demix3000 Posted May 20, 2008 Share Posted May 20, 2008 hey everyone, well i was making a website to sell pictures on and i decided to use a pre-made php script which when i first got was not working, ive been tweaking it and managed to get it working apart from it wont submit the password on the admin page, ive narrowed it down to this bit of code but i cant see whats wrong, i tried putting method="post" like that but then the whole admin.php page just pops up white, could someone please shed some light on what im doing wrong? thanks a lot. heres the bit of code below ive managed to narrow it down to } else echo "<form name=form1 method=post action=$PHP_SELF method=post>Password : <input type=\"password\" name=\"password\" size=20> <input type=submit name=submit value=OK> </form>"; Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 20, 2008 Share Posted May 20, 2008 need the other part of the code in admin.php, should say $_POST['password'] blarblar or maybe $_GET['password'] Quote Link to comment Share on other sites More sharing options...
demix3000 Posted May 21, 2008 Author Share Posted May 21, 2008 erm well the code uses an "if" at the beggining, sorry if my terms arnt correct as im a vb6 programmer not php hehe... erm here it is.. include("config.inc"); if ($password==$adpass) { if ($submit=="Edit") { then if the password isnt right it will goto an else which is = } else echo "<form name=form1 method=post action=$PHP_SELF method=post>Password : <input type=\"password\" name=\"password\" size=20> <input type=submit name=submit value=OK> </form>"; so in my url i either get: http://localhost/test/method=post or if i take out the first method=post then i get = http://localhost/test/method=post?password=mypass&submit=OK Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 21, 2008 Share Posted May 21, 2008 It seems as if the script is relying on register_globals. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 21, 2008 Share Posted May 21, 2008 It seems as if the script is relying on register_globals. i agree change if ($password==$adpass) { if ($submit=="Edit") { to if ($_POST['password']==$adpass) { if ($_POST['submit']=="Edit") { if you wanted to cheat (not recommended) but you could do this extract($_POST); //ADD this line if ($password==$adpass) { if ($submit=="Edit") { Quote Link to comment Share on other sites More sharing options...
demix3000 Posted May 21, 2008 Author Share Posted May 21, 2008 okay ive changed this bit below if ($_POST['password']==$adpass) { if ($_POST['submit']=="Edit") { further down in my code i have this : <input type=\"submit\" name=\"submit\" value=\"Edit\"> <input type=\"hidden\" name=\"password\" value=\"$password\"> <input type=\"submit\" name=\"submit\" value=\"Delete\"> im assuming i change it to something like: <input type=\"submit\" name=\"submit\" value=\"Edit\"> <input type=\"hidden\" name=\"password\" value=\"password\"> <input type=\"submit\" name=\"submit\" value=\"Delete\"> oh and just incase this still doesnt work heres the full script just to let you know what im working with: <html> <head> <title>upload form</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript"> function pre() { form2.preview.src = 'thumbnails/image'+form2.choiceimage.options[form2.choiceimage.selectedIndex].value+'.jpg'; } </script> </head> <body bgcolor="#000000" text="#CCCCCC" link="#FF3300" vlink="#FF3300"> <div align="center"><font color="#FF3300" face="Arial, Helvetica, sans-serif"><strong>GALLERY ADMIN PAGE</strong></font><br> </div> <?php include("config.inc"); if ($_POST['password']==$adpass) { if ($_POST['submit']=="Edit") { echo "<script language='JavaScript'> window.location = 'uploadform.php?i=$choiceimage&password=$password'; </script>"; }elseif ($submit=="Delete") { for ($i=1; file_exists("images/image".strval($i).".jpg"); $i++) { } $num=$i-1; function unlinkk($f) { if (!file_exists($f)) return true; else return unlink($f); } function del($i) { if (unlinkk("images/image$i.jpg") and unlinkk("thumbnails/image$i.jpg") and unlinkk("down/image$i.zip") and unlinkk("des/image$i.txt")) return true; } if (!del($choiceimage)) echo "Error"; for ($i=intval($choiceimage)+1; $i<$num; $i--) { $j=$i-1; if (!rename("images/image$i.jpg", "images/image$j.jpg")) $error="r"; } if ($error=="") echo "Image$choiceimage deleted successfully"; } else { echo "<form name=\"form2\" action=\"$PHP_SELF\" method=\"post\"> <p align=\"center\"><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\"><strong><font size=\"2\">Upload New Picture</font></strong></font></p> <p align=\"center\"><strong><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\"><a href=\"uploadform.php?password=$password\">click here</a> </font></strong></p> <p align=\"center\"><strong><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\">OR</font></strong></p> <p align=\"center\"><strong><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\"><strong><font size=\"2\">EDIT Existing Picture</font></strong></font></strong></p> <p align=\"center\"><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\"><strong>Image Select :<br> <table border=0><tr><td><select name=\"choiceimage\" size=10 onChange=\"pre()\">"; for ($i=1; file_exists("thumbnails/image".strval($i).".jpg"); $i++) { echo "<option value=$i>Image$i</option>"; } echo "</select></td> </strong></font></p> <p align=center> <td><img src=\"noth.gif\" border=0 name=preview></td></p></tr></table> <p align=\"center\"><strong><font color=\"#CCCCCC\" size=\"1\" face=\"verdana\"> <input type=\"submit\" name=\"submit\" value=\"Edit\"> <input type=\"hidden\" name=\"password\" value=\"$password\"> <input type=\"submit\" name=\"submit\" value=\"Delete\"> </font></strong> </p> </form>"; } } else echo "<form name=form1 method=post action=$PHP_SELF method=post>Password : <input type=\"password\" name=\"password\" size=20> <input type=submit name=submit value=OK> </form>"; ?> <div align="center"><br><font color="#CCCCCC" size="1" face="verdana"><a href="index.php">Go To Gallery</a><br> <br>©Kyscorp.tk -2000-2003- Kys Gallery 1.0 </font></div> <style> BODY { scrollbar-face-color: "#000000"; scrollbar-arrow-color: "#000000"; scrollbar-track-color: "#000000"; scrollbar-3dlight-color:"#333333"; scrollbar-darkshadow-color: "#333333"; } </style></body> </html> Quote Link to comment Share on other sites More sharing options...
demix3000 Posted May 21, 2008 Author Share Posted May 21, 2008 sorry dont mean to double post, heres the code for the page it goes to though: <html> <head> <title>upload form</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/JavaScript"> function validate(){ if (form1.name.value=="" | form1.author.value=="" | form1.des.value=="" | form1.image.value=="" | form1.thumb.value=="") { alert("Name, author, File Source, Description and Thumbnail fields are required"); return false; } else if((form1.web.value!="") & (form1.web.value.indexOf("http://")!=0)) { alert("the web address must begin with 'http://'"); return false; } else { return true; form1.submit(); } } </script> </head> <body bgcolor="#000000" text="#CCCCCC" link="#FF3300" vlink="#FF3300"> <div align="center"><font color="#FF3300" face="Arial, Helvetica, sans-serif"><strong>GALLERY ADMIN PAGE</strong></font><br> </div> <?php include("config.inc"); if ($password==$adpass) { if ($action=="save") { if ($i=="") for ($i=1; file_exists("images/image".strval($i).".jpg"); $i++) { } $file ="des/image$i.txt"; $fp =fopen($file, "w+"); $name=stripslashes($name); $des=stripslashes($des); $code=stripslashes($code); $author=stripslashes($author); $w ="name=".$name."&price=".$price."&code=".$code."&des=".$des."&author=".$author."&mail=".$mail."&date=".$date."&web=".$web; for ($ii=1; $ii<100; $ii++) { $w=stripcslashes($w); } if ($down<>"") $w = $w."&counter=0"; fwrite($fp, $w); fclose($fp); if (copy($thumb, "thumbnails/image".strval($i).".jpg")) echo "Thumbnail copied<br>"; if (copy($image, "images/image".strval($i).".jpg")) echo "Image copied<br>"; if (copy($down, "down/image".strval($i).".zip")) echo "Download File copied"; } else { $file="des/image$i.txt"; /// if (file_exists("des/image$i.txt")) { $fp=fopen($file, "r"); $w=fread($fp, filesize($file)); for ($j=1; $j<10; $j++) { $w=stripcslashes($w); } parse_str($w); $name=stripslashes($name); $des=stripslashes($des); $code=stripslashes($code); $author=stripslashes($author); fclose($fp); } echo "<form method=\"post\" onsubmit=\"return validate();\" enctype=\"multipart/form-data\" name=\"form1\" action=\"$PHP_SELF\"> <p> <font size=\"1\" face=\"verdana\">File Source: <input name=\"image\" type=\"file\" id=\"image\" value='images/image$i.jpg'> <input name=\"i\" type=\"hidden\" id=\"i\" value=$i> </font></p> <p><font size=\"1\" face=\"verdana\"> Name: <input name=\"name\" type=\"text\" id=\"name\" value='$name'> </font></p> <p><font size=\"1\" face=\"verdana\">Thumbnail: <input name=\"thumb\" type=\"file\" id=\"thumb\" value='thumbnails/image$i.jpg'> </font></p> <p><font size=\"1\" face=\"verdana\">Download File: (Not required) <input name=\"down\" type=\"file\" id=\"down\" value='down/image$i.jpg'> </font></p> <p><font size=\"1\" face=\"verdana\">Date: <input name=\"date\" type=\"text\" id=\"date\" value='$date'> <input name=\"action\" type=\"hidden\" id=\"action\" value=\"save\"> <input name=\"password\" type=\"hidden\" id=\"action\" value=\"$password\"> </font></p> <p><font size=\"1\" face=\"verdana\">Author: <input name=\"author\" type=\"text\" id=\"author\" value='$author'><br><br> Author Web: <input name=\"web\" type=\"text\" id=\"web\" value='$web'> </font></p> <p><font size=\"1\" face=\"verdana\">E-mail: <input name=\"mail\" type=\"text\" id=\"mail\" value='$mail'><br><br>Price : <input name=\"price\" type=\"text\" id=\"price\" value=\"$price\"> </font></p> <p><font size=\"1\" face=\"verdana\">Description:</font></p> <p> <font size=\"1\" face=\"verdana\"> <textarea name=\"des\" id=\"des\">$des</textarea> </font></p> <p><font size=\"1\" face=\"verdana\">Paypal HTML Code:</font></p> <p> <font size=\"1\" face=\"verdana\"> <textarea name=\"code\" id=\"code\">$code</textarea> </font></p> <p align=\"center\"> </p> <p align=\"center\"> <font size=\"1\" face=\"verdana\"> <input type=\"submit\" name=\"Submit\" value=\"Submit\"> </font></p> </form>"; } } else echo "<form name=form1 action=$PHP_SELF method=post>Password : <input type=\"password\" name=\"password\" size=20> <input type=submit name=submit value=OK> </form>"; ?> <div align="center"><br><font color="#CCCCCC" size="1" face="verdana"><a href="index.php">Go To Gallery</a><br> <br>©Kyscorp.tk -2000-2003- Kys Gallery 1.0 </font></div> <style> BODY { scrollbar-face-color: "#000000"; scrollbar-arrow-color: "#000000"; scrollbar-track-color: "#000000"; scrollbar-3dlight-color:"#333333"; scrollbar-darkshadow-color: "#333333"; } </style></body> </html> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 21, 2008 Share Posted May 21, 2008 from last script on 2nd to last post change }elseif ($submit=="Delete") { to }elseif ($_POST['submit']=="Delete") { on the last post change if ($password==$adpass) { if ($action=="save") { to if ($_POST['password']==$adpass) { if ($_POST['action']=="save") { and $name=stripslashes($name); $des=stripslashes($des); $code=stripslashes($code); $author=stripslashes($author); to $name=stripslashes($_POST['name']); $des=stripslashes($_POST['des']); $code=stripslashes($_POST['code']); $author=stripslashes($_POST['author']); theirs 2 of the above i think thats all Quote Link to comment Share on other sites More sharing options...
demix3000 Posted May 21, 2008 Author Share Posted May 21, 2008 thanks a lot for helping but im just getting Not Found The requested URL /test/method=post was not found on this server. >_< EDIT: uhg i hate the fact in programing its always the simplest things lol i figured it out thanks a lot for the help as well ... i just needed to put the ' ' on each side of --> '$PHP_SELF' on both pages, well thats sorted :-) thanks Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 21, 2008 Share Posted May 21, 2008 sounds like your missing a \" after target eg (this would cause the same problem) <form action=\"$PHP_SELF method=\"post\" should be <form action=\"$PHP_SELF\" method=\"post\" Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 21, 2008 Share Posted May 21, 2008 I'm pretty sure that he should use $_SERVER['PHP_SELF'] because $PHP_SELF is only set if register_globals is on. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 21, 2008 Share Posted May 21, 2008 true but it was an example of the problem with the quotes Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.