Jump to content

I am recieving 2 problems.


dezkit

Recommended Posts

I have this code.

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]){
echo "Access denied.";
echo $_SESSION["admin"];
echo $_SESSION["uid"];
} else {
echo "<h3>Welcome to the Admin Area.</h3>";
if($edit){
$edit = $_GET["edit"];
$filename = "./$edit.php";
$contents = file_get_contents("./$edit.php");
echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
$save = $_POST["save"];
if($save){
	  $newcontents = $_POST["contents"];
	  file_put_contents($filename, $newcontents);
	  echo "File has been saved.";
}

}


$forum = $_GET["forum"];
if($forum){


$act = $_GET["act"];
$acts = array("create_cat","create_subcat");
$actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

$x=1;
$c=count($actions);
foreach($actions AS $url => $link){
$pipe=($x == $c) ? "" : " $bull; ";

echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
$x++;
}

if(!act || !in_array($act,$acts)){
echo "<br><p>Choose an option from above to continue.</p>";
}else{

if($_GET["act"] == 'create_cat'){
  if(!$_POST["submit"]){
   echo "<table border=0>";
   echo "<form method='post' action='index.php?page=admin&forum=1&act=create_cat'>";
   echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
   echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
   echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
   echo "</form></table>";
  } else {
   $name = mss($_POST["name"]);
   $admin = $_POST["admin"];
   
   if($name){
   	if(strlen($name) < 3 || strlen($name) > 32){
   	 echo "The category name must be between 3 and 32 characters.";
   	} else {
   	 $sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
   	 $res4 = mysql_query($sql4) or die(mysql_error());
   	 if(mysql_num_rows($res4) > 0){
   	  echo "The category name already exists!";
   	 } else {
   	  $admin_check = ($admin == '1') ? "1" : "0";
   	  $sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";
   	  $res5 = mysql_query($sql5) or die(mysql_error());
   	  echo "The forum category <b>".$name."</b> has been added.";
	}
       }
   } else {
       echo "You must supply a category name!";
      }
      
   }
  }
}
}
?>
<br><br><br>
<h3>
Click on a link to edit that page.
</h3>
<a href="./index.php?page=admin&edit=home">Home</a>
<a href="./index.php?page=admin&forum=1">Forum</a>
<a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
<a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
<a href="./index.php?page=admin&edit=aboutus">About Us</a>
<a href="./index.php?page=admin&edit=contact">Contact</a>
<?php
}
?>

 

So whenever I add a blank text to the Category Name it says "You must supply a category name!" and then when I press on Create Forum Category and it somehow says "Access Denied."

 

My second problem is that whenever I type a field in for Category Name, it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1"

 

Please help me. Thanks guys.

Link to comment
https://forums.phpfreaks.com/topic/160322-i-am-recieving-2-problems/
Share on other sites

So whenever I add a blank text to the Category Name it says "You must supply a category name!"

I think the above quote should be pretty obvious why you're getting an error.

 

As for access denied: you need to have session_start(); after your opening php tag.

 

Find:

$sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";

Insert after above line:

echo $sql5;

 

Copy/Paste the results here

The session_start() doesnt solve it, dont forget i have session_start in another page, this page, admin.php, is included into index.php

 

about the sql, it doesn't show anything other than

"Create Forum Category •

 

Create Forum Sub Category •

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1"

 

After i type something in the field

 

thanks for the reply :)

 

after

The session_start() doesnt solve it, dont forget i have session_start in another page, this page, admin.php, is included into index.php

 

Don't assume I know that, since you didn't mention anything about it ;)

 

Does it print out anything for session data?

 

A few things I'd recommend:

  • Indent properly, or at least consistently
  • Comment, please comment your code. Reading through it is pretty hard
  • Try using echo's to see where exactly your code is going. (e.g. after a if statement to see which route your code went)

 

Here's how I'd indent the code, I think it's a lot easier to read:

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]) {
echo "Access denied.";
echo $_SESSION["admin"];
echo $_SESSION["uid"];
} else {
echo "<h3>Welcome to the Admin Area.</h3>";
if($edit){
	$edit = $_GET["edit"];
	$filename = "./$edit.php";
	$contents = file_get_contents("./$edit.php");
	echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
	$save = $_POST["save"];
	if($save) {
		  $newcontents = $_POST["contents"];
		  file_put_contents($filename, $newcontents);
		  echo "File has been saved.";
	}

}

$forum = $_GET["forum"];
if($forum) {


	$act = $_GET["act"];
	$acts = array("create_cat","create_subcat");
	$actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

	$x=1;
	$c=count($actions);
	foreach($actions AS $url => $link){
		$pipe=($x == $c) ? "" : " $bull; ";

		echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
		$x++;
	}

	if(!act || !in_array($act,$acts)) {
		echo "<br><p>Choose an option from above to continue.</p>";
	} else {

		if($_GET["act"] == 'create_cat'){
			if(!$_POST["submit"]){
				echo "<table border=0>";
				echo "<form method='post' action='index.php?page=admin&forum=1&act=create_cat'>";
				echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
				echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
				echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
				echo "</form></table>";
			} else {
				$name = mss($_POST["name"]);
				$admin = $_POST["admin"];

				if($name) {
					if(strlen($name) < 3 || strlen($name) > 32) {
						echo "The category name must be between 3 and 32 characters.";
					} else {
						$sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
						$res4 = mysql_query($sql4) or die(mysql_error());
						if(mysql_num_rows($res4) > 0){
							echo "The category name already exists!";
						} else {
							$admin_check = ($admin == '1') ? "1" : "0";
							$sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";
							$res5 = mysql_query($sql5) or die(mysql_error());
							echo "The forum category <b>".$name."</b> has been added.";
						}
					}
				} else {
					echo "You must supply a category name!";
				}
			}
		}
	}
}
?>
<br><br><br>
<h3>
Click on a link to edit that page.
</h3>
<a href="./index.php?page=admin&edit=home">Home</a>
<a href="./index.php?page=admin&forum=1">Forum</a>
<a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
<a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
<a href="./index.php?page=admin&edit=aboutus">About Us</a>
<a href="./index.php?page=admin&edit=contact">Contact</a>
<?php
}
?>

 

That being said, before

if(!$_SESSION["admin"]) {

Add in:

print_r($_SESSION);

and see if you see the array element "admin" and if it has the correct value set to it.

This is my regv3_functions.php

<?php
function connect(){
    $con = mysql_connect("localhost", "******", "********") or die(mysql_error());
    $db = mysql_select_db("*****", $con);
}
connect();
function protect($string){
    $string = mysql_real_escape_string($string);
    $string = strip_tags($string);
    $string = addslashes($string);
    
    return $string;
}

function mss($value){
    return mysql_real_escape_string(trim(strip_tags($value)));
}




?>  

 

And this is part of my index.php associated with admin session

 if(mysql_num_rows($res) == 0){
						        echo "The username you supplied does not exist!";
						    }else {
						        $sql2 = "SELECT * FROM `users` WHERE `username`='".$username."' AND `password`='".md5($password)."'";
						        $res2 = mysql_query($sql2) or die(mysql_error());

						        if(mysql_num_rows($res2) == 0){
						            echo "Username and password combination incorrect!";
						        }else {
						            $row = mysql_fetch_assoc($res2);

						            // we're going to set the user id

						            // for sessions
						            $_SESSION['uid'] = $row['username'];
						            $admin = $row['admin'];
						            if($admin == "1"){ 
						             $_SESSION['admin'] = "1";
						            }
								echo "<META http-equiv=\"refresh\" content=\"0; URL=".$_SERVER["REQUEST_URI"]."\">";

						        }
						    }

 

 

Thank you sooo much for replying to my thread

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]) {
   echo "Access denied.";
} else {
   $_SESSION["admin"] = 1;
   echo "<h3>Welcome to the Admin Area.</h3>";
   if($edit){
      $edit = $_GET["edit"];
      $filename = "./$edit.php";
      $contents = file_get_contents("./$edit.php");
      echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
      $save = $_POST["save"];
      if($save) {
           $newcontents = $_POST["contents"];
           file_put_contents($filename, $newcontents);
           echo "File has been saved.";
      }
      
   }

   $forum = $_GET["forum"];
   if($forum) {


      $act = $_GET["act"];
      $acts = array("create_cat","create_subcat");
      $actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

      $x=1;
      $c=count($actions);
      foreach($actions AS $url => $link){
         $pipe=($x == $c) ? "" : " $bull; ";

         echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
         $x++;
      }

      if(!act || !in_array($act,$acts)) {
         echo "<br><p>Choose an option from above to continue.</p>";
      } else {

         if($_GET["act"] == 'create_cat'){
            if(!$_POST["submit"]){
               echo "<table border=0>";
               echo "<form method='post' action='./index.php?page=admin&forum=1&act=create_cat'>";
               echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
               echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
               echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
               echo "</form></table>";
            } else {
               $name = mss($_POST["name"]);
               $admin = $_POST["admin"];
               
               if($name) {
                  if(strlen($name) < 3 || strlen($name) > 32) {
                     echo "The category name must be between 3 and 32 characters.";
                  } else {
                     $sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
                     $res4 = mysql_query($sql4) or die(mysql_error());
                     if(mysql_num_rows($res4) > 0){
                        echo "The category name already exists!";
                     } else {
                        $admin_check = ($admin == '1') ? "1" : "0";
                        $sql5 = "INSERT INTO `forum_cats` (`name`, `admin`) VALUES('".$name."','".$admin_check."')";
                        $res5 = mysql_query($sql5) or die(mysql_error());
                        echo "The forum category <b>".$name."</b> has been added.";
                     }
                  }
               } else {
                  echo "You must supply a category name!";
               }
            }
         }
         
         if($_GET["act"] == "create_subcat"){
          if(!$_POST["submit"]){
           echo "<table border=0>";
           echo "<form method=post action='index.php?page=admin&forum=1&act=create_cat'>";
           echo "<tr><td>Forum Category</td><td><select name=cat><option value=0>Please choose....</option>";
           
           $sql6 = "SELECT * FROM `forum_cats` ORDER BY id ASC";
           $res6 = mysql_query($sql6) or die (mysql_error());
           if(mysql_num_rows($res6) == 0){
            echo "</select><br>No categories exist!\n";
           }else{
            while($row3 = mysql_fetch_assoc($res6)){
     echo "<option value='".$row3['id']."'>".$row3['name']."</option>";
     
    }
   } 
   echo "</select></td></tr>";
   echo "<tr><td>Sub Cat. Name</td><td><input type=text name=name></td></tr>";
   echo "<tr><td>Description</td><td><textarea name=desc style='width:300px; height: 60px'></textarea></td></tr>";
   echo "<tr><td colspan=2 align=right><input type=submit name=submit value='Add Forum Sub Category'></td></tr>";
   echo "</form></table>";
   
          } else {
           $cat = mss($_POST["cat"]);
           $name = mss($_POST["name"]);
           $desc = mss($_POST["desc"]);
           
           if($cat && $name && $desc){
            $sql7 = "SELECT * FROM `forum_cats` WHERE id='".$cat."'";
            $res7 = mysql_query($sql7) or die(mysql_error());
            if($mysql_num_rows($res7) == 0){
             echo "The forum category you supplied does not exist!";
            }else{
             $sql8 = "SELECT * FROM forum_sub_cats WHERE name='".$name."' AND cid='".$cat."'";
             $res8 = mysql_query($res8) or die(mysql_error());
             if(mysql_num_rows($res8) > 0){
              echo "The forum sub category exists within the main category.";
             } else {
              if(strlen($desc) > 255){
               echo "The description must be under 255 characters!";
              } else {
               $row4 = mysql_fetch_assoc($res7);
               $sql9 = "INSERT INTO `forum_sub_cats` (`cid`,`name`,`desc`,`admin`) VALUES('".$cat."','".$name."','".$desc."','".$row4["admin"]."')";
               $res9 = mysql_query($sql9) or die(mysql_error());
               echo "The forum sub category, <b>$name</b> has been added under the main category of <b>".$row4['name']."</b>.";
             }
           }
        }
       }
      }
     }
    }
   }
   ?>
   <br><br><br>
   <h3>
   Click on a link to edit that page.
   </h3>
   <a href="./index.php?page=admin&edit=home">Home</a>
   <a href="./index.php?page=admin&forum=1">Forum</a>
   <a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
   <a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
   <a href="./index.php?page=admin&edit=aboutus">About Us</a>
   <a href="./index.php?page=admin&edit=contact">Contact</a>
   <?php
}
?>

Updated code

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.