,'1','','','','1'); } else { showError("You are already logged in, <a href=\"" . $_SERVER['PHP_SELF'] . "?page=login&m=2\">logout?</a><br /><br /><a href='index.php?page=admin'>Admin Home</a>"); } } ?> Part of the func3.inc.php: require_once 'config.inc.php'; $islogged = preg_match("/index.php?page=login/", $_SERVER['PHP_SELF']); $oncolour = "#FFFFFF"; $offcolour = "#FFFFFF"; $bdrcolour = "#FFFFFF"; if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } The config.inc.php: <?php ############################################### // Folder Locations $template_folder = "template/"; $folder = "/"; $imagefolder = "pics/"; $imagefilepath = $folder . $imagefolder; // Vulgarity on or off // 1: On, 0: off $vulgarity = 0; // Special Character // Default: | $special_character = "&"; // Max Links & Roster Characters // Default: 20 $max_length = 16; // Max News Posts Displayer Per Page // Default: 8 $max_news = 8; // Do not change $root = $_SERVER['DOCUMENT_ROOT']; $imagefullpath = $root . $imagefilepath; // Access Levels // 1: Master, 2: Limited, 3: All Users $levels = array(); $levels[login] = "3"; $levels[index] = "2"; $levels[news] = "2"; $levels[roster] = "1"; $levels[links] = "2"; $levels[leagues] = "2"; $levels[matches] = "2"; $levels[servers] = "1"; $levels[faq] = "2"; $levels[sponsors] = "1"; $levels[downloads] = "2"; $levels[meda] = "2"; $levels[demos] = "2"; $levels[settings] = "1"; $levels[changepass] = "2"; $levels[admins] = "1"; $levels[config] = "1"; ?>

bump

I have a cms, and I was just wondering if it is possible so that, when the php lists the info from the db, instead of clicking on the edit button, you click on the text and you can edit it without even changing the page. If it possible, can someone help?

I think he just wants it in the input. In that case use: <input style="background-image:url(/image);">

I am a bit confised, what are you trying to do?

Something good for beginners is cutenews. If you want it to fit in the content area, use an iframe

Yes, it is my own cms... Well, I asked a friend and I was just wondering if this would work... I wrote it up right now, and its 2 in the morning, so if the code is bad, please help. Use a table and in the admin define a number 1 for left, 2 for right $block1 = "Block #1"; $block2 = "Block #2"; $block3 = "Block #3"; If { $block1 == "1"; print "$block1"; }ifelse{ $block2 == "2"; print "$block2"; }ifelse{ $block3 == "3"; print "$block3"; Not sure if I typed that in right. I wonder if that will work

Opps, not modules, blocks. Sorry, but is there a script someone can help with?