seany123 Posted March 6, 2009 Share Posted March 6, 2009 okay i have a page which worked fine but then i added a line of code for security and now it doesnt display the values from my database when i click pending and fixed.... here is the code i added: if($player['staff'] <= 2) { header("Location: home.php"); } else { and this is the page with the code added: <?php include("lib.php"); define("PAGENAME", "Bug List"); $player = check_user($secret_key, $db); include("templates/private_header.php"); if($player['staff'] <= 2) { header("Location: home.php"); } else { if (isset($_GET['fixed'])) { $query = $db->execute("select * from `bugs` where status='Fixed'"); while ($buglist= $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=green>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } if (isset($_GET['pending'])) { $query = $db->execute("select * from `bugs` where status='Pending'"); while ($buglist = $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=red>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } } ?> <center> <form method="GET" action="bugslist.php"> <input type="submit" name="fixed" value="Fixed Bugs"> <input type="submit" name="pending" value="Pending Bugs"> <p /><b>Select which type of bugs you would like to check.</b><p /> </center> <?php include("templates/private_footer.php") ?> Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted March 6, 2009 Share Posted March 6, 2009 I'd say you're missing a closing } Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 no the code worked before fine i added to it... i have already put a } at the bottom to compensate for the { Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted March 6, 2009 Share Posted March 6, 2009 There should be an exit() immediately after header("Location: home.php"); Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 ive added the exit(); now its just redirecting straight to home.php even when my staff is higher than 2. Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted March 6, 2009 Share Posted March 6, 2009 Please add this before the if statement and tell us what it says. echo "<script language="JavaScript" type="text/javascript">alert(\"" . $player['staff'] . "\")</script>" Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 i added... now its not redirecting but just giving me a blank white page. Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted March 6, 2009 Share Posted March 6, 2009 Backup your code and change it to the following: <?php include("lib.php"); define("PAGENAME", "Bug List"); $player = check_user($secret_key, $db); echo "<script language="JavaScript" type="text/javascript">alert(\"" . $player['staff'] . "\")</script>" include("templates/private_header.php"); if($player['staff'] <= 2) { header("Location: home.php"); } else { if (isset($_GET['fixed'])) { $query = $db->execute("select * from `bugs` where status='Fixed'"); while ($buglist= $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=green>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } if (isset($_GET['pending'])) { $query = $db->execute("select * from `bugs` where status='Pending'"); while ($buglist = $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=red>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } } ?> <center> <form method="GET" action="bugslist.php"> <input type="submit" name="fixed" value="Fixed Bugs"> <input type="submit" name="pending" value="Pending Bugs"> <p /><b>Select which type of bugs you would like to check.</b><p /> </center> <?php include("templates/private_footer.php") ?> Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 i have done what u said... but nothing has changed... its just showing blank white page. Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 i have no idea what is going on with this page >.< Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 sorry for bumping this but i still havnt fixed the problem and i cant see the error anywhere.. anyone else able to help Quote Link to comment Share on other sites More sharing options...
Yesideez Posted March 6, 2009 Share Posted March 6, 2009 I've indented the code to make it a little more readable and added a line (which I've commented) - see what it displays. <?php include("lib.php"); define("PAGENAME", "Bug List"); $player = check_user($secret_key, $db); include("templates/private_header.php"); echo 'player[staff]='.$player['staff']; //LET'S SEE WHAT WE'RE PLAYING WITH if($player['staff'] <= 2) { header("Location: home.php"); } else { if (isset($_GET['fixed'])) { $query = $db->execute("select * from `bugs` where status='Fixed'"); while ($buglist= $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=green>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } if (isset($_GET['pending'])) { $query = $db->execute("select * from `bugs` where status='Pending'"); while ($buglist = $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=red>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } } ?> <div align="center"> <form method="GET" action="bugslist.php"> <input type="submit" name="fixed" value="Fixed Bugs"> <input type="submit" name="pending" value="Pending Bugs"> <p /><b>Select which type of bugs you would like to check.</b><p /> </div> <?php include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 okay so i first tried what you wrote.... it just came up with player city = so then i changed the code to >> echo 'player->staff='.$player->staff; //LET'S SEE WHAT WE'RE PLAYING WITH and it echo'd my staff value 4 Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 i also changed the if statement to same format... its worked in a way that now its allowing me to see the two fields.... but its not redirecting the people who have a staff value of 2 and under. instead they can still view the page but they cant view the database fields. heres what i got now.... <?php include("lib.php"); define("PAGENAME", "Bug List"); $player = check_user($secret_key, $db); include("templates/private_header.php"); echo 'player->staff ='.$player->staff; //LET'S SEE WHAT WE'RE PLAYING WITH if($player->staff <= 2) { header("Location: home.php"); } else { if (isset($_GET['fixed'])) { $query = $db->execute("select * from `bugs` where status='Fixed'"); while ($buglist= $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=green>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } if (isset($_GET['pending'])) { $query = $db->execute("select * from `bugs` where status='Pending'"); while ($buglist = $query->fetchrow()) { $idstr = $buglist['id'] . ""; $usernamestr = $buglist['username'] . ""; $messagestr = $buglist['comment'] . ""; $statusstr = "<font color=red>" . $buglist['status'] . "</color>"; echo "<table>"; echo "<tr><td><b>Bug ID: </b>$idstr</td></tr>"; echo "<tr><td><b>Username: </b>$usernamestr</td></tr>"; echo "<tr><td><b>Bug Report: </b>$messagestr</td></tr>"; echo "<tr><td><b>Status: </b>$statusstr</td></tr>"; echo "</table><p />"; } } } ?> <div align="center"> <form method="GET" action="bugslist.php"> <input type="submit" name="fixed" value="Fixed Bugs"> <input type="submit" name="pending" value="Pending Bugs"> <p /><b>Select which type of bugs you would like to check.</b><p /> </div> <?php include("templates/private_footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted March 6, 2009 Share Posted March 6, 2009 but its not redirecting the people who have a staff value of 2 and under. instead they can still view the page but they cant view the database fields. That's what the exit() after the header("Location: home.php") would have fixed Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 okay now putting exit(); after header and see what happens. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted March 6, 2009 Share Posted March 6, 2009 If you're checking for <=2 for a redirect and your staff value is 4 then it won't redirect as 4 is not lower or equal to 2. Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 If you're checking for <=2 for a redirect and your staff value is 4 then it won't redirect as 4 is not lower or equal to 2. yes i know that its not redirecting people with lower or equal to 2 its staying on the bugslist.php page and only displaying player->staff =0 Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 6, 2009 Author Share Posted March 6, 2009 obviously because of the echo... but if that echo wasnt there then it would just display a blank page. edit: but i didnt think exit(); would be needed because im asking for it to redirect to another page. Quote Link to comment Share on other sites More sharing options...
seany123 Posted March 8, 2009 Author Share Posted March 8, 2009 still have not had any luck with this working Quote Link to comment Share on other sites More sharing options...
WolfRage Posted March 8, 2009 Share Posted March 8, 2009 Lets see the current code in all of its glory, and please explian your intended operation of this code, and expected outcomes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.