PHP Help needed

voloproductions · September 22, 2009

Hello all below is code that I need help with.... I am trying to get $uploadEND to input a url from the upload script into my database.... let me know what you see here.

<?php
function ShowHTML() {

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<?php

if ($GLOBALS['redirect'] == "1") {

?>

<meta http-equiv="refresh" content="2;url=?act=index">

<?php

} elseif ($GLOBALS['redirect'] == "2") {

?>

<meta http-equiv="refresh" content="2;url=?act=index">

<?php

}

?>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>IOM - Internal Office Manager 1.0</title>

<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

</head>

<body>

<div id="wrapper">

<div id="header">

</div>

<div id="menu">

<ul>

<li><a href="?act=index">Home</a></li>

<?php

if ($GLOBALS['loggedin'] == "Log In") {

?>

<li><a href="?act=login">

<?php

echo $GLOBALS['loggedin'];

?>

<?php

} else {

?>

<li><a href="?act=logout">

<?php

echo $GLOBALS['loggedin'];

?>

</li></a>

<li><a href="?act=submit">Submit Ticket</a></li>

<li><a href="?act=view">View Tickets</a></li>

<?php

}

?>

</ul>

</div>

<div id="content">

<div class="entry">

<div class="entry-title"><?php echo $GLOBALS['pagetitle'] ?></div>

<p><?php echo $GLOBALS['maincontent'] ?></p>

</div>

</div>

<div id="footer">

</div>

</div>

</div>

</body>

</html>

<?php

}

function encrypt($string) {

$crypted = crypt(md5($string), md5($string));

return $crypted;

}

////////////////////////////////////////////////////////////////////////////

// POST AND GET: //

////////////////////////////////////////////////////////////////////////////

if ($_POST["act"]!="") $act = $_POST['act'];

else if ($_GET["act"]!="") $act = $_GET["act"];

//

if ($_POST["username"]!="") $username = $_POST['username'];

else if ($_GET["username"]!="") $username = $_GET["username"];

//

if ($_POST["password"]!="") $password = $_POST['password'];

else if ($_GET["password"]!="") $password = $_GET["password"];

//

if ($_POST["email"]!="") $email = $_POST['email'];

else if ($_GET["email"]!="") $email = $_GET["email"];

//

if ($_POST["id"]!="") $id = $_POST['id'];

else if ($_GET["id"]!="") $id = $_GET["id"];

//

if ($_POST["subject"]!="") $subject = $_POST['subject'];

else if ($_GET["subject"]!="") $subject = $_GET["subject"];

//

if ($_POST["issue"]!="") $issue = $_POST['issue'];

else if ($_GET["issue"]!="") $issue = $_GET["issue"];

//

if ($_POST["upload"]!="") $issue = $_POST['upload'];

else if ($_GET["upload"]!="") $issue = $_GET["upload"];

////////////////////////////////////////////////////////////////////////////

// LETS START THE USER SESSION OF IOM: //

////////////////////////////////////////////////////////////////////////////

session_start();

require("config.php");

if (!$_SESSION['username']) {

$login = 0;

$loggedin = "Log In";

} else {

$login = 1;

$loggedin = "Log Out";

}

////////////////////////////////////////////////////////////////////////////

// DATE INFO: //

////////////////////////////////////////////////////////////////////////////

$curdate = date("Y-m-d");

////////////////////////////////////////////////////////////////////////////

// MYSQL CONNECT: //

////////////////////////////////////////////////////////////////////////////

$db=mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE ("Unable to connect to database! mtroup@thefirestore.com");

mysql_select_db($dbname);

if ($act == "" | $act == "index") {

if(!$_SESSION['username']) {

$pagetitle = "Welcome";

$maincontent = "Hello and welcome to IOM - Internal Office Mananger. Please login with your supplied user name and password to submit a request to our web department.";

} else {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$lastlogin = $row["date"];

if ($tempuser == $usertemp2) {

break;

}

}

}

$maincontent = "<br />

<font size='4'>Welcome: <strong><font color=\"red\">$tempuser</font>$usertemp2</font></strong> <br />

to your control panel. Please select from the menu above to get started and to continue.<br>

You last logged in on: $lastlogin";

}

ShowHTML();

die;

} elseif ($act == "register") {

$pagetitle = "Register";

$maincontent = "Please enter your details below to register for an account.</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=registeracc\" method=\"post\">

<tr>

<td>Username:</td>

<td><input type=\"text\" name=\"username\" size=\"50\"></td>

</tr>

<tr>

<td>Password:</td>

<td><input type=\"password\" name=\"password\" size=\"50\"></td>

</tr>

<tr>

<td>Email:</td>

<td><input type=\"text\" name=\"email\" size=\"70\"></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\"></td>

</tr>

</form>

</table>";

ShowHTML();

die;

} elseif ($act == "login") {

$pagetitle = "<br />Login";

$maincontent = "</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=loginpass\" method=\"post\">

<tr>

<td>Username:</td>

<td><input type=\"text\" name=\"username\" size=\"50\"></td>

</tr>

<tr>

<td>Password:</td>

<td><input type=\"password\" name=\"password\" size=\"50\"></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\"></td>

</tr>

</form>

</table></p>

";

ShowHTML();

die;

} elseif ($act == "logout") {

setcookie ("IOM", "", time()-604800);

$_SESSION['username'] = "";

$pagetitle = "Logged Out";

$maincontent = "You have been successfully logged out. You will be redirected shortly.";

$redirect = "2";

ShowHTML();

die;

} elseif ($act == "loginpass") {

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$temppass = $row["password"];

$temprank = $row["rank"];

$tempdate = $row["date"];

if($username == $tempuser) {

if ($temppass === (Encrypt($password))) {

$success = "1";

break;

} else {

$success = "0";

}

} else {

$success = "0";

}

}

}

if ($success != "1") {

$pagetitle = "Incorrect";

$maincontent = "You have specified and incorrect username or password.";

} else {

$pagetitle = "Success";

$redirect = "1";

$maincontent = "Login successful, you will be redirected now.";

setcookie('IOM', $username, time()+60*60*24*30);

$_SESSION['username'] = $username;

mysql_query("UPDATE users SET date='$curdate' WHERE username='$username'") or die (mysql_error());

}

ShowHTML();

die;

} elseif ($act == "registeracc") {

if ($username == "" | $password == "" | $email == "") {

$pagetitle = "Error";

$maincontent = "Please make sure that you fill in all fields.";

} else {

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

if($tempuser == $username) {

$pagetitle = "Error";

$maincontent = "That username already exists within our database.";

ShowHTML();

die;

}

}

$member1 = "Member";

$encpassword = encrypt($password);

mysql_query("INSERT INTO users VALUES ('','$username','$encpassword', '$email', '$member1', '$curdate')") or die (mysql_error());

$pagetitle = "Success";

$maincontent = "You have been successfully added to the database.";

}

}

ShowHTML();

die;

}

if ($login != "1") {

$pagetitle = "Login";

$maincontent = "You can't do that because your not logged in";

} else {

if ($act == "view") {

$maincontent ="

<table width=\"100%\" border=\"0\" >

<tr>

<td>ID</td>

<td>Subject</td>

<td>Summary</td>

<td>Status</td>

<td>Progress</td>

<td>View/Delete</td>

<td>Replies</td>

</tr>";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$pagetitle = "View Support Tickets - $usertemp2";

$query = "SELECT * FROM tickets ORDER BY progress ASC";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$tempid = $row["index"];

$tempsubject = $row["subject"];

$tempsummary = $row["summary"];

$tempstatus = $row["status"];

$tempprogress = $row["progress"];

$tempreply = $row["replied"];

$upload = $row["uploadEND"];

if ($tempuser == $usertemp2) {

$maincontent .= "

<tr>

<td>$tempid</td>

<td>$tempsubject</td>

<td>$tempsummary</td>

<td>$tempstatus</td>

<td>$tempprogress %</td>

<td>$uploadEND</td>

<td><a href=\"?act=viewticket&id=$tempid\">View</a> <a href=\"?act=deleteticket&id=$tempid\">Delete</a></td><td> ";

if ($tempreply == "1") {

$maincontent .= "Yes";

} else {

$maincontent .= "No";

}

$maincontent .="</td>

</tr> ";

}

}

}

$maincontent .= "</table>";

} elseif ($act == "viewticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$tempid = $row["index"];

$tempsubject = $row["subject"];

$tempissue = $row["issue"];

$tempstatus = $row["status"];

$tempprogress = $row["progress"];

$tempreply = $row["replied"];

$newname = $row["uploadEND"];

if ($id == $tempid) {

if ($tempuser == $usertemp2) {

$pagetitle = "View Support Ticket - $tempsubject";

$maincontent .= "

<table width=\"100%\" border=\"0\">

<tr>

<td>ID:</td>

<td>$tempid</td>

</tr>

<tr>

<td>Subject:</td>

<td>$tempsubject</td>

</tr>

<tr>

<td>Status:</td>

<td>$tempstatus</td>

</tr>

<tr>

<td>Progress:</td>

<td>$tempprogress %</td>

</tr>

<tr>

<td>Conversation:</td>

<td>$tempissue</td>

</tr>

<tr>

<td> </td>

<td>";

if ($tempstatus == "Open") {

$maincontent .="<a href=\"?act=closeticket&id=$tempid\">Close Ticket?</a>";

} else {

$maincontent .="<a href=\"?act=openticket&id=$tempid\">Open Ticket?</a>";

}

$maincontent.= "</td>

</tr>

";

if ($tempreply != "0") {

$maincontent .= " <tr>

<td> </td>

<td><a href=\"?act=replyticket&id=$tempid\">Reply to ticket?</a></td>

</tr>";

}

$maincontent .= "

</table>";

break;

}

}

}

}

} elseif ($act == "replyticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempid = $row["index"];

$tempuser = $row["username"];

$tempissue = $row["issue"];

if ($tempid == $id) {

if ($tempuser == $usertemp2) {

$pagetitle = "Reply to Ticket";

$maincontent .= "

Please use the form below to reply to the ticket:</p>

<p>

<table width=\"100%\" border=\"0\">

<form method=\"post\" action=\"?act=replyticketgo\">

<input type=\"hidden\" name=\"id\" value=\"$tempid\">

<tr>

<td>Conversation:</td>

<td>$tempissue</td>

</tr>

<tr>

<td>Reply:</td>

<td><textarea name=\"issue\" cols=\"50\" rows=\"10\"></textarea></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\" size=\"50\"></td>

</tr>

</form>

</table>";

break;

}

}

}

}

} elseif ($act == "replyticketgo") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempid = $row["index"];

$tempuser = $row["username"];

$tempissue = $row["issue"];

if ($tempid == $id) {

if ($tempuser == $usertemp2) {

$tissue = "<u>".$HTTP_COOKIE_VARS["IOM"]."</u>:<br>

".$issue."<br>

-----------------------------------------------<br>".$tempissue;

mysql_query("UPDATE tickets SET issue='$tissue', replied='0' WHERE `index`='$id'") or die (mysql_error());

$pagetitle = "Ticket Reply";

$maincontent = "The ticket has been replied to successfully";

}

}

}

}

} elseif ($act == "uploadfile") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("INSERT INTO uploadEND VALUES ('','$uploadEND')") or die (mysql_error());

$pagetitle = "Upload Complete";

$maincontent = "Your upload has been added to the ticket successfully";

} elseif ($act == "deleteticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("DELETE FROM tickets WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Deleted";

$maincontent = "Your ticket has been deleted successfully";

} elseif ($act == "closeticket") {

$closed = "Closed";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("UPDATE tickets SET status='$closed' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Closed";

$maincontent = "Your ticket has been closed successfully";

} elseif ($act == "openticket") {

$open = "Open";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("UPDATE tickets SET status='$open' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Opened";

$maincontent = "Your ticket has been opened successfully";

} elseif ($act == "submit") {

$pagetitle = "Submit New Ticket";

//Check that we have a file

if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {

//chcek file & size

$filename = basename($_FILES['uploaded_file']['name']);

$ext = substr($filename, strrpos($filename, '.') + 1);

if (($ext = "jpg,gif,xls,doc,png") && ($_FILES["uploaded_file"]["type"] = "jpg,gif,xls,doc,png") &&

($_FILES["uploaded_file"]["size"] < 350000000)) {

//Determine the path to which we want to save this file

$newname = dirname(__FILE__).'/files/'.$filename;

//Check if the file with the same name is already exists on the server

if (!file_exists($newname)) {

//Attempt to move the uploaded file to it's new place

if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {

$uploadEND = '<a href=\"downloadfilelink\">' . $newname . "</a>";

// AND LETS RUN OUR UPLOAD CHECKS!!

} else {

echo "Error: A problem occurred during file upload!";

}

} else {

echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";

}

} else {

echo "Upload Error, Only JPG,GIF,XLS,DOC Allowed.";

}

//} else {

//echo "Error: No file uploaded";

}

$maincontent = "Please enter the details about the new ticket below:</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=submitticket\" method=\"post\">

<tr>

<td>Subject:</td>

<td><input type=\"text\" name=\"subject\" size=\"50\"></td>

</tr>

<tr>

<td>Issue:</td>

<td><textarea cols=\"50\" rows=\"10\" name=\"issue\"></textarea></td>

</tr>

<tr>

<td> </td>



</tr>

<td>File:</td>

<td>

<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000000\" />

<input name=\"uploaded_file\" type=\"file\" />

<input type=\"submit\" value=\"Submit\" />

</form></td>

<td>

</table>";

} elseif ($act == "submitticket") {

if ($subject == "" | $issue == "") {

$pagetitle = "Error";

$maincontent = "Please make sure all fields are filled in.";

} else {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$status = "Open";

$progress = "0";

$pagetitle = "Ticket Submitted";

$upload = $newname;

$summary = substr($issue, 0, 30)."...";

$maincontent = "Your ticket has been submitted! <br />";

$issue = "<u>".$usertemp2."</u>:<br>".$issue."<br>

-----------------------------------------------<br>

";

mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')") or die (mysql_error());

}

} else {

$pagetitle = "Invalid";

$maincontent = "You have specified an invalid action.";

}

}

ShowHTML();

?>

Bricktop · September 22, 2009

Hi voloproductions,

Are you receiving an error message or is the field not being populated in your database?

voloproductions · September 22, 2009

No error I just cannot get uploadEND field populated.... any thoughts?

Bricktop · September 22, 2009

If you add an echo statement what do you get outputted? i.e.

echo $uploadEND;

mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')") or die (mysql_error());

voloproductions · September 22, 2009

I can output the uploadEND variable to the browser fine.... my problem is capturing it and saving it in the database.

voloproductions · September 22, 2009

so what do you think>??? :confused:

Raphael diSanto · September 22, 2009

First thing I'd do is var_dump the query itseld, then try running it manually at an SQL prompt, see what the database says.

Do:

$query = ""INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')";
var_dump($query);

then cut and paste the output into a direct MySQL prompt. If you don't have shell access to the MySQL server, use phpMyAdmin or something.

You can't always rely on "mysql_query() or die" to barf out if there's an error.

voloproductions · September 22, 2009

not really sure the point in this? Is my code correct? I need the $uploadEND data to be submitted into the uploadEND table.

Raphael diSanto · September 22, 2009

If you run the query against the MySQL database itself, you may get a meaningful error as to why it's not writing to the DB.

voloproductions · September 22, 2009

string(155) "INSERT INTO tickets VALUES (NULL,'','sss','ssss...', 'Open', '0', ':

ssss

-----------------------------------------------

', '','')"

thats what it outputs.

Raphael diSanto · September 22, 2009

Yes, that's the result of the var_dump. Now take that query and enter it into the database manually.

Oh, and please note.. the final value in that query is a null value. Thus $uploadEND is null.

voloproductions · September 22, 2009

I ran it in SQL Query tab under php myadmin

Returned:

Error

SQL query:

STRING ( 155 ) "INSERT INTO tickets VALUES (NULL,'','sss','ssss...', 'Open', '0', ': ssss ----------------------------------------------- ', '','')"

MySQL said: Documentation

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'string(155) "INSERT INTO tickets VALUES (NULL,'','sss','ssss...', 'Open', '0', '' at line 1

voloproductions · September 22, 2009

thoughts?

Raphael diSanto · September 22, 2009

You pasted the entire output from var_dump into the SQL, not just the SQL command.

voloproductions · September 22, 2009

I really have no clue what I am doing, new to MYSQL can you please provide me with more / better direction on this, what exactly do I run, and do I run it in the sql query tab?

voloproductions · September 22, 2009

there we go I got it work....

I ran:

INSERT INTO tickets VALUES (NULL,'','sdf9/22/09 // 2:00 PM MT -','sdfaf...', 'Open', '0', ':

sdfaf

-----------------------------------------------

', '','')

I got:

INSERT INTO tickets

VALUES (

NULL , '', 'sdf9/22/09 // 2:00 PM MT -', 'sdfaf...', 'Open', '0', ': sdfaf ----------------------------------------------- ', '', ''

)

mikesta707 · September 22, 2009

what is the structure of your table? do a var dump on your $uploadEND variable, and make sure you aren't doing any assignments to it between when you define its value and use it in the query (IE make sure if you have a comparison, like if ($uploadEND == "whatever") its not if ($uploadEND = "whatever") or anything like that.

voloproductions · September 22, 2009

Well I have the code above... ?

voloproductions · September 22, 2009

Anymore help with this? I am just not getting it. Greatly apprecaited. ::)

mikesta707 · September 22, 2009

the structure of your table? IE what fields are what, what types are they, what is the primary key? etc.

voloproductions · September 22, 2009

does this help?

mikesta707 · September 22, 2009

yes it does. your table seems fine. what happens when you do a var_dump of $uploadEND right before the query takes place?

voloproductions · September 22, 2009

I am not sure how the handle that part of the process....still learning php.

voloproductions · September 22, 2009

here is my code again.

<?php
function ShowHTML() {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
if ($GLOBALS['redirect'] == "1") {
?>
<meta http-equiv="refresh" content="2;url=?act=index">
<?php
} elseif ($GLOBALS['redirect'] == "2") {
?>
<meta http-equiv="refresh" content="2;url=?act=index">
<?php
}
?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IOM - Internal Office Manager 1.0</title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

</head>

<body>

<div id="wrapper">

<div id="header">

</div>

<div id="menu">
	<ul>
		<li><a href="?act=index">Home</a></li>
		<?php 
		if ($GLOBALS['loggedin'] == "Log In") {
		?>
		<li><a href="?act=login">
		<?php
		echo $GLOBALS['loggedin'];
		?>

		<?php
		} else {
		?>
		<li><a href="?act=logout">
		<?php
		echo $GLOBALS['loggedin'];
		?>
		</li></a>
		<li><a href="?act=submit">Submit Ticket</a></li>
		<li><a href="?act=view">View Tickets</a></li>

  
		<?php
		}
		?>
	</ul>
</div>

<div id="content">
	<div class="entry">
		<div class="entry-title"><?php echo $GLOBALS['pagetitle'] ?></div>
		<p><?php echo $GLOBALS['maincontent'] ?></p>
	</div>
</div>

<div id="footer">

	</div>
</div>

</div>

</body>
</html>
<?php
}

function encrypt($string) {
$crypted = crypt(md5($string), md5($string));
return $crypted;
}

////////////////////////////////////////////////////////////////////////////
// POST AND GET:                                                          //
////////////////////////////////////////////////////////////////////////////

if ($_POST["act"]!="")		$act = $_POST['act'];

else if ($_GET["act"]!="")	$act = $_GET["act"];

//

if ($_POST["username"]!="")		$username = $_POST['username'];	

else if ($_GET["username"]!="")	$username = $_GET["username"];

//

if ($_POST["password"]!="")		$password = $_POST['password'];	

else if ($_GET["password"]!="")	$password = $_GET["password"];

//

if ($_POST["email"]!="")		$email = $_POST['email'];

else if ($_GET["email"]!="")	$email = $_GET["email"];

//

if ($_POST["id"]!="")		$id = $_POST['id'];	

else if ($_GET["id"]!="")	$id = $_GET["id"];

//

if ($_POST["subject"]!="")		$subject = $_POST['subject'];

else if ($_GET["subject"]!="")	$subject = $_GET["subject"];

//

if ($_POST["issue"]!="")		$issue = $_POST['issue'];

else if ($_GET["issue"]!="")	$issue = $_GET["issue"];

//

if ($_POST["upload"]!="")		$issue = $_POST['upload'];

else if ($_GET["upload"]!="")	$issue = $_GET["upload"];



////////////////////////////////////////////////////////////////////////////
// LETS START THE USER SESSION OF IOM:                                    //
////////////////////////////////////////////////////////////////////////////

session_start();
require("config.php");
if (!$_SESSION['username']) {
$login = 0;
$loggedin = "Log In";
} else {
$login = 1;
$loggedin = "Log Out";
}


////////////////////////////////////////////////////////////////////////////
// DATE INFO:                                                             //
////////////////////////////////////////////////////////////////////////////

$curdate = date("Y-m-d");



////////////////////////////////////////////////////////////////////////////
// MYSQL CONNECT:                                                         //
////////////////////////////////////////////////////////////////////////////

$db=mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE ("Unable to connect to database! mtroup@thefirestore.com");
mysql_select_db($dbname);



if ($act == "" | $act == "index") {
if(!$_SESSION['username']) {
$pagetitle = "Welcome";
$maincontent = "Hello and welcome to IOM - Internal Office Mananger. Please login with your supplied user name and password to submit a request to our web department.";
} else {
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		$lastlogin = $row["date"];
		if ($tempuser == $usertemp2) {
		break;
		}
		}
	}
session_start();
$maincontent = "You are logged in as:<strong><font color=\"red\">" ." " ." " . $_SESSION['username'] . "</strong></font>";
}
ShowHTML();
die;
} elseif ($act == "register") {
$pagetitle = "Register";
$maincontent = "Please enter your details below to register for an account.</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=registeracc\" method=\"post\">
<tr>
	<td>Username:</td>
	<td><input type=\"text\" name=\"username\" size=\"50\"></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type=\"password\" name=\"password\" size=\"50\"></td>
</tr>
<tr>
	<td>Email:</td>
	<td><input type=\"text\" name=\"email\" size=\"70\"></td>
</tr>
<tr>
	<td> </td>
	<td><input type=\"submit\" value=\"Submit\"></td>
</tr>
</form>
</table>";
ShowHTML();
die;
} elseif ($act == "login") {
$pagetitle = "<br />Login";
$maincontent = "</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=loginpass\" method=\"post\">
<tr>
	<td>Username:</td>
	<td><input type=\"text\" name=\"username\" size=\"50\"></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type=\"password\" name=\"password\" size=\"50\"></td>
</tr>
<tr>
	<td> </td>
	<td><input type=\"submit\" value=\"Submit\"></td>
</tr>
</form>
</table></p>
";
ShowHTML();
die;
} elseif ($act == "logout") {
setcookie ("IOM", "", time()-604800);
$_SESSION['username'] = "";
$pagetitle = "Logged Out";
$maincontent = "You have been successfully logged out. You will be redirected shortly.";
$redirect = "2";
ShowHTML();
die;
} elseif ($act == "loginpass") {
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		$temppass = $row["password"];
		$temprank = $row["rank"];
		$tempdate = $row["date"];
		if($username == $tempuser) {
			if ($temppass === (Encrypt($password))) {
			$success = "1";
			break;
			} else {
			$success = "0";
			}
		} else {
		$success = "0";
		}
	}
}
if ($success != "1") {
$pagetitle = "Incorrect";
$maincontent = "You have specified and incorrect username or password.";
} else {
$pagetitle = "Success";
$redirect = "1";
$maincontent = "Login successful, you will be redirected now.";
setcookie('IOM', $username, time()+60*60*24*30);
$_SESSION['username'] = $username;
mysql_query("UPDATE users SET date='$curdate' WHERE username='$username'") or die (mysql_error());
}
ShowHTML();
die;
} elseif ($act == "registeracc") {
if ($username == "" | $password == "" | $email == "") {
$pagetitle = "Error";
$maincontent = "Please make sure that you fill in all fields.";
} else {
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		if($tempuser == $username) {
		$pagetitle = "Error";
		$maincontent = "That username already exists within our database.";
		ShowHTML();
		die;
		}
	}
		$member1 = "Member";
		$encpassword = encrypt($password);
		mysql_query("INSERT INTO users VALUES ('','$username','$encpassword', '$email', '$member1', '$curdate')") or die (mysql_error());
		$pagetitle = "Success";
		$maincontent = "You have been successfully added to the database.";
}	
}
ShowHTML();
die;
}

if ($login != "1") {
$pagetitle = "Login";
$maincontent = "You can't do that because your not logged in";
} else {
if ($act == "view") {
$maincontent ="
<table width=\"100%\" border=\"0\" >
		<tr>
			<td>ID</td>
			<td>Subject</td>
			<td>Summary</td>
			<td>Status</td>
			<td>Progress</td>
			<td>View/Delete</td>
			<td>Replies</td>
		</tr>";
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$pagetitle = "View Support Tickets - $usertemp2";
		$query = "SELECT * FROM tickets ORDER BY progress ASC";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempuser = $row["username"];
				$tempid = $row["index"];
				$tempsubject = $row["subject"];
				$tempsummary = $row["summary"];
				$tempstatus = $row["status"];
				$tempprogress = $row["progress"];
				$tempreply = $row["replied"];
				$upload = $row["uploadEND"];
				if ($tempuser == $usertemp2) {
				$maincontent .= "
		<tr>
			<td>$tempid</td>
			<td>$tempsubject</td>
			<td>$tempsummary</td>
			<td>$tempstatus</td>
			<td>$tempprogress %</td>
			<td>$uploadEND</td>
			<td><a href=\"?act=viewticket&id=$tempid\">View</a>  <a href=\"?act=deleteticket&id=$tempid\">Delete</a></td><td>	";



			if ($tempreply == "1") {
			$maincontent .= "Yes";
			} else {
			$maincontent .= "No";
			}
			$maincontent .="</td>
		</tr> ";

				}
				}
			}
$maincontent .= "</table>";
} elseif ($act == "viewticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
		$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempuser = $row["username"];
				$tempid = $row["index"];
				$tempsubject = $row["subject"];
				$tempissue = $row["issue"];
				$tempstatus = $row["status"];
				$tempprogress = $row["progress"];
				$tempreply = $row["replied"];
				$newname = $row["uploadEND"];
				if ($id == $tempid) {
					if ($tempuser == $usertemp2) {
					$pagetitle = "View Support Ticket - $tempsubject";
					$maincontent .= "
		<table width=\"100%\" border=\"0\">
			<tr>
				<td>ID:</td>
				<td>$tempid</td>
			</tr>
			<tr>
				<td>Subject:</td>
				<td>$tempsubject</td>
			</tr>
			<tr>
				<td>Status:</td>
				<td>$tempstatus</td>
			</tr>

  


			<tr>
				<td>Progress:</td>
				<td>$tempprogress %</td>
			</tr>
			<tr>
				<td>Conversation:</td>
				<td>$tempissue</td>
			</tr>
			<tr>
				<td> </td>
				<td>";






				if ($tempstatus == "Open") {
				$maincontent .="<a href=\"?act=closeticket&id=$tempid\">Close Ticket?</a>";
				} else {
				$maincontent .="<a href=\"?act=openticket&id=$tempid\">Open Ticket?</a>";
				}
				$maincontent.= "</td>
			</tr>
";
				if ($tempreply != "0") {
				$maincontent .= "				<tr>
				<td> </td>
				<td><a href=\"?act=replyticket&id=$tempid\">Reply to ticket?</a></td>
				</tr>";
				}
				$maincontent .= "
		</table>";
						break;
						}
				}
				}
			}
	} elseif ($act == "replyticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempid = $row["index"];
				$tempuser = $row["username"];
				$tempissue = $row["issue"];
				if ($tempid == $id) {
					if ($tempuser == $usertemp2) {
					$pagetitle = "Reply to Ticket";
					$maincontent .= "
					Please use the form below to reply to the ticket:</p>
					<p>
		<table width=\"100%\" border=\"0\">
		<form method=\"post\" action=\"?act=replyticketgo\">
		<input type=\"hidden\" name=\"id\" value=\"$tempid\">
			<tr>
				<td>Conversation:</td>
				<td>$tempissue</td>
			</tr>
			<tr>
				<td>Reply:</td>
				<td><textarea name=\"issue\" cols=\"50\" rows=\"10\"></textarea></td>
			</tr>
			<tr>
				<td> </td>
				<td><input type=\"submit\" value=\"Submit\" size=\"50\"></td>
			</tr>
		</form>
		</table>";
						break;
				}
				}
				}
			}
} elseif ($act == "replyticketgo") {
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempid = $row["index"];
				$tempuser = $row["username"];
				$tempissue = $row["issue"];
				if ($tempid == $id) {
					if ($tempuser == $usertemp2) {
				$tissue = "<u>".$HTTP_COOKIE_VARS["IOM"]."</u>:<br>
				".$issue."<br>
				-----------------------------------------------<br>".$tempissue;
				mysql_query("UPDATE tickets SET issue='$tissue', replied='0' WHERE `index`='$id'") or die (mysql_error());
				$pagetitle = "Ticket Reply";
				$maincontent = "The ticket has been replied to successfully";

				}
				}
			}
		}

			} elseif ($act == "uploadfile") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("INSERT INTO uploadEND VALUES ('','$uploadEND')") or die (mysql_error());
	$pagetitle = "Upload Complete";
	$maincontent = "Your upload has been added to the ticket successfully";


} elseif ($act == "deleteticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("DELETE FROM tickets WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Deleted";
	$maincontent = "Your ticket has been deleted successfully";
} elseif ($act == "closeticket") {
$closed = "Closed";
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("UPDATE tickets SET status='$closed' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Closed";
	$maincontent = "Your ticket has been closed successfully";
} elseif ($act == "openticket") {
$open = "Open";
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("UPDATE tickets SET status='$open' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Opened";
	$maincontent = "Your ticket has been opened successfully";
} elseif ($act == "submit") {
$pagetitle = "Submit New Ticket";

//Check that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {

  //chcek file & size 
  $filename = basename($_FILES['uploaded_file']['name']);
  $ext = substr($filename, strrpos($filename, '.') + 1);
  if (($ext = "jpg,gif,xls,doc,png") && ($_FILES["uploaded_file"]["type"] = "jpg,gif,xls,doc,png") && 
    ($_FILES["uploaded_file"]["size"] < 350000000)) {
     
    //Determine the path to which we want to save this file
      $newname = dirname(__FILE__).'/files/'.$filename;
      
      //Check if the file with the same name is already exists on the server
      if (!file_exists($newname)) {
       
        //Attempt to move the uploaded file to it's new place
        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
           
	$uploadEND = '<a href=\"downloadfilelink\">' . $newname . "</a>";


// AND LETS RUN OUR UPLOAD CHECKS!!       
           
           
        } else {
           echo "Error: A problem occurred during file upload!";
        }
      } else {
         echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
      }
  } else {
     echo "Upload Error, Only JPG,GIF,XLS,DOC Allowed.";
  }
//} else {
//echo "Error: No file uploaded";
}


$maincontent = "Please enter the details about the new ticket below:</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=submitticket\" method=\"post\">
	<tr>
		<td>Subject:</td>
		<td><input type=\"text\" name=\"subject\" size=\"50\"></td>
	</tr>
	<tr>
		<td>Issue:</td>
		<td><textarea cols=\"50\" rows=\"10\" name=\"issue\"></textarea></td>
	</tr>
	<tr>

		<td> </td>
	<!--	<td><input type=\"submit\" value=\"Submit\"></td> -->
	</tr>


					<td>File:</td>
			<td>  
    <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000000\" />
    <input name=\"uploaded_file\" type=\"file\" />
    <input type=\"submit\" value=\"Submit\" />
  </form></td>	
  <td>
</table>"; 	






} elseif ($act == "submitticket") {
	if ($subject == "" | $issue == "") {
	$pagetitle = "Error";
	$maincontent = "Please make sure all fields are filled in.";
	} else {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$status = "Open";
	$progress = "0";
	$pagetitle = "Ticket Submitted";
	$upload = $newname; 
	$summary = substr($issue, 0, 30)."...";
	$maincontent = "Your ticket has been submitted! <br />";





	$issue = "<u>".$usertemp2."</u>:<br>".$issue."<br>
	-----------------------------------------------<br>
	";
	mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')") or die (mysql_error());

	}
} else {
$pagetitle = "Invalid";
$maincontent = "You have specified an invalid action.";
}
}
ShowHTML();
?>

mikesta707 · September 22, 2009

can you just post the relevant code, there are a lot of lines there...

but from skimming through, it doesn't look like you ever create a variable $uploadEND.

try

mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$upload')") or die (mysql_error());

Sign In

PHP Help needed

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information