Jump to content

I am recieving 2 problems.

dezkit

By dezkit
in PHP Coding Help

 Share

Recommended Posts

dezkit Advanced Member

dezkit

Posted
Posted

I have this code.

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]){
echo "Access denied.";
echo $_SESSION["admin"];
echo $_SESSION["uid"];
} else {
echo "<h3>Welcome to the Admin Area.</h3>";
if($edit){
$edit = $_GET["edit"];
$filename = "./$edit.php";
$contents = file_get_contents("./$edit.php");
echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
$save = $_POST["save"];
if($save){
	  $newcontents = $_POST["contents"];
	  file_put_contents($filename, $newcontents);
	  echo "File has been saved.";
}

}


$forum = $_GET["forum"];
if($forum){


$act = $_GET["act"];
$acts = array("create_cat","create_subcat");
$actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

$x=1;
$c=count($actions);
foreach($actions AS $url => $link){
$pipe=($x == $c) ? "" : " $bull; ";

echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
$x++;
}

if(!act || !in_array($act,$acts)){
echo "<br><p>Choose an option from above to continue.</p>";
}else{

if($_GET["act"] == 'create_cat'){
  if(!$_POST["submit"]){
   echo "<table border=0>";
   echo "<form method='post' action='index.php?page=admin&forum=1&act=create_cat'>";
   echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
   echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
   echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
   echo "</form></table>";
  } else {
   $name = mss($_POST["name"]);
   $admin = $_POST["admin"];
   
   if($name){
   	if(strlen($name) < 3 || strlen($name) > 32){
   	 echo "The category name must be between 3 and 32 characters.";
   	} else {
   	 $sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
   	 $res4 = mysql_query($sql4) or die(mysql_error());
   	 if(mysql_num_rows($res4) > 0){
   	  echo "The category name already exists!";
   	 } else {
   	  $admin_check = ($admin == '1') ? "1" : "0";
   	  $sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";
   	  $res5 = mysql_query($sql5) or die(mysql_error());
   	  echo "The forum category <b>".$name."</b> has been added.";
	}
       }
   } else {
       echo "You must supply a category name!";
      }
      
   }
  }
}
}
?>
<br><br><br>
<h3>
Click on a link to edit that page.
</h3>
<a href="./index.php?page=admin&edit=home">Home</a>
<a href="./index.php?page=admin&forum=1">Forum</a>
<a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
<a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
<a href="./index.php?page=admin&edit=aboutus">About Us</a>
<a href="./index.php?page=admin&edit=contact">Contact</a>
<?php
}
?>

 

So whenever I add a blank text to the Category Name it says "You must supply a category name!" and then when I press on Create Forum Category and it somehow says "Access Denied."

 

My second problem is that whenever I type a field in for Category Name, it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1"

 

Please help me. Thanks guys.

Link to comment
Share on other sites
Philip Advanced Member

Philip

Posted
Posted
So whenever I add a blank text to the Category Name it says "You must supply a category name!"

I think the above quote should be pretty obvious why you're getting an error.

 

As for access denied: you need to have session_start(); after your opening php tag.

 

Find:

$sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";

Insert after above line:

echo $sql5;

 

Copy/Paste the results here

Link to comment
Share on other sites
dezkit Advanced Member

dezkit

Posted
  • Author
Posted

The session_start() doesnt solve it, dont forget i have session_start in another page, this page, admin.php, is included into index.php

 

about the sql, it doesn't show anything other than

"Create Forum Category •

 

Create Forum Sub Category •

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1"

 

After i type something in the field

 

thanks for the reply :)

 

after

Link to comment
Share on other sites
Philip Advanced Member

Philip

Posted
Posted

The session_start() doesnt solve it, dont forget i have session_start in another page, this page, admin.php, is included into index.php

 

Don't assume I know that, since you didn't mention anything about it ;)

 

Does it print out anything for session data?

 

A few things I'd recommend:

  • Indent properly, or at least consistently
  • Comment, please comment your code. Reading through it is pretty hard
  • Try using echo's to see where exactly your code is going. (e.g. after a if statement to see which route your code went)

 

Here's how I'd indent the code, I think it's a lot easier to read:

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]) {
echo "Access denied.";
echo $_SESSION["admin"];
echo $_SESSION["uid"];
} else {
echo "<h3>Welcome to the Admin Area.</h3>";
if($edit){
	$edit = $_GET["edit"];
	$filename = "./$edit.php";
	$contents = file_get_contents("./$edit.php");
	echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
	$save = $_POST["save"];
	if($save) {
		  $newcontents = $_POST["contents"];
		  file_put_contents($filename, $newcontents);
		  echo "File has been saved.";
	}

}

$forum = $_GET["forum"];
if($forum) {


	$act = $_GET["act"];
	$acts = array("create_cat","create_subcat");
	$actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

	$x=1;
	$c=count($actions);
	foreach($actions AS $url => $link){
		$pipe=($x == $c) ? "" : " $bull; ";

		echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
		$x++;
	}

	if(!act || !in_array($act,$acts)) {
		echo "<br><p>Choose an option from above to continue.</p>";
	} else {

		if($_GET["act"] == 'create_cat'){
			if(!$_POST["submit"]){
				echo "<table border=0>";
				echo "<form method='post' action='index.php?page=admin&forum=1&act=create_cat'>";
				echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
				echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
				echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
				echo "</form></table>";
			} else {
				$name = mss($_POST["name"]);
				$admin = $_POST["admin"];

				if($name) {
					if(strlen($name) < 3 || strlen($name) > 32) {
						echo "The category name must be between 3 and 32 characters.";
					} else {
						$sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
						$res4 = mysql_query($sql4) or die(mysql_error());
						if(mysql_num_rows($res4) > 0){
							echo "The category name already exists!";
						} else {
							$admin_check = ($admin == '1') ? "1" : "0";
							$sql5 = "INSERT INTO forum_cats (name, admin) VALUES($name, $admin_check)";
							$res5 = mysql_query($sql5) or die(mysql_error());
							echo "The forum category <b>".$name."</b> has been added.";
						}
					}
				} else {
					echo "You must supply a category name!";
				}
			}
		}
	}
}
?>
<br><br><br>
<h3>
Click on a link to edit that page.
</h3>
<a href="./index.php?page=admin&edit=home">Home</a>
<a href="./index.php?page=admin&forum=1">Forum</a>
<a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
<a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
<a href="./index.php?page=admin&edit=aboutus">About Us</a>
<a href="./index.php?page=admin&edit=contact">Contact</a>
<?php
}
?>

 

That being said, before 

if(!$_SESSION["admin"]) {

Add in: 

print_r($_SESSION);

and see if you see the array element "admin" and if it has the correct value set to it.

Link to comment
Share on other sites
dezkit Advanced Member

dezkit

Posted
  • Author
Posted

This is my regv3_functions.php 

<?php
function connect(){
    $con = mysql_connect("localhost", "******", "********") or die(mysql_error());
    $db = mysql_select_db("*****", $con);
}
connect();
function protect($string){
    $string = mysql_real_escape_string($string);
    $string = strip_tags($string);
    $string = addslashes($string);
    
    return $string;
}

function mss($value){
    return mysql_real_escape_string(trim(strip_tags($value)));
}




?> 

 

And this is part of my index.php associated with admin session

 if(mysql_num_rows($res) == 0){
						        echo "The username you supplied does not exist!";
						    }else {
						        $sql2 = "SELECT * FROM `users` WHERE `username`='".$username."' AND `password`='".md5($password)."'";
						        $res2 = mysql_query($sql2) or die(mysql_error());

						        if(mysql_num_rows($res2) == 0){
						            echo "Username and password combination incorrect!";
						        }else {
						            $row = mysql_fetch_assoc($res2);

						            // we're going to set the user id

						            // for sessions
						            $_SESSION['uid'] = $row['username'];
						            $admin = $row['admin'];
						            if($admin == "1"){ 
						             $_SESSION['admin'] = "1";
						            }
								echo "<META http-equiv=\"refresh\" content=\"0; URL=".$_SERVER["REQUEST_URI"]."\">";

						        }
						    }

 

 

Thank you sooo much for replying to my thread

Link to comment
Share on other sites
dezkit Advanced Member

dezkit

Posted
  • Author
Posted 

<?php
include_once("./regv3_functions.php");
if(!$_SESSION["admin"]) {
   echo "Access denied.";
} else {
   $_SESSION["admin"] = 1;
   echo "<h3>Welcome to the Admin Area.</h3>";
   if($edit){
      $edit = $_GET["edit"];
      $filename = "./$edit.php";
      $contents = file_get_contents("./$edit.php");
      echo '<center><form action="" method="post"><textarea name="contents" rows="10" cols="50">'.$contents.'</textarea><br><input type="submit" name="save" value="Save"><input type="reset" value="Reset"></form></center>';
      $save = $_POST["save"];
      if($save) {
           $newcontents = $_POST["contents"];
           file_put_contents($filename, $newcontents);
           echo "File has been saved.";
      }
      
   }

   $forum = $_GET["forum"];
   if($forum) {


      $act = $_GET["act"];
      $acts = array("create_cat","create_subcat");
      $actions = array("create_cat" => "Create Forum Category","create_subcat" => "Create Forum Sub Category");

      $x=1;
      $c=count($actions);
      foreach($actions AS $url => $link){
         $pipe=($x == $c) ? "" : " $bull; ";

         echo "<p><a href='./index.php?page=admin&forum=1&act=".$url."'>".$link."</a> •</p>";
         $x++;
      }

      if(!act || !in_array($act,$acts)) {
         echo "<br><p>Choose an option from above to continue.</p>";
      } else {

         if($_GET["act"] == 'create_cat'){
            if(!$_POST["submit"]){
               echo "<table border=0>";
               echo "<form method='post' action='./index.php?page=admin&forum=1&act=create_cat'>";
               echo "<tr><td>Category Name</td><td><input type='text' name='name'></td></tr>";
               echo "<tr><td>Admin Only</td><td><input type='checkbox' name='admin' value='1'></td></tr>";
               echo "<tr><td colspan='2' align='right'><input type='submit' name='submit' value='Create Forum Category'></td></tr>";
               echo "</form></table>";
            } else {
               $name = mss($_POST["name"]);
               $admin = $_POST["admin"];
               
               if($name) {
                  if(strlen($name) < 3 || strlen($name) > 32) {
                     echo "The category name must be between 3 and 32 characters.";
                  } else {
                     $sql4 = "SELECT * FROM forum_cats WHERE `name`=".$name."'";
                     $res4 = mysql_query($sql4) or die(mysql_error());
                     if(mysql_num_rows($res4) > 0){
                        echo "The category name already exists!";
                     } else {
                        $admin_check = ($admin == '1') ? "1" : "0";
                        $sql5 = "INSERT INTO `forum_cats` (`name`, `admin`) VALUES('".$name."','".$admin_check."')";
                        $res5 = mysql_query($sql5) or die(mysql_error());
                        echo "The forum category <b>".$name."</b> has been added.";
                     }
                  }
               } else {
                  echo "You must supply a category name!";
               }
            }
         }
         
         if($_GET["act"] == "create_subcat"){
          if(!$_POST["submit"]){
           echo "<table border=0>";
           echo "<form method=post action='index.php?page=admin&forum=1&act=create_cat'>";
           echo "<tr><td>Forum Category</td><td><select name=cat><option value=0>Please choose....</option>";
           
           $sql6 = "SELECT * FROM `forum_cats` ORDER BY id ASC";
           $res6 = mysql_query($sql6) or die (mysql_error());
           if(mysql_num_rows($res6) == 0){
            echo "</select><br>No categories exist!\n";
           }else{
            while($row3 = mysql_fetch_assoc($res6)){
     echo "<option value='".$row3['id']."'>".$row3['name']."</option>";
     
    }
   } 
   echo "</select></td></tr>";
   echo "<tr><td>Sub Cat. Name</td><td><input type=text name=name></td></tr>";
   echo "<tr><td>Description</td><td><textarea name=desc style='width:300px; height: 60px'></textarea></td></tr>";
   echo "<tr><td colspan=2 align=right><input type=submit name=submit value='Add Forum Sub Category'></td></tr>";
   echo "</form></table>";
   
          } else {
           $cat = mss($_POST["cat"]);
           $name = mss($_POST["name"]);
           $desc = mss($_POST["desc"]);
           
           if($cat && $name && $desc){
            $sql7 = "SELECT * FROM `forum_cats` WHERE id='".$cat."'";
            $res7 = mysql_query($sql7) or die(mysql_error());
            if($mysql_num_rows($res7) == 0){
             echo "The forum category you supplied does not exist!";
            }else{
             $sql8 = "SELECT * FROM forum_sub_cats WHERE name='".$name."' AND cid='".$cat."'";
             $res8 = mysql_query($res8) or die(mysql_error());
             if(mysql_num_rows($res8) > 0){
              echo "The forum sub category exists within the main category.";
             } else {
              if(strlen($desc) > 255){
               echo "The description must be under 255 characters!";
              } else {
               $row4 = mysql_fetch_assoc($res7);
               $sql9 = "INSERT INTO `forum_sub_cats` (`cid`,`name`,`desc`,`admin`) VALUES('".$cat."','".$name."','".$desc."','".$row4["admin"]."')";
               $res9 = mysql_query($sql9) or die(mysql_error());
               echo "The forum sub category, <b>$name</b> has been added under the main category of <b>".$row4['name']."</b>.";
             }
           }
        }
       }
      }
     }
    }
   }
   ?>
   <br><br><br>
   <h3>
   Click on a link to edit that page.
   </h3>
   <a href="./index.php?page=admin&edit=home">Home</a>
   <a href="./index.php?page=admin&forum=1">Forum</a>
   <a href="./index.php?page=admin&edit=orderadmin">Order Admin</a>
   <a href="./index.php?page=admin&edit=serveradmins">Server Admins</a>
   <a href="./index.php?page=admin&edit=aboutus">About Us</a>
   <a href="./index.php?page=admin&edit=contact">Contact</a>
   <?php
}
?>

Updated code

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.