rille95 Posted April 2, 2009 Share Posted April 2, 2009 Help plz! I am a noob in php programming. I downloaded a script and uploaded it to my site . then i wanted to add a description thing so that i write a description in a box on the admin page. How do i get that text to show up on a specific place on another page? Quote Link to comment Share on other sites More sharing options...
gaza165 Posted April 2, 2009 Share Posted April 2, 2009 Show us the code so we can have a look what it is your after. Please use the [ code ] tags.... Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 2, 2009 Author Share Posted April 2, 2009 what code do you need? Quote Link to comment Share on other sites More sharing options...
gaza165 Posted April 2, 2009 Share Posted April 2, 2009 The script that you downloaded would be a good place to start. We need a clearer understanding of what you want to do. Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 2, 2009 Author Share Posted April 2, 2009 well i downloaded this script : http://www.getpaidscene.com/forums/index.ph/topic,3.0.html I try to get to info i type in here : To get here : I have no idea how to do this. Quote Link to comment Share on other sites More sharing options...
charleshill Posted April 2, 2009 Share Posted April 2, 2009 Here's basically how post forms in PHP work: 1) user goes to a web page that displays them a HTML form 2) user fills out form and submits it (data + the user is sent to the URL in the form tag's action attribute ... action="http://yoursite.com/processform.php") 3) data is read server side by PHP using whatever script is accessed at the URL from the form's action attribute. The data should be sanitized (because you should always assume data coming from the user is tainted or potentially dangerous). Once you're done cleaning up the data, you can either display errors to the user with another HTML page or you can submit the data to your database and then redirect the user to a success page. Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 2, 2009 Author Share Posted April 2, 2009 Here's basically how post forms in PHP work: 1) user goes to a web page that displays them a HTML form 2) user fills out form and submits it (data + the user is sent to the URL in the form tag's action attribute ... action="http://yoursite.com/processform.php") 3) data is read server side by PHP using whatever script is accessed at the URL from the form's action attribute. The data should be sanitized (because you should always assume data coming from the user is tainted or potentially dangerous). Once you're done cleaning up the data, you can either display errors to the user with another HTML page or you can submit the data to your database and then redirect the user to a success page. didn't really understan how that helps me ??? Quote Link to comment Share on other sites More sharing options...
charleshill Posted April 2, 2009 Share Posted April 2, 2009 Well it's difficult to get anymore specific when I cannot see the code you're trying to modify. If you could post that here that would help me give you a more detailed answer. Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 2, 2009 Author Share Posted April 2, 2009 here's some code : Name: <input type=text name=name><br> URL: <input type=text name=url> <font size=1 color=red>no trailing / !!!!!!</font><br> Reward: <input type=text name=reward><br> Countries: <textarea name=countries class=admin></textarea><br> Description: <input type=text name=Description><br> Type: Here i have just added the Description line. There's where i write the descriptionsfor the offers on the site. in the other file i have no idea where to put in so i have to give you the whole file. I'm sorry. <? session_start(); $page="offers"; include"header.php"; include"mysql.php"; $_GET['out']=strip_tags($_GET['out']); $_GET['out']=mysql_real_escape_string($_GET['out']); if($_GET['out']!="") { mysql_query("update offers set visits=visits+1 where id={$_GET['out']}",$c); $geturl=mysql_query("select * from offers where id={$_GET['out']}",$c); $out=mysql_fetch_array($geturl); print" <h2>Please wait..</h2> <p> <center> <meta http-equiv=\"refresh\" content=\"2;url={$out['url']}/&subid1={$ui['username']}\"> Taking you to the offer...<br> If this page does not change in 2 seconds, <a href=\"{$out['url']}/&subid1={$ui['username']}\">click here</a>. </p> "; include"side.php"; include"footer.php"; exit; } else { $money=0; $getoffercash=mysql_query("select * from offers where active=1",$c); while($oc=mysql_fetch_array($getoffercash)) { $money=$money+$oc['reward']; } } if($_SESSION['loggedin']==1) { $refer="<br>Refer your friends: $siteurl/?ref={$ui['username']}<br>and receive an instant $$refbonus bonus per referral!"; } else { $refer=""; } ?> <h2>Offers</h2> <p class="post-by"><a href="how.php?ref=<? print"$ref"; ?>">not sure what to do?</a></p> <p><center>Possible Earnings: $<?=$money;?><?=$refer;?></center></p> <table width="90%"> <tr> <th colspan="4" align="center"> Free To Complete </th> </tr> <tr> <th width="50%">Offer</th> <th width="15%">Reward</th> <th width="35%">Completed?</th> <th width="50%">Description</th> </tr> <? $_GET['offer']=strip_tags($_GET['offer']); $_GET['offer']=mysql_real_escape_string($_GET['offer']); $type="free"; $getoffers=mysql_query("select * from offers where `type`='$type' and active=1 order by reward desc",$c); if(mysql_num_rows($getoffers)==0) { print"<tr><td colspan=\"4\">There are currently no free offers available</td></tr>"; } else { while($off=mysql_fetch_array($getoffers)) { if($_GET['offer']==$off['id']) { $color="style=\"background-color: #a2e250;\""; $front="<font color=\"black\"><b>"; $back="</b></font>"; } else { $color=""; $front=""; $back=""; } if($_SESSION['loggedin']==1) { $form="<form class=\"searchform2\" action=\"completed.php\" method=\"get\"><input type=\"hidden\" name=\"offer\" value=\"{$off['id']}\"><input type=\"submit\" class=\"button\" value=\"Done!\"></form>"; } else { $form="<font color=\"red\"><b>Please Login</b></font>"; } $checkpend=mysql_query("select * from pending where offer_id={$off['id']} and user_id='{$_SESSION['userid']}' and denied=0",$c); $checkcompleted=mysql_query("select * from completed where offer_id={$off['id']} and user_id='{$_SESSION['userid']}'",$c); if(mysql_num_rows($checkpend)!=0) { $form="<font color=\"orange\"><b>Pending</b></font>"; } else if(mysql_num_rows($checkcompleted)!=0) { $form="<font color=\"green\"><b>Completed</b></font>"; } if(mysql_num_rows($checkpend)!=0 || mysql_num_rows($checkcompleted)!=0) { $link="$front{$off['name']}$back"; } else { $link="<a href=\"offers.php?out={$off['id']}\" target=\"_blank\" title=\"Available in: {$off['countries']}\">$front{$off['name']}$back</a>"; } print" <tr $color> <td width=\"50%\">$link</td> <td align=\"center\">$front\${$off['reward']}$back</font></td> <td align=\"center\">$form</td> </tr> "; } } ?> </table> <table width="90%"> <tr> <th colspan="4" align="center"> Complete a Survey </th> </tr> <tr> <th width="50%">Offer</th> <th width="15%">Reward</th> <th width="35%">Completed?</th> <th width="50%">Description</th> </tr> <? $type="survey"; $getoffers=mysql_query("select * from offers where `type`='$type' and active=1 order by reward desc",$c); if(mysql_num_rows($getoffers)==0) { print"<tr><td colspan=\"4\">There are currently no surveys available</td></tr>"; } else { while($off=mysql_fetch_array($getoffers)) { if($_GET['offer']==$off['id']) { $color="style=\"background-color: #a2e250;\""; $front="<font color=\"black\"><b>"; $back="</b></font>"; } else { $color=""; $front=""; $back=""; } if($_SESSION['loggedin']==1) { $form="<form class=\"searchform2\" action=\"completed.php\" method=\"get\"><input type=\"hidden\" name=\"offer\" value=\"{$off['id']}\"><input type=\"submit\" class=\"button\" value=\"Done!\"></form>"; } else { $form="<font color=\"red\"><b>Please Login</b></font>"; } $checkpend=mysql_query("select * from pending where offer_id={$off['id']} and user_id={$_SESSION['userid']} and denied=0",$c); $checkcompleted=mysql_query("select * from completed where offer_id={$off['id']} and user_id={$_SESSION['userid']}",$c); if(mysql_num_rows($checkpend)!=0) { $form="<font color=\"orange\"><b>Pending</b></font>"; } else if(mysql_num_rows($checkcompleted)!=0) { $form="<font color=\"green\"><b>Completed</b></font>"; } if(mysql_num_rows($checkpend)!=0 || mysql_num_rows($checkcompleted)!=0) { $link="$front{$off['name']}$back"; } else { $link="<a href=\"offers.php?out={$off['id']}\" target=\"_blank\" title=\"Available in: {$off['countries']}\">$front{$off['name']}$back</a>"; } print" <tr $color> <td width=\"50%\">$link</td> <td align=\"center\">$front\${$off['reward']}$back</font></td> <td align=\"center\">$form</td> </tr> "; } } print"</table>"; ?> <table width="90%"> <tr> <th colspan="4" align="center"> Non-Free Offers </th> </tr> <tr> <th width="50%">Offer</th> <th width="15%">Reward</th> <th width="35%">Completed?</th> <th width="50%">Description</th> </tr> <? $type="card"; $getoffers=mysql_query("select * from offers where `type`='$type' and active=1 order by reward desc",$c); if(mysql_num_rows($getoffers)==0) { print"<tr><td colspan=\"4\">There are currently no non-free offers available.</td></tr>"; } else { while($off=mysql_fetch_array($getoffers)) { if($_GET['offer']==$off['id']) { $color="style=\"background-color: #a2e250;\""; $front="<font color=\"black\"><b>"; $back="</b></font>"; } else { $color=""; $front=""; $back=""; } if($_SESSION['loggedin']==1) { $form="<form class=\"searchform2\" action=\"completed.php\" method=\"get\"><input type=\"hidden\" name=\"offer\" value=\"{$off['id']}\"><input type=\"submit\" class=\"button\" value=\"Done!\"></form>"; } else { $form="<font color=\"red\"><b>Please Login</b></font>"; } $checkpend=mysql_query("select * from pending where offer_id={$off['id']} and user_id='{$_SESSION['userid']}' and denied=0",$c); $checkcompleted=mysql_query("select * from completed where offer_id={$off['id']} and user_id='{$_SESSION['userid']}'",$c); if(mysql_num_rows($checkpend)!=0) { $form="<font color=\"orange\"><b>Pending</b></font>"; } else if(mysql_num_rows($checkcompleted)!=0) { $form="<font color=\"green\"><b>Completed</b></font>"; } if(mysql_num_rows($checkpend)!=0 || mysql_num_rows($checkcompleted)!=0) { $link="$front{$off['name']}$back"; } else { $link="<a href=\"offers.php?out={$off['id']}\" target=\"_blank\" title=\"Available in: {$off['countries']}\">$front{$off['name']}$back</a>"; } print" <tr $color> <td width=\"50%\">$link</td> <td align=\"center\">$front\${$off['reward']}$back</font></td> <td align=\"center\">$form</td> </tr> "; } } ?> </table> <? include"side.php"; include"footer.php"; ?> here is the whole code for the other file if necessary. <? session_start(); $page="home"; include"header.php"; include"mysql.php"; global $ui; if($ui['admin']!=1) { die("This page is not for you."); } ?> <h2>Administration</h2> <p class="post-by"></p> <p> <table width="90%"> <tr> <th colspan="3"> Administration </th> </tr> <tr><th width="33%">Pending</th><th width="33%">Users</th><th>Offers</th></tr> <tr> <td valign="top"> <a href="panel.php?do=pendingoffers">Pending Offers</a><br> <a href="panel.php?do=pendingcashouts">Pending Cashouts</a><br> </td> <td valign="top"> <a href="panel.php?do=finduser">Find User</a><br> <a href="panel.php?do=banuser">Ban User</a><br> <a href="panel.php?do=unbanuser">Unban User</a><br> </td> <td valign="top"> <a href="panel.php?do=addoffer">Add Offer</a><br> <a href="panel.php?do=editoffer">Edit Offer</a><br> <a href="panel.php?do=removeoffer">Remove Offer</a><br> </td> </tr> </table> <? if($_GET['do']=="banuser") { print"<table width=90%><tr><th>Banning User</th></tr><tr><td>"; if($_POST['username']!="") { $checkuser=mysql_query("select * from users where `username`='{$_POST['username']}'",$c); if(mysql_num_rows($checkuser)==0) { print"User not found."; } else { $reason=$_POST['reason']; $reason=addslashes($reason); mysql_query("update users set `banned`='$reason' where `username`='{$_POST['username']}'",$c); print"User <b>{$_POST['username']}</b> banned."; } } else { print"<form action=panel.php?do=banuser method=post>Username: <input type=text name=username><br>Reason: <input type=text name=reason><br><br><input type=submit class=button value=\"Ban User\"></form>"; } print"</td></tr></table>"; } if($_GET['do']=="unbanuser") { print"<table width=90%><tr><th>Unbanning User</th></tr><tr><td>"; if($_POST['username']!="") { $checkuser=mysql_query("select * from users where `username`='{$_POST['username']}'",$c); $cu=mysql_fetch_array($checkuser); if(mysql_num_rows($checkuser)==0 || $cu['banned']=="") { print"User not found or isn't banned.."; } else { mysql_query("update users set `banned`='' where `username`='{$_POST['username']}'",$c); print"User <b>{$_POST['username']}</b> unbanned."; } } else { print"<form action=panel.php?do=unbanuser method=post>Username: <input type=text name=username><br><br><input type=submit class=button value=\"Unban User\"></form>"; } print"</td></tr></table>"; } if($_GET['do']=="finduser") { print"<table width=90%><tr><th>Finding User</th></tr><tr><td>"; if($_GET['user']!="") { $checkuser=mysql_query("select * from users where `username`='{$_GET['user']}'",$c); $r=mysql_fetch_array($checkuser); if(mysql_num_rows($checkuser)==0) { print"User not found."; } else { if($r['paypal']=="") { $r['paypal']="Not Set"; } if($r['email_verified']==1) { $verified="Yes"; } else { $verified="No"; } print" Username: {$r['username']}<br> Current Balance: \${$r['current_balance']}<br> Total Earned: \${$r['total_earned']}<br> Email: {$r['email']}<br> Verified: $verified<br> Paypal: {$r['paypal']}<br> <b>Pending Offers</b><ul> "; $getpendingoffers=mysql_query("select * from pending where user_id={$r['id']}",$c); if(mysql_num_rows($getpendingoffers)==0) { print"<li>No offers pending</li>"; } else { while($po=mysql_fetch_array($getpendingoffers)) { $getoffers=mysql_query("select * from offers where id={$po['offer_id']}",$c); $off=mysql_fetch_array($getoffers); print"<li>{$off['offername']} - <a href=panel.php?do=pendingoffers&approve=1&pending={$po['id']}>Approve</a> | <a href=panel.php?do=pendingoffers&deny=1&pending={$po['id']}>Deny</a></li>"; } } print"</ul>"; } } else { print"<form action=panel.php method=get><input type=hidden name=do value=finduser>Username: <input type=text name=user><br><br><input type=submit class=button value=\"Find User\"></form>"; } print"</td></tr></table>"; } if($_GET['do']=="pendingoffers") { print"<table width=90%><tr><th colspan=3>Pending Offers</th></tr><tr><th width=20%>User</th><th width=30%>Offer</th><th width=50% nowrap>Action</th></tr>"; $getpending=mysql_query("select * from pending where denied=0",$c); if(mysql_num_rows($getpending)==0) { print"<tr><td colspan=3>No offers are currently pending review</td></tr>"; } while($p=mysql_fetch_array($getpending)) { $getuserinfo=mysql_query("select * from users where id={$p['user_id']}",$c); $us=mysql_fetch_array($getuserinfo); $getofferinfo=mysql_query("select * from offers where id={$p['offer_id']}",$c); $off=mysql_fetch_array($getofferinfo); print"<tr><td><a href=\"panel.php?do=finduser&user={$us['username']}\">{$us['username']}[{$us['id']}]</a></td><td>{$off['name']}</td><td nowrap><form action=panel.php method=get><input type=hidden name=do value=pendingoffers><input type=hidden name=approve value=1><input type=hidden name=pending value=\"{$p['id']}\"><input type=submit class=button value=Approve></form><form action=panel.php method=get><input type=hidden name=do value=pendingoffers><input type=hidden name=deny value=1><input type=hidden name=pending value=\"{$p['id']}\"><input type=submit class=button value=Deny></form></td></tr>"; } print"</table>"; if($_GET['approve']) { $getpendinfo=mysql_query("select * from pending where id={$_GET['pending']} and denied=0",$c); $pend=mysql_fetch_array($getpendinfo); $getofferinfo=mysql_query("select * from offers where id={$pend['offer_id']}",$c); $off=mysql_fetch_array($getofferinfo); if(mysql_num_rows($getpendinfo)==0) { print"<center><br>Offer request not found or denied.</center>"; include"side.php"; include"footer.php"; exit; } $time=time(); $reward=$off['reward']; mysql_query("insert into completed values('','{$off['id']}','{$pend['user_id']}','','$time','{$off['reward']}')",$c); mysql_query("update users set total_earned=total_earned+$reward,current_balance=current_balance+$reward where id={$pend['user_id']}",$c) or die(mysql_error()); print"<center><br>Offer Approved</center>"; mysql_query("delete from pending where id={$_GET['pending']}",$c); } else if($_GET['deny']) { $getofferinfo=mysql_query("select * from offers where id={$_GET['pending']}",$c); $off=mysql_fetch_array($getofferinfo); $getpendinfo=mysql_query("select * from pending where id={$_GET['pending']} and denied=0",$c); $pend=mysql_fetch_array($getpendinfo); if(mysql_num_rows($getpendinfo)==0){ print"<center><br>Offer request not found or denied.</center>"; include"side.php"; include"footer.php"; exit; } mysql_query("update pending set denied=1 where id={$_GET['pending']}",$c); print"<center><br>Offer Denied</center>"; } } if($_GET['do']=="pendingcashouts") { print"<table width=90%> <tr><th colspan=5>Pending Cashouts - Tab Delimited For Paypal Mass Payout</th></tr>"; $getcashouts=mysql_query("select * from cashouts where status=0",$c); if(mysql_num_rows($getcashouts)==0) { print"<tr><td colspan=5>There are currently no pending cashouts</td></tr>"; } else { while($cash=mysql_fetch_array($getcashouts)) { $getuserinfo=mysql_query("select * from users where id={$cash['user_id']}",$c); $us=mysql_fetch_array($getuserinfo); print"<tr><td>{$cash['paypal']}</td><td>{$cash['amount']}</td><td>USD</td><td><a href=panel.php?do=finduser&user={$us['username']}>{$us['username']}</a> - Cashwebs Cashout</td><td>Thanks for using Cashwebs!</td></tr> <tr><td colspan=5><form action=panel.php method=get><input type=hidden name=do value=pendingcashouts><input type=hidden name=approve value=1><input type=hidden name=pending value=\"{$cash['id']}\"><input type=submit class=button value=Approve></form><form action=panel.php method=get><input type=hidden name=do value=pendingcashouts><input type=hidden name=deny value=1><input type=hidden name=pending value=\"{$cash['id']}\"><input type=submit class=button value=Deny></form></td></tr> "; } } print"</table>"; if($_GET['approve']) { mysql_query("update cashouts set status=1 where id={$_GET['pending']}",$c); print"<center><br>Cashout marked as approved and paid.</center>"; } else if($_GET['deny']) { mysql_query("update cashouts set status=2 where id={$_GET['pending']}",$c); print"<center><br>Cashout marked as denied.</center>"; } } if($_GET['do']=="addoffer") { if($_POST['subm']) { $countries="{$_POST['countries']}"; mysql_query("insert into offers values('','{$_POST['name']}','{$_POST['url']}','{$_POST['reward']}','$countries','{$_POST['type']}','','','{$_POST['active']}')",$c); print"{$_POST['name']} has been added."; } else { print"<table width=90%> <tr><th colspan=2>Adding New Offer</th></tr> <tr><td> <form action=panel.php?do=addoffer method=post><input type=hidden name=subm value=1> Name: <input type=text name=name><br> URL: <input type=text name=url> <font size=1 color=red>no trailing / !!!!!!</font><br> Reward: <input type=text name=reward><br> Countries: <textarea name=countries class=admin></textarea><br> Description: <input type=text name=Description><br> Type: <select name=type> <option value=free>free</option> <option value=card>non-free</option> <option value=survey>survey</option> </select><br> Active: <select name=active><option value=1 selected>Yes</option><option value=0>No</option></select> </td> <td> <input type=submit class=button value=\"Add Offer\"></form> </td> </tr></table> "; } } if($_GET['do']=="editoffer") { if($_POST['done']) { $type=$_POST['type']; mysql_query("UPDATE offers SET `name`='{$_POST['name']}', `url`='{$_POST['url']}', `type`='$type', reward={$_POST['reward']}, active={$_POST['active']}, `countries`='{$_POST['countries']}' where id={$_POST['offer']}",$c); print"{$_POST['name']} has been edited."; } else if($_POST['subm']!=1) { //get the next variable print"<form action=panel.php?do=editoffer method=post><select name=offer>"; $getoffers=mysql_query("select * from offers",$c); while($off=mysql_fetch_array($getoffers)) { print"<option value='{$off['id']}'>{$off['name']}</option>"; } print"</select><input type=hidden name=next value=1><input type=hidden name=subm value=1><input type=submit class=button value='Edit Offer'></form>"; } else if($_POST['next']==1) { print"<table width=90%> <tr><th colspan=2>Editing Offer</th></tr> <tr><td> "; $getoffer=mysql_query("select * from offers where id={$_POST['offer']}",$c); $off=mysql_fetch_array($getoffer); if($off['active']==1) { $yes="selected"; $no=""; } else { $yes=""; $no="selected"; } print" <form action=panel.php?do=editoffer method=post><input type=hidden name=subm value=1><input type=hidden name=done value=1><input type=hidden name=offer value={$_POST['offer']}> Name: <input type=text name=name value='{$off['name']}'><br> URL: <input type=text name=url value='{$off['url']}'> <font size=1 color=red>no trailing / !!!!!!</font><br> Reward: <input type=text name=reward value='{$off['reward']}'><br> Countries: <textarea name=countries class=admin>{$off['countries']}</textarea><br> Description: <input type=text name=Description><br> Type: <input type=text name=type value='{$off['type']}'> (free=free offers|card=non-free offers|survey=surveys) Active: <select name=active><option value=1 $yes>Yes</option><option value=0 $no>No</option></select> </td> <td> <input type=submit class=button value=\"Edit Offer\"></form> </td> </tr></table> "; } } if($_GET['do']=="removeoffer") { if($_POST['done']) { mysql_query("delete from offers where id={$_POST['offer']}",$c); print"Offer has been removed."; } else if($_POST['subm']!=1) { //get the next variable print"<form action=panel.php?do=removeoffer method=post><select name=offer>"; $getoffers=mysql_query("select * from offers",$c); while($off=mysql_fetch_array($getoffers)) { print"<option value='{$off['id']}'>{$off['name']}</option>"; } print"</select><input type=hidden name=next value=1><input type=hidden name=subm value=1><input type=submit class=button value='Remove Offer'></form>"; } else if($_POST['next']==1) { $getoffer=mysql_query("select * from offers where id={$_POST['offer']}",$c); $off=mysql_fetch_array($getoffer); print"<table width=90%> <tr><th colspan=2>Deleting Offer: {$off['name']}</th></tr> <tr><td align=center> Are you sure you wish to delete the following offer?<br><b>{$off['name']}</b> </td> <td> <form action=panel.php?do=removeoffer method=post> <input type=hidden name=done value=1> <input type=hidden name=subm value=1> <input type=hidden name=next value=1> <input type=hidden name=offer value={$off['id']}> <input type=submit class=button value=\"Delete Offer\"></form> </td> </tr></table> "; } } ?> </p> <? include"side.php"; include"footer.php"; ?> Quote Link to comment Share on other sites More sharing options...
charleshill Posted April 2, 2009 Share Posted April 2, 2009 Well just from sifting through that code I can see several security vulnerabilities. It is also difficult to figure out what parts of that code are supposed to do what. If I had more time right now I'd figure it out. I'll check back later when I have a bit more time. Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 3, 2009 Author Share Posted April 3, 2009 ok Quote Link to comment Share on other sites More sharing options...
rille95 Posted April 3, 2009 Author Share Posted April 3, 2009 any idea on when you have time? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.