Jump to content

Actions in forms

desidj

By desidj
in PHP Coding Help

Recommended Posts

desidj Newbie

desidj

Posted
Posted

I found this Script on the internet.

 

Now I am trying it out and some thing seems to be broken.

 

Can some tell me what is wrong here. I think the redirection is not working properly.

 

The Reply message and forward message doesn't seem to work.

Which is action(2) and action(3)

 

new and delete functions work great.

 

here are 3 files that are related.

 

Actions and Processing. I am very sure there is problem here.

 

mail_process.php


<?php
/*******
Some general include files
*********/

session_cache_limiter('nocache');
session_start();

db_connect(_DBHOSTNAME_,_DBUSERNAME_,_DBPASSWORD_,_DBNAME_,_PCONN_);

$topass=array();
$mailbox='inbox';
if ($_SERVER['REQUEST_METHOD']=='GET') {
    if (isset($_GET['action']) && !empty($_GET['action'])) {
        $error=0;
        $action=addslashes_mq($_GET['action']);
        $mailbox=isset($_GET['mailbox']) ? addslashes_mq($_GET['mailbox']) : '';
        if ($action==2) { // reply to the message
            check_login_member($access_matrix['mail_reply'][0]);
            if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
                $mail_id=addslashes_mq($_GET['mail_id']);
                $topass['mail_id']=$mail_id;
                $topass['action']='reply';
                $topass['mailbox']=$mailbox;
                redirect2page("mail_send.php",$topass);
            }
        } elseif ($action==3) { // forward message
            check_login_member($access_matrix['mail_forward'][0]);
            if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
                $mail_id=addslashes_mq($_GET['mail_id']);
                $topass['mail_id']=$mail_id;
                $topass['action']='forward';
                $topass['mailbox']=$mailbox;
                redirect2page("mail_send.php",$topass);
            }
        } elseif ($action==1) { // delete message
            check_login_member(min($access_matrix['inbox'][0],$access_matrix['outbox'][0],$access_matrix['sendbox'][0]));
            if (isset($_GET['mail_id']) && !empty($_GET['mail_id'])) {
                $mail_id=array(addslashes_mq($_GET['mail_id']));
                delete_messages($_SESSION['user_id'],$mail_id,$mailbox);
                $topass['message']=$_messages['core'][73];
            }
        } elseif ($action==4) { // delete selected messages
            check_login_member(min($access_matrix['inbox'][0],$access_matrix['outbox'][0],$access_matrix['savedbox'][0]));
            if (isset($_GET['del']) && !empty($_GET['del']) && is_array($_GET['del'])) {
                $del=addslashes_mq($_GET['del']);
                delete_messages($_SESSION['user_id'],$del,$mailbox);
                $topass['message']=$_messages['core'][74];
            }
        } elseif ($action==5) { // block user
            check_login_member($access_matrix['block_members'][0]);
            if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
                $blocked_id=addslashes_mq($_GET['user_id']);
                if (!is_userblocked($_SESSION['user_id'],$blocked_id)) {
                    $query="INSERT INTO user_blocks SET user_id='".$_SESSION['user_id']."',blocked_id='$blocked_id'";
                    if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
                    $topass['message']=$_messages['core'][75];
                } else {
                    $topass['message']=$_messages['core'][76];
                }
            }
        } elseif ($action==6) { // unblock user
            check_login_member($access_matrix['block_members'][0]);
            if (isset($_GET['user_id']) && !empty($_GET['user_id'])) {
                $blocked_id=addslashes_mq($_GET['user_id']);
                if (is_userblocked($_SESSION['user_id'],$blocked_id)) {
                    $query="DELETE FROM user_blocks WHERE blocked_id='$blocked_id' and user_id='".$_SESSION['user_id']."'";
                    if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
                    $topass['message']=$_messages['core'][77];
                    redirect2page("blocked_list.php",$topass);
                } else {
                    $topass['message']=$_messages['core'][78];
                }
            }
        } elseif ($action==7) { // new message
//            check_login_member($access_matrix['mail_send'][0]);    // don't check now, we'll check on mail_send page.
            redirect2page("mail_send.php");
        } elseif ($action== { // save to savedbox
            check_login_member($access_matrix['savedbox'][0]);
            if (isset($_GET['del']) && !empty($_GET['del']) && is_array($_GET['del'])) {
                $del=addslashes_mq($_GET['del']);
                $from='mail_inbox';
                if ($mailbox=='inbox') {
                    $from='mail_inbox';
                } elseif ($mailbox=='outbox') {
                    $from='mail_outbox';
                } elseif ($mailbox=='savedbox') {
                    $from='mail_savedbox';
                }
                $mails2move=join("','",array_values($del));
                $query="INSERT INTO mail_savedbox (read_status,user_id,from_id,from_name,subject,body,link,date_sent,message_type) SELECT read_status,user_id,from_id,from_name,subject,body,link,date_sent,message_type FROM $from WHERE mail_id IN ('$mails2move') AND user_id='".$_SESSION['user_id']."'";
                if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
                $query="DELETE FROM $from WHERE mail_id IN ('$mails2move') AND user_id='".$_SESSION['user_id']."'";
                if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
                $topass['message']=$_messages['core'][115];
            }
        }
    }
}
redirect2page("mailbox.php",$topass,"mailbox=$mailbox");
?>

 

 

Here is the mail_send.php the file that is running together with the template page.

 


<?php
/*

File location:                       processors/mail_send.php

*/

session_cache_limiter('nocache');
session_start();
require_once("../includes/functions.inc.php");
require_once("../includes/templates.inc.php");
require_once("../includes/apt_functions.inc.php");
require_once("../includes/vars.inc.php");
$access_level=$access_matrix['mail_send'][0];
db_connect(_DBHOSTNAME_,_DBUSERNAME_,_DBPASSWORD_,_DBNAME_,_PCONN_);

$topass=array();
if ($_SERVER['REQUEST_METHOD']=='POST') {
    $error=false;
    if (isset($_POST['to']) && !empty($_POST['to'])) {
        if ((strpos($_POST['to'],"\r")!==false) || (strpos($_POST['to'],"\n")!==false)) {
                                // dont send the email and show an error message
                                $error=true;
                                $topass['message']="There appears to be a problem in the \"to\" field of the form. We cannot process the message at this time";
        }
        $to_id=get_userid_by_name(addslashes_mq($_POST['to']));
        if (empty($to_id)) {
            $error=true;
            $topass['message']=$_messages['core'][67];
        }
        if (is_userblocked($to_id,$_SESSION['user_id'])) {
            $error=true;
            $topass['message']=$_messages['core'][68];
        }
    } else {
        $error=true;
        $topass['message']=$_messages['core'][66];
    }
    $subject="";
    $body="";
    if (isset($_POST['subject']) && !empty($_POST['subject'])) {
        if ((strpos($_POST['subject'],"\r")!==false) || (strpos($_POST['subject'],"\n")!==false)) {
                                // dont send the email and show an error message
                                $error=true;
                                $topass['message']="There appears to be a problem in the \"subject\" field of the form. We cannot process the message at this time";
        }
        $subject=addslashes_mq($_POST['subject'],true);
        if (empty($subject)) {
            $error=true;
            $topass['message']=$_messages['core'][69];
        }
    } else {
        $subject=$_messages['core'][116];
    }
    if (isset($_POST['writehere']) && !empty($_POST['writehere'])) {
        $body=addslashes_mq($_POST['writehere'],true);
        if (empty($body)) {
            $error=true;
            $topass['message']=$_messages['core'][70];
        }
    } else {
        $error=true;
        $topass['message']=$_messages['core'][70];
    }
    if (isset($_SESSION['topass']) && !empty($_SESSION['topass'])) {
        $oldtopass=$_SESSION['topass'];
        $_SESSION['topass']="";
        if (isset($oldtopass['action'])) {
            if ($oldtopass['action']=='reply') {
                $access_level=$access_matrix['mail_reply'][0];
                if ($oldtopass['to']!=addslashes_mq($_POST['to'])) {
                    $access_level=$access_matrix['mail_send'][0];        // attempting to trick us? 
                }
            } elseif ($oldtopass['action']=='forward') {
                $access_level=$access_matrix['mail_forward'][0];
            }
        }
        unset($oldtopass);
    }

    $max_messages=get_site_option('max_messages');
    if ((get_messages_sent_today()>=$max_messages) && !empty($max_messages)) {
        $error=true;
        $topass['message']=$_messages['core'][71];
    }
    if (!$error) {
        check_login_member($access_level);

        $senderlevel=$_SESSION['membership'];
        $receiverlevel=get_ownerlevel($to_id);
        $paidlevel=_PAIDLEVEL_;

    if(($receiverlevel < $paidlevel) || ($senderlevel < $paidlevel)){

        if (get_site_option('filter_emails')) {
            $body=remove_text_emails($body);
            $subject=remove_text_emails($subject);
        }
        if (get_site_option('filter_urls')) {
            $body=remove_text_urls($body);
            $subject=remove_text_urls($subject);
        }
        if (get_site_option('filter_words')) {
            $body=remove_text_words($body);
            $subject=remove_text_words($subject);
        }
    }
        $query="INSERT INTO mail_inbox SET message_type=1,user_id='$to_id',from_id='".$_SESSION['user_id']."',from_name='".$_SESSION['name']."',subject='$subject',body='$body',date_sent=now()";
        if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
        if (is_send_newmessage_alerts($to_id)) {
            send_newmessage_alert($_SESSION['user_id'],$to_id);
        }
        $query="INSERT INTO mail_outbox SET message_type=1,user_id='".$_SESSION['user_id']."',from_id='$to_id',from_name='".addslashes_mq($_POST['to'])."',subject='$subject',body='$body',date_sent=now()";
        if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
        if (isset($_POST['save']) && !empty($_POST['save'])) {
            $query="INSERT INTO mail_savedbox SET message_type=1,user_id='".$_SESSION['user_id']."',from_id='$to_id',from_name='".addslashes_mq($_POST['to'])."',subject='$subject',body='$body',date_sent=now()";
            if (!($res=@mysql_query($query))) {trigger_error(mysql_error(),E_USER_ERROR);}
        }
        $topass['message']=$_messages['core'][72];
        redirect2page("mailbox.php",$topass,"mailbox=inbox");
    } else {
        $topass['to']=$_POST['to'];
        $topass['subject']=$_POST['subject'];
        $topass['body']=$_POST['writehere'];
    }
}
redirect2page("mail_send.php",$topass);
?>

 

 

Here is the Template page that is calling the functions.

 


<script type="text/javascript">
    function set_action(newval) {
            document.myform.action.value=newval;
    }
</script>
<form name="myform" id="myform" action="processors/mail_process.php" method="get">
<input type="hidden" name="mail_id" value="{mail_id}" />
<input type="hidden" name="mailbox" value="{mailbox}" />
<input type="hidden" name="action" />
<table cellspacing="1" cellpadding="2" width="100%" border="0">
<tr>
    <td colspan="2">
        <table cellspacing="0" cellpadding="0" width="100%" border="0">
        <tr>
            <td>
                <input class="button" type="submit" value="Delete" onclick="set_action(1)" />
                <input class="button" type="submit" value="Reply" onclick="set_action(2)" />
                <input class="button" type="submit" value="Forward" onclick="set_action(3)" />
            </td>
            <td><a href="mailbox.php?mailbox=inbox">Back to inbox</a></td>
            <td>
            <table><tr><td valign="middle"><a href="mail_read.php?mailbox={mailbox}&mail_id={mail_id}&move=1"><img src="{relative_path}images/uparrow2.gif" border="0" title="Previous" /></a></td><td valign="middle"> | </td><td valign="middle"> <a href="mail_read.php?mailbox={mailbox}&mail_id={mail_id}&move=-1"><img src="{relative_path}images/downarrow2.gif" border="0" title="Next" /></a></td></tr></table>
            </td>
        </tr>
        </table>
    </td>
</tr>
<tr>
    <td class="statusmenu" width="1%"><b>From: </b></td>
    <td class="whiterows"> {from} | <a href="processors/mail_process.php?action=5&mailbox={mailbox}&user_id={from_id}">Block this user</a> | <a href="profile_view.php?user_id={from_id}">View profile</a></td>
</tr>
<tr>
    <td class="statusmenu" width="1%"><b>Date: </b></td>
    <td class="whiterows"> {date_sent}</td>
</tr>
<tr>
    <td class="statusmenu" width="1%"><b>Subject: </b></td>
    <td class="whiterows"> {subject}</td>
</tr>
<tr>
    <td colspan="2" width="100%">
        <table width="100%" cellpadding="5" cellspacing="0" border="0" height="300">
        <tr>
            <td valign="top" class="mailbody">
                <br>
                {body}<br><center>{link}</center>
            </td>
        </tr>
        </table>
    </td>
</tr>
<tr>
    <td colspan="2" align="center"><a href="mailbox.php?mailbox=inbox">Inbox</a> | <a href="mailbox.php?mailbox=outbox">Outbox</a> | <a href="mailbox.php?mailbox=savedbox">Savedbox</a></td>
</tr>
</table>
</form>

Link to comment
https://forums.phpfreaks.com/topic/114597-actions-in-forms/
Share on other sites
vicodin Member

vicodin

Posted
Posted

Does it give you an error, if so post that error; or does it do nothing at all..

 

"redirect2page" is not a built in function... there should be another file which declares all the functions that the person made for the script. Look for somewhere in there that says include or require once and then a php file or inc file and post that up too.

 

Link to comment
https://forums.phpfreaks.com/topic/114597-actions-in-forms/#findComment-589217
Share on other sites
desidj Newbie

desidj

Posted
  • Author
Posted 
<?php
function redirect2page($pagename,$topass=array(),$qstring="",$full_url=false) {
if (!empty($pagename)) {
	if (!$full_url) {
		$redirect=_BASEURL_."/".$pagename;
		$separator="?";
		if (SID!="") {
			$redirect.=$separator.SID;
			$separator="&";
		}
		if (!empty($qstring)) {
			$redirect.=$separator.$qstring;
			$separator="&";
		}
	} else {
		$redirect=$pagename;
	}
	if (isset($topass) && !empty($topass)) {
		$_SESSION['topass']=$topass;
	}
	header("Status: 303 See Other",true);
	header("Location: $redirect",true);
} else {
	error("No page specified for redirect",__LINE__,__FILE__);
}
exit;
}

?>

Link to comment
https://forums.phpfreaks.com/topic/114597-actions-in-forms/#findComment-589226
Share on other sites
desidj Newbie

desidj

Posted
  • Author
Posted

It dosent give me any error.

 

Just show this in the address bar

http://www.mydesimodel.com/mail_send.php 

 

With no querries attached to it. I dont know if it supposed to show the querry in the url.

 

Like it shows when u read message

http://www.mydesimodel.com/mail_read.php?mailbox=inbox&mail_id=3

 

 

just a Blank page

and If  I refresh it just Shows a Send a New message with no username to send the reply to or the previous message or subject. I mean pretty much notthing connect to the reply message.

 

 

Link to comment
https://forums.phpfreaks.com/topic/114597-actions-in-forms/#findComment-589228
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.