Jump to content

PHP Help needed

voloproductions

By voloproductions
in PHP Coding Help

 Share

Recommended Posts

voloproductions Newbie

voloproductions

Posted
Posted

Hello all below is code that I need help with....  I am trying to get $uploadEND  to input a url from the upload script into my database.... let me know what you see here. 

 

 

<?php

function ShowHTML() {

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<?php

if ($GLOBALS['redirect'] == "1") {

?>

<meta http-equiv="refresh" content="2;url=?act=index">

<?php

} elseif ($GLOBALS['redirect'] == "2") {

?>

<meta http-equiv="refresh" content="2;url=?act=index">

<?php

}

?>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>IOM - Internal Office Manager 1.0</title>

<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

 

</head>

 

<body>

 

<div id="wrapper">

 

<div id="header">

 

</div>

 

<div id="menu">

<ul>

<li><a href="?act=index">Home</a></li>

<?php

if ($GLOBALS['loggedin'] == "Log In") {

?>

<li><a href="?act=login">

<?php

echo $GLOBALS['loggedin'];

?>

 

<?php

} else {

?>

<li><a href="?act=logout">

<?php

echo $GLOBALS['loggedin'];

?>

</li></a>

<li><a href="?act=submit">Submit Ticket</a></li>

<li><a href="?act=view">View Tickets</a></li>

 

 

<?php

}

?>

</ul>

</div>

 

<div id="content">

<div class="entry">

<div class="entry-title"><?php echo $GLOBALS['pagetitle'] ?></div>

<p><?php echo $GLOBALS['maincontent'] ?></p>

</div>

</div>

 

<div id="footer">

 

</div>

</div>

 

</div>

 

</body>

</html>

<?php

}

 

function encrypt($string) {

$crypted = crypt(md5($string), md5($string));

return $crypted;

}

 

////////////////////////////////////////////////////////////////////////////

// POST AND GET:                                                          //

////////////////////////////////////////////////////////////////////////////

 

if ($_POST["act"]!="") $act = $_POST['act'];

 

else if ($_GET["act"]!="") $act = $_GET["act"];

 

//

 

if ($_POST["username"]!="") $username = $_POST['username'];

 

else if ($_GET["username"]!="") $username = $_GET["username"];

 

//

 

if ($_POST["password"]!="") $password = $_POST['password'];

 

else if ($_GET["password"]!="") $password = $_GET["password"];

 

//

 

if ($_POST["email"]!="") $email = $_POST['email'];

 

else if ($_GET["email"]!="") $email = $_GET["email"];

 

//

 

if ($_POST["id"]!="") $id = $_POST['id'];

 

else if ($_GET["id"]!="") $id = $_GET["id"];

 

//

 

if ($_POST["subject"]!="") $subject = $_POST['subject'];

 

else if ($_GET["subject"]!="") $subject = $_GET["subject"];

 

//

 

if ($_POST["issue"]!="") $issue = $_POST['issue'];

 

else if ($_GET["issue"]!="") $issue = $_GET["issue"];

 

//

 

if ($_POST["upload"]!="") $issue = $_POST['upload'];

 

else if ($_GET["upload"]!="") $issue = $_GET["upload"];

 

 

 

////////////////////////////////////////////////////////////////////////////

// LETS START THE USER SESSION OF IOM:                                    //

////////////////////////////////////////////////////////////////////////////

 

session_start();

require("config.php");

if (!$_SESSION['username']) {

$login = 0;

$loggedin = "Log In";

} else {

$login = 1;

$loggedin = "Log Out";

}

 

 

////////////////////////////////////////////////////////////////////////////

// DATE INFO:                                                            //

////////////////////////////////////////////////////////////////////////////

 

$curdate = date("Y-m-d");

 

 

 

////////////////////////////////////////////////////////////////////////////

// MYSQL CONNECT:                                                        //

////////////////////////////////////////////////////////////////////////////

 

$db=mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE ("Unable to connect to database! mtroup@thefirestore.com");

mysql_select_db($dbname);

 

 

 

if ($act == "" | $act == "index") {

if(!$_SESSION['username']) {

$pagetitle = "Welcome";

$maincontent = "Hello and welcome to IOM - Internal Office Mananger. Please login with your supplied user name and password to submit a request to our web department.";

} else {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$lastlogin = $row["date"];

if ($tempuser == $usertemp2) {

break;

}

}

}

$maincontent = "<br />

<font size='4'>Welcome: <strong><font color=\"red\">$tempuser</font>$usertemp2</font></strong> <br />

to your control panel. Please select from the menu above to get started and to continue.<br>

You last logged in on: $lastlogin";

}

ShowHTML();

die;

} elseif ($act == "register") {

$pagetitle = "Register";

$maincontent = "Please enter your details below to register for an account.</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=registeracc\" method=\"post\">

<tr>

<td>Username:</td>

<td><input type=\"text\" name=\"username\" size=\"50\"></td>

</tr>

<tr>

<td>Password:</td>

<td><input type=\"password\" name=\"password\" size=\"50\"></td>

</tr>

<tr>

<td>Email:</td>

<td><input type=\"text\" name=\"email\" size=\"70\"></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\"></td>

</tr>

</form>

</table>";

ShowHTML();

die;

} elseif ($act == "login") {

$pagetitle = "<br />Login";

$maincontent = "</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=loginpass\" method=\"post\">

<tr>

<td>Username:</td>

<td><input type=\"text\" name=\"username\" size=\"50\"></td>

</tr>

<tr>

<td>Password:</td>

<td><input type=\"password\" name=\"password\" size=\"50\"></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\"></td>

</tr>

</form>

</table></p>

";

ShowHTML();

die;

} elseif ($act == "logout") {

setcookie ("IOM", "", time()-604800);

$_SESSION['username'] = "";

$pagetitle = "Logged Out";

$maincontent = "You have been successfully logged out. You will be redirected shortly.";

$redirect = "2";

ShowHTML();

die;

} elseif ($act == "loginpass") {

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$temppass = $row["password"];

$temprank = $row["rank"];

$tempdate = $row["date"];

if($username == $tempuser) {

if ($temppass === (Encrypt($password))) {

$success = "1";

break;

} else {

$success = "0";

}

} else {

$success = "0";

}

}

}

if ($success != "1") {

$pagetitle = "Incorrect";

$maincontent = "You have specified and incorrect username or password.";

} else {

$pagetitle = "Success";

$redirect = "1";

$maincontent = "Login successful, you will be redirected now.";

setcookie('IOM', $username, time()+60*60*24*30);

$_SESSION['username'] = $username;

mysql_query("UPDATE users SET date='$curdate' WHERE username='$username'") or die (mysql_error());

}

ShowHTML();

die;

} elseif ($act == "registeracc") {

if ($username == "" | $password == "" | $email == "") {

$pagetitle = "Error";

$maincontent = "Please make sure that you fill in all fields.";

} else {

$query = "SELECT * FROM users";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

if($tempuser == $username) {

$pagetitle = "Error";

$maincontent = "That username already exists within our database.";

ShowHTML();

die;

}

}

$member1 = "Member";

$encpassword = encrypt($password);

mysql_query("INSERT INTO users VALUES ('','$username','$encpassword', '$email', '$member1', '$curdate')") or die (mysql_error());

$pagetitle = "Success";

$maincontent = "You have been successfully added to the database.";

}

}

ShowHTML();

die;

}

 

if ($login != "1") {

$pagetitle = "Login";

$maincontent = "You can't do that because your not logged in";

} else {

if ($act == "view") {

$maincontent ="

<table width=\"100%\" border=\"0\" >

<tr>

<td>ID</td>

<td>Subject</td>

<td>Summary</td>

<td>Status</td>

<td>Progress</td>

<td>View/Delete</td>

<td>Replies</td>

</tr>";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$pagetitle = "View Support Tickets - $usertemp2";

$query = "SELECT * FROM tickets ORDER BY progress ASC";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$tempid = $row["index"];

$tempsubject = $row["subject"];

$tempsummary = $row["summary"];

$tempstatus = $row["status"];

$tempprogress = $row["progress"];

$tempreply = $row["replied"];

$upload = $row["uploadEND"];

if ($tempuser == $usertemp2) {

$maincontent .= "

<tr>

<td>$tempid</td>

<td>$tempsubject</td>

<td>$tempsummary</td>

<td>$tempstatus</td>

<td>$tempprogress %</td>

<td>$uploadEND</td>

<td><a href=\"?act=viewticket&id=$tempid\">View</a>  <a href=\"?act=deleteticket&id=$tempid\">Delete</a></td><td> ";

 

 

 

if ($tempreply == "1") {

$maincontent .= "Yes";

} else {

$maincontent .= "No";

}

$maincontent .="</td>

</tr> ";

 

}

}

}

$maincontent .= "</table>";

} elseif ($act == "viewticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempuser = $row["username"];

$tempid = $row["index"];

$tempsubject = $row["subject"];

$tempissue = $row["issue"];

$tempstatus = $row["status"];

$tempprogress = $row["progress"];

$tempreply = $row["replied"];

$newname = $row["uploadEND"];

if ($id == $tempid) {

if ($tempuser == $usertemp2) {

$pagetitle = "View Support Ticket - $tempsubject";

$maincontent .= "

<table width=\"100%\" border=\"0\">

<tr>

<td>ID:</td>

<td>$tempid</td>

</tr>

<tr>

<td>Subject:</td>

<td>$tempsubject</td>

</tr>

<tr>

<td>Status:</td>

<td>$tempstatus</td>

</tr>

 

 

 

 

<tr>

<td>Progress:</td>

<td>$tempprogress %</td>

</tr>

<tr>

<td>Conversation:</td>

<td>$tempissue</td>

</tr>

<tr>

<td> </td>

<td>";

 

 

 

 

 

 

if ($tempstatus == "Open") {

$maincontent .="<a href=\"?act=closeticket&id=$tempid\">Close Ticket?</a>";

} else {

$maincontent .="<a href=\"?act=openticket&id=$tempid\">Open Ticket?</a>";

}

$maincontent.= "</td>

</tr>

";

if ($tempreply != "0") {

$maincontent .= " <tr>

<td> </td>

<td><a href=\"?act=replyticket&id=$tempid\">Reply to ticket?</a></td>

</tr>";

}

$maincontent .= "

</table>";

break;

}

}

}

}

} elseif ($act == "replyticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempid = $row["index"];

$tempuser = $row["username"];

$tempissue = $row["issue"];

if ($tempid == $id) {

if ($tempuser == $usertemp2) {

$pagetitle = "Reply to Ticket";

$maincontent .= "

Please use the form below to reply to the ticket:</p>

<p>

<table width=\"100%\" border=\"0\">

<form method=\"post\" action=\"?act=replyticketgo\">

<input type=\"hidden\" name=\"id\" value=\"$tempid\">

<tr>

<td>Conversation:</td>

<td>$tempissue</td>

</tr>

<tr>

<td>Reply:</td>

<td><textarea name=\"issue\" cols=\"50\" rows=\"10\"></textarea></td>

</tr>

<tr>

<td> </td>

<td><input type=\"submit\" value=\"Submit\" size=\"50\"></td>

</tr>

</form>

</table>";

break;

}

}

}

}

} elseif ($act == "replyticketgo") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$query = "SELECT * FROM tickets";

$result = mysql_query($query);

if($result) {

while($row = mysql_fetch_array($result)){

$tempid = $row["index"];

$tempuser = $row["username"];

$tempissue = $row["issue"];

if ($tempid == $id) {

if ($tempuser == $usertemp2) {

$tissue = "<u>".$HTTP_COOKIE_VARS["IOM"]."</u>:<br>

".$issue."<br>

-----------------------------------------------<br>".$tempissue;

mysql_query("UPDATE tickets SET issue='$tissue', replied='0' WHERE `index`='$id'") or die (mysql_error());

$pagetitle = "Ticket Reply";

$maincontent = "The ticket has been replied to successfully";

 

}

}

}

}

 

} elseif ($act == "uploadfile") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("INSERT INTO uploadEND VALUES ('','$uploadEND')") or die (mysql_error());

$pagetitle = "Upload Complete";

$maincontent = "Your upload has been added to the ticket successfully";

 

 

} elseif ($act == "deleteticket") {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("DELETE FROM tickets WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Deleted";

$maincontent = "Your ticket has been deleted successfully";

} elseif ($act == "closeticket") {

$closed = "Closed";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("UPDATE tickets SET status='$closed' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Closed";

$maincontent = "Your ticket has been closed successfully";

} elseif ($act == "openticket") {

$open = "Open";

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

mysql_query("UPDATE tickets SET status='$open' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());

$pagetitle = "Ticket Opened";

$maincontent = "Your ticket has been opened successfully";

} elseif ($act == "submit") {

$pagetitle = "Submit New Ticket";

 

//Check that we have a file

if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {

 

  //chcek file & size

  $filename = basename($_FILES['uploaded_file']['name']);

  $ext = substr($filename, strrpos($filename, '.') + 1);

  if (($ext = "jpg,gif,xls,doc,png") && ($_FILES["uploaded_file"]["type"] = "jpg,gif,xls,doc,png") &&

    ($_FILES["uploaded_file"]["size"] < 350000000)) {

   

    //Determine the path to which we want to save this file

      $newname = dirname(__FILE__).'/files/'.$filename;

     

      //Check if the file with the same name is already exists on the server

      if (!file_exists($newname)) {

     

        //Attempt to move the uploaded file to it's new place

        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {

         

$uploadEND = '<a href=\"downloadfilelink\">' . $newname . "</a>";

 

 

// AND LETS RUN OUR UPLOAD CHECKS!!     

         

         

        } else {

          echo "Error: A problem occurred during file upload!";

        }

      } else {

        echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";

      }

  } else {

    echo "Upload Error, Only JPG,GIF,XLS,DOC Allowed.";

  }

//} else {

//echo "Error: No file uploaded";

}

 

 

$maincontent = "Please enter the details about the new ticket below:</p>

<p>

<table border=\"0\" width=\"100%\">

<form action = \"?act=submitticket\" method=\"post\">

<tr>

<td>Subject:</td>

<td><input type=\"text\" name=\"subject\" size=\"50\"></td>

</tr>

<tr>

<td>Issue:</td>

<td><textarea cols=\"50\" rows=\"10\" name=\"issue\"></textarea></td>

</tr>

<tr>

 

<td> </td>

<!-- <td><input type=\"submit\" value=\"Submit\"></td> -->

</tr>

 

 

<td>File:</td>

<td> 

    <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000000\" />

    <input name=\"uploaded_file\" type=\"file\" />

    <input type=\"submit\" value=\"Submit\" />

  </form></td>

  <td>

</table>";

 

 

 

 

 

 

} elseif ($act == "submitticket") {

if ($subject == "" | $issue == "") {

$pagetitle = "Error";

$maincontent = "Please make sure all fields are filled in.";

} else {

$usertemp2 = $HTTP_COOKIE_VARS["IOM"];

$status = "Open";

$progress = "0";

$pagetitle = "Ticket Submitted";

$upload = $newname;

$summary = substr($issue, 0, 30)."...";

$maincontent = "Your ticket has been submitted! <br />";

 

 

 

 

 

$issue = "<u>".$usertemp2."</u>:<br>".$issue."<br>

-----------------------------------------------<br>

";

mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')") or die (mysql_error());

 

}

} else {

$pagetitle = "Invalid";

$maincontent = "You have specified an invalid action.";

}

}

ShowHTML();

?>

Link to comment
Share on other sites
Raphael diSanto Newbie

Raphael diSanto

Posted
Posted

First thing I'd do is var_dump the query itseld, then try running it manually at an SQL prompt, see what the database says.

 

Do:

 

$query = ""INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')";
var_dump($query);

 

then cut and paste the output into a direct MySQL prompt. If you don't have shell access to the MySQL server, use phpMyAdmin or something.

 

You can't always rely on "mysql_query() or die" to barf out if there's an error.

Link to comment
Share on other sites
voloproductions Newbie

voloproductions

Posted
  • Author
Posted

I ran it in SQL Query tab under php myadmin 

 

Returned:

 

Error

 

SQL query:

 

STRING ( 155 ) "INSERT INTO tickets VALUES (NULL,'','sss','ssss...', 'Open', '0', ': ssss ----------------------------------------------- ', '','')"

 

MySQL said: Documentation

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'string(155) "INSERT INTO tickets VALUES (NULL,'','sss','ssss...', 'Open', '0', '' at line 1

Link to comment
Share on other sites
voloproductions Newbie

voloproductions

Posted
  • Author
Posted

there we go I got it work....

I ran:

 

INSERT INTO tickets VALUES (NULL,'','sdf9/22/09 // 2:00 PM MT -','sdfaf...', 'Open', '0', ':

sdfaf

-----------------------------------------------

', '','')

 

I got:

 

INSERT INTO tickets

VALUES (

NULL , '', 'sdf9/22/09 // 2:00 PM MT -', 'sdfaf...', 'Open', '0', ': sdfaf ----------------------------------------------- ', '', ''

)

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

what is the structure of your table? do a var dump on your $uploadEND variable, and make sure you aren't doing any assignments to it between when you define its value and use it in the query (IE make sure if you have a comparison, like if ($uploadEND == "whatever") its not if ($uploadEND = "whatever") or anything like that.

Link to comment
Share on other sites
voloproductions Newbie

voloproductions

Posted
  • Author
Posted

here is my code again.

 

<?php
function ShowHTML() {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
if ($GLOBALS['redirect'] == "1") {
?>
<meta http-equiv="refresh" content="2;url=?act=index">
<?php
} elseif ($GLOBALS['redirect'] == "2") {
?>
<meta http-equiv="refresh" content="2;url=?act=index">
<?php
}
?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IOM - Internal Office Manager 1.0</title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />

</head>

<body>

<div id="wrapper">

<div id="header">

</div>

<div id="menu">
	<ul>
		<li><a href="?act=index">Home</a></li>
		<?php 
		if ($GLOBALS['loggedin'] == "Log In") {
		?>
		<li><a href="?act=login">
		<?php
		echo $GLOBALS['loggedin'];
		?>

		<?php
		} else {
		?>
		<li><a href="?act=logout">
		<?php
		echo $GLOBALS['loggedin'];
		?>
		</li></a>
		<li><a href="?act=submit">Submit Ticket</a></li>
		<li><a href="?act=view">View Tickets</a></li>

  
		<?php
		}
		?>
	</ul>
</div>

<div id="content">
	<div class="entry">
		<div class="entry-title"><?php echo $GLOBALS['pagetitle'] ?></div>
		<p><?php echo $GLOBALS['maincontent'] ?></p>
	</div>
</div>

<div id="footer">

	</div>
</div>

</div>

</body>
</html>
<?php
}

function encrypt($string) {
$crypted = crypt(md5($string), md5($string));
return $crypted;
}

////////////////////////////////////////////////////////////////////////////
// POST AND GET:                                                          //
////////////////////////////////////////////////////////////////////////////

if ($_POST["act"]!="")		$act = $_POST['act'];

else if ($_GET["act"]!="")	$act = $_GET["act"];

//

if ($_POST["username"]!="")		$username = $_POST['username'];	

else if ($_GET["username"]!="")	$username = $_GET["username"];

//

if ($_POST["password"]!="")		$password = $_POST['password'];	

else if ($_GET["password"]!="")	$password = $_GET["password"];

//

if ($_POST["email"]!="")		$email = $_POST['email'];

else if ($_GET["email"]!="")	$email = $_GET["email"];

//

if ($_POST["id"]!="")		$id = $_POST['id'];	

else if ($_GET["id"]!="")	$id = $_GET["id"];

//

if ($_POST["subject"]!="")		$subject = $_POST['subject'];

else if ($_GET["subject"]!="")	$subject = $_GET["subject"];

//

if ($_POST["issue"]!="")		$issue = $_POST['issue'];

else if ($_GET["issue"]!="")	$issue = $_GET["issue"];

//

if ($_POST["upload"]!="")		$issue = $_POST['upload'];

else if ($_GET["upload"]!="")	$issue = $_GET["upload"];



////////////////////////////////////////////////////////////////////////////
// LETS START THE USER SESSION OF IOM:                                    //
////////////////////////////////////////////////////////////////////////////

session_start();
require("config.php");
if (!$_SESSION['username']) {
$login = 0;
$loggedin = "Log In";
} else {
$login = 1;
$loggedin = "Log Out";
}


////////////////////////////////////////////////////////////////////////////
// DATE INFO:                                                             //
////////////////////////////////////////////////////////////////////////////

$curdate = date("Y-m-d");



////////////////////////////////////////////////////////////////////////////
// MYSQL CONNECT:                                                         //
////////////////////////////////////////////////////////////////////////////

$db=mysql_connect($dbhostname,$dbusername, $dbpassword) OR DIE ("Unable to connect to database! mtroup@thefirestore.com");
mysql_select_db($dbname);



if ($act == "" | $act == "index") {
if(!$_SESSION['username']) {
$pagetitle = "Welcome";
$maincontent = "Hello and welcome to IOM - Internal Office Mananger. Please login with your supplied user name and password to submit a request to our web department.";
} else {
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		$lastlogin = $row["date"];
		if ($tempuser == $usertemp2) {
		break;
		}
		}
	}
session_start();
$maincontent = "You are logged in as:<strong><font color=\"red\">" ." " ." " . $_SESSION['username'] . "</strong></font>";
}
ShowHTML();
die;
} elseif ($act == "register") {
$pagetitle = "Register";
$maincontent = "Please enter your details below to register for an account.</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=registeracc\" method=\"post\">
<tr>
	<td>Username:</td>
	<td><input type=\"text\" name=\"username\" size=\"50\"></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type=\"password\" name=\"password\" size=\"50\"></td>
</tr>
<tr>
	<td>Email:</td>
	<td><input type=\"text\" name=\"email\" size=\"70\"></td>
</tr>
<tr>
	<td> </td>
	<td><input type=\"submit\" value=\"Submit\"></td>
</tr>
</form>
</table>";
ShowHTML();
die;
} elseif ($act == "login") {
$pagetitle = "<br />Login";
$maincontent = "</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=loginpass\" method=\"post\">
<tr>
	<td>Username:</td>
	<td><input type=\"text\" name=\"username\" size=\"50\"></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type=\"password\" name=\"password\" size=\"50\"></td>
</tr>
<tr>
	<td> </td>
	<td><input type=\"submit\" value=\"Submit\"></td>
</tr>
</form>
</table></p>
";
ShowHTML();
die;
} elseif ($act == "logout") {
setcookie ("IOM", "", time()-604800);
$_SESSION['username'] = "";
$pagetitle = "Logged Out";
$maincontent = "You have been successfully logged out. You will be redirected shortly.";
$redirect = "2";
ShowHTML();
die;
} elseif ($act == "loginpass") {
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		$temppass = $row["password"];
		$temprank = $row["rank"];
		$tempdate = $row["date"];
		if($username == $tempuser) {
			if ($temppass === (Encrypt($password))) {
			$success = "1";
			break;
			} else {
			$success = "0";
			}
		} else {
		$success = "0";
		}
	}
}
if ($success != "1") {
$pagetitle = "Incorrect";
$maincontent = "You have specified and incorrect username or password.";
} else {
$pagetitle = "Success";
$redirect = "1";
$maincontent = "Login successful, you will be redirected now.";
setcookie('IOM', $username, time()+60*60*24*30);
$_SESSION['username'] = $username;
mysql_query("UPDATE users SET date='$curdate' WHERE username='$username'") or die (mysql_error());
}
ShowHTML();
die;
} elseif ($act == "registeracc") {
if ($username == "" | $password == "" | $email == "") {
$pagetitle = "Error";
$maincontent = "Please make sure that you fill in all fields.";
} else {
$query = "SELECT * FROM users";
$result = mysql_query($query);
if($result) {
	while($row = mysql_fetch_array($result)){
		$tempuser = $row["username"];
		if($tempuser == $username) {
		$pagetitle = "Error";
		$maincontent = "That username already exists within our database.";
		ShowHTML();
		die;
		}
	}
		$member1 = "Member";
		$encpassword = encrypt($password);
		mysql_query("INSERT INTO users VALUES ('','$username','$encpassword', '$email', '$member1', '$curdate')") or die (mysql_error());
		$pagetitle = "Success";
		$maincontent = "You have been successfully added to the database.";
}	
}
ShowHTML();
die;
}

if ($login != "1") {
$pagetitle = "Login";
$maincontent = "You can't do that because your not logged in";
} else {
if ($act == "view") {
$maincontent ="
<table width=\"100%\" border=\"0\" >
		<tr>
			<td>ID</td>
			<td>Subject</td>
			<td>Summary</td>
			<td>Status</td>
			<td>Progress</td>
			<td>View/Delete</td>
			<td>Replies</td>
		</tr>";
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$pagetitle = "View Support Tickets - $usertemp2";
		$query = "SELECT * FROM tickets ORDER BY progress ASC";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempuser = $row["username"];
				$tempid = $row["index"];
				$tempsubject = $row["subject"];
				$tempsummary = $row["summary"];
				$tempstatus = $row["status"];
				$tempprogress = $row["progress"];
				$tempreply = $row["replied"];
				$upload = $row["uploadEND"];
				if ($tempuser == $usertemp2) {
				$maincontent .= "
		<tr>
			<td>$tempid</td>
			<td>$tempsubject</td>
			<td>$tempsummary</td>
			<td>$tempstatus</td>
			<td>$tempprogress %</td>
			<td>$uploadEND</td>
			<td><a href=\"?act=viewticket&id=$tempid\">View</a>  <a href=\"?act=deleteticket&id=$tempid\">Delete</a></td><td>	";



			if ($tempreply == "1") {
			$maincontent .= "Yes";
			} else {
			$maincontent .= "No";
			}
			$maincontent .="</td>
		</tr> ";

				}
				}
			}
$maincontent .= "</table>";
} elseif ($act == "viewticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
		$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempuser = $row["username"];
				$tempid = $row["index"];
				$tempsubject = $row["subject"];
				$tempissue = $row["issue"];
				$tempstatus = $row["status"];
				$tempprogress = $row["progress"];
				$tempreply = $row["replied"];
				$newname = $row["uploadEND"];
				if ($id == $tempid) {
					if ($tempuser == $usertemp2) {
					$pagetitle = "View Support Ticket - $tempsubject";
					$maincontent .= "
		<table width=\"100%\" border=\"0\">
			<tr>
				<td>ID:</td>
				<td>$tempid</td>
			</tr>
			<tr>
				<td>Subject:</td>
				<td>$tempsubject</td>
			</tr>
			<tr>
				<td>Status:</td>
				<td>$tempstatus</td>
			</tr>

  


			<tr>
				<td>Progress:</td>
				<td>$tempprogress %</td>
			</tr>
			<tr>
				<td>Conversation:</td>
				<td>$tempissue</td>
			</tr>
			<tr>
				<td> </td>
				<td>";






				if ($tempstatus == "Open") {
				$maincontent .="<a href=\"?act=closeticket&id=$tempid\">Close Ticket?</a>";
				} else {
				$maincontent .="<a href=\"?act=openticket&id=$tempid\">Open Ticket?</a>";
				}
				$maincontent.= "</td>
			</tr>
";
				if ($tempreply != "0") {
				$maincontent .= "				<tr>
				<td> </td>
				<td><a href=\"?act=replyticket&id=$tempid\">Reply to ticket?</a></td>
				</tr>";
				}
				$maincontent .= "
		</table>";
						break;
						}
				}
				}
			}
	} elseif ($act == "replyticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempid = $row["index"];
				$tempuser = $row["username"];
				$tempissue = $row["issue"];
				if ($tempid == $id) {
					if ($tempuser == $usertemp2) {
					$pagetitle = "Reply to Ticket";
					$maincontent .= "
					Please use the form below to reply to the ticket:</p>
					<p>
		<table width=\"100%\" border=\"0\">
		<form method=\"post\" action=\"?act=replyticketgo\">
		<input type=\"hidden\" name=\"id\" value=\"$tempid\">
			<tr>
				<td>Conversation:</td>
				<td>$tempissue</td>
			</tr>
			<tr>
				<td>Reply:</td>
				<td><textarea name=\"issue\" cols=\"50\" rows=\"10\"></textarea></td>
			</tr>
			<tr>
				<td> </td>
				<td><input type=\"submit\" value=\"Submit\" size=\"50\"></td>
			</tr>
		</form>
		</table>";
						break;
				}
				}
				}
			}
} elseif ($act == "replyticketgo") {
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$query = "SELECT * FROM tickets";
		$result = mysql_query($query);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$tempid = $row["index"];
				$tempuser = $row["username"];
				$tempissue = $row["issue"];
				if ($tempid == $id) {
					if ($tempuser == $usertemp2) {
				$tissue = "<u>".$HTTP_COOKIE_VARS["IOM"]."</u>:<br>
				".$issue."<br>
				-----------------------------------------------<br>".$tempissue;
				mysql_query("UPDATE tickets SET issue='$tissue', replied='0' WHERE `index`='$id'") or die (mysql_error());
				$pagetitle = "Ticket Reply";
				$maincontent = "The ticket has been replied to successfully";

				}
				}
			}
		}

			} elseif ($act == "uploadfile") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("INSERT INTO uploadEND VALUES ('','$uploadEND')") or die (mysql_error());
	$pagetitle = "Upload Complete";
	$maincontent = "Your upload has been added to the ticket successfully";


} elseif ($act == "deleteticket") {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("DELETE FROM tickets WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Deleted";
	$maincontent = "Your ticket has been deleted successfully";
} elseif ($act == "closeticket") {
$closed = "Closed";
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("UPDATE tickets SET status='$closed' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Closed";
	$maincontent = "Your ticket has been closed successfully";
} elseif ($act == "openticket") {
$open = "Open";
$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	mysql_query("UPDATE tickets SET status='$open' WHERE `index`='$id' AND username='$usertemp2'") or die (mysql_error());
	$pagetitle = "Ticket Opened";
	$maincontent = "Your ticket has been opened successfully";
} elseif ($act == "submit") {
$pagetitle = "Submit New Ticket";

//Check that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {

  //chcek file & size 
  $filename = basename($_FILES['uploaded_file']['name']);
  $ext = substr($filename, strrpos($filename, '.') + 1);
  if (($ext = "jpg,gif,xls,doc,png") && ($_FILES["uploaded_file"]["type"] = "jpg,gif,xls,doc,png") && 
    ($_FILES["uploaded_file"]["size"] < 350000000)) {
     
    //Determine the path to which we want to save this file
      $newname = dirname(__FILE__).'/files/'.$filename;
      
      //Check if the file with the same name is already exists on the server
      if (!file_exists($newname)) {
       
        //Attempt to move the uploaded file to it's new place
        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
           
	$uploadEND = '<a href=\"downloadfilelink\">' . $newname . "</a>";


// AND LETS RUN OUR UPLOAD CHECKS!!       
           
           
        } else {
           echo "Error: A problem occurred during file upload!";
        }
      } else {
         echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
      }
  } else {
     echo "Upload Error, Only JPG,GIF,XLS,DOC Allowed.";
  }
//} else {
//echo "Error: No file uploaded";
}


$maincontent = "Please enter the details about the new ticket below:</p>
<p>
<table border=\"0\" width=\"100%\">
<form action = \"?act=submitticket\" method=\"post\">
	<tr>
		<td>Subject:</td>
		<td><input type=\"text\" name=\"subject\" size=\"50\"></td>
	</tr>
	<tr>
		<td>Issue:</td>
		<td><textarea cols=\"50\" rows=\"10\" name=\"issue\"></textarea></td>
	</tr>
	<tr>

		<td> </td>
	<!--	<td><input type=\"submit\" value=\"Submit\"></td> -->
	</tr>


					<td>File:</td>
			<td>  
    <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000000\" />
    <input name=\"uploaded_file\" type=\"file\" />
    <input type=\"submit\" value=\"Submit\" />
  </form></td>	
  <td>
</table>"; 	






} elseif ($act == "submitticket") {
	if ($subject == "" | $issue == "") {
	$pagetitle = "Error";
	$maincontent = "Please make sure all fields are filled in.";
	} else {
	$usertemp2 = $HTTP_COOKIE_VARS["IOM"];
	$status = "Open";
	$progress = "0";
	$pagetitle = "Ticket Submitted";
	$upload = $newname; 
	$summary = substr($issue, 0, 30)."...";
	$maincontent = "Your ticket has been submitted! <br />";





	$issue = "<u>".$usertemp2."</u>:<br>".$issue."<br>
	-----------------------------------------------<br>
	";
	mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$uploadEND')") or die (mysql_error());

	}
} else {
$pagetitle = "Invalid";
$maincontent = "You have specified an invalid action.";
}
}
ShowHTML();
?>

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

can you just post the relevant code, there are a lot of lines there...

 

but from skimming through, it doesn't look like you ever create a variable $uploadEND.

 

try

mysql_query("INSERT INTO tickets VALUES (NULL,'$username','$subject','$summary', '$status', '$progress', '$issue', '$replied','$upload')") or die (mysql_error());

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.