Jump to content

Help with my forum problems


Leveecius

Recommended Posts

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

If the server your testing on doesn't have short_open_tag = On set in the php.ini then using <? will not work for PHP code, the php code within it will instead be sent to the users browsers just like the rest of the HTML.

Link to comment
Share on other sites

Can someone look at my coding and tell me what is wrong with them?  Or can someone just write a simple in-game forum.  It's a single page forum, where if the topic goes off page, it's gone for good.  No multiple pages or anything like that.  If you need to, you can take some of the info out of my original code to mesh it with the game coding already.  Please, will someone help me with this?

Link to comment
Share on other sites

Hi

 

There are minor changes, but most things should be OK. Biggest change is the default value for register globals (as mentioned on the first page of this thread). With this you can either override the default value (not recommended, too easy to open security holes) or go through the code and make sure that form fields are manually turned into variables.

 

All the best

 

Keith

Link to comment
Share on other sites

umm, what do you mean by that?

 

With register globals set on, if you have a form field called (for example) fred then a variable called $fred will automatically be created in the script that receives the form with the value of the form field called fred.

 

With register globals set off then this will not happen. You will need to access them from either the $_GET, $_POST or $_REQUEST arrays. So modify your code to assign $fred = $_REQUEST['fred'];

 

This was all mentioned at the start of this thread.

 

All the best

 

Keith

Link to comment
Share on other sites

Hi

 

No. That code is checking that one thing ($info->title) is equal to another thing ("$_POST['title']").

 

$_POST['title'] is a form field, and that is the correct way to use it. With register globals on you could have used $title so:-

 

if ($info->title == $title)

 

would have worked (but been insecure).

 

There is a problem with that line anyway. The double quotes in $info->title == "$_POST['title']" are not required. That is trying to check against a string which contains the value of the variable $_POST['title'], but you cannot just use associative array variables within a string like that.

 

All the best

 

Keith

Link to comment
Share on other sites

Ok guys, still not working.  Here is my code:

 

<?php
session_start();  

if (!(isset($_SESSION["real_name"])))
{
//echo "I'm not logged in";
header('Location: index.php');
}
?>
<html>
<head>
<title>Mafia Syndicate BETA</title>
<style type="text/css">
<!--
.style4 {color: #FF0000}
.style5 {color: #0000FF}
-->
</style>
</head>
    	<link REL="stylesheet" TYPE="text/css" HREF="main.css">
<script language=javascript src=Menus.js></script>
<body background="wallpaper.jpg">
<center> 
<table border="0" cellspacing="0" cellpadding="0" align="center" width="95%" class="cat">
<TR> 
<TD width="150" background="tdbg3.jpg" bgcolor="#222222" valign="top">
<?php include("leftmenu.php");?>
</TD>
    <td width="100%" valign="top">	<br>	
<?php

include "includes/db_connect.php";
include "bb.php";

$delete = strip_tags($_GET['delete']);
if($delete && $userlevel>=5) 
{
	mysql_query("DELETE FROM forum_question WHERE id='$delete'") or die(mysql_error());
}

$sticky = strip_tags($_GET['sticky']);
if($sticky && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '1', important = '0' WHERE id='$sticky'") or die(mysql_error());
}

$unsticky = strip_tags($_GET['unsticky']);
if($unsticky && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unsticky'") or die(mysql_error());
}

$important = strip_tags($_GET['important']);
if($important && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '1' WHERE id='$important'") or die(mysql_error());
}

$unimportant = strip_tags($_GET['unimportant']);
if($unimportant && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unimportant'") or die(mysql_error());
}

$lock = strip_tags($_GET['lock']);
if($lock && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock'") or die(mysql_error());
}

$userlock = strip_tags($_GET['userlock']);
if($userlock) 
{
	mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock' AND username='$username'") or die(mysql_error());
}

$unlock = strip_tags($_GET['unlock']);
if($unlock && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET locked='0' WHERE id='$unlock'") or die(mysql_error());
}
if ($_POST['Submit'] && strip_tags($_POST['title']) && strip_tags($_POST['content']))
{

$topic = $_POST['title']; 
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
	echo "<font color=red><b>You have been muted!</b></font><br><br>";  
} 
else
{
	$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");
$result=mysql_query($sql) or die(mysql_error());

$info = mysql_fetch_object($query);

	if ($info->title == $topic)
	{

	echo "There is already a topic with this title!";

	}
	else
	{
		$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));
$result=mysql_query($sql) or die(mysql_error());

		$datetime=date("d/m/y h:i:s"); //create date time

		if ($topic == "")
		{
			echo "You must add a title!";
		}
		else
		{
			mysql_query("UPDATE forum_question SET new='0' WHERE new='1'");
$result=mysql_query($sql) or die(mysql_error());

			if ($topic !="" && $content !="")
			{
				$sql="INSERT INTO forum_question(id, title, content, datetime, username, place, lastreply)VALUES('', 'title', '$content','$datetime', '$username', 'main', '$time')";
				$result=mysql_query($sql);
			}
		}
	}
}
}

mysql_query("DELETE FROM forum_question WHERE title=''");
$sql="SELECT * FROM forum_question WHERE sticky='1' AND place='main' ORDER BY lastreply DESC, reply DESC";
$result=mysql_query($sql) or die(mysql_error());

$username=$_SESSION['username'];
?>
<table border="1" cellspacing="0" cellpadding="0" bordercolor="black" align="center" width="75%" class="sub2">
<tr>
<td class="header" colspan="2" align="center">Main Forum </td>
</tr>
<?php
include "includes/db_connect.php";
$sql3="SELECT * FROM forum_question WHERE important='1' AND place='main' ORDER BY lastreply DESC, reply DESC";
$result3=mysql_query($sql3) or die(mysql_error());

while($rows3=mysql_fetch_array($result3))
{ 
	$locked = $rows3['locked'];
	echo '<tr><td width="92%" border="0" ><font color=red>IMPORTANT:</font><a href="view_topic.php?id='.$rows3['id'].'">'.forumbb($rows3['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'.$rows3['reply'].'</td></tr>';
}

while($rows=mysql_fetch_array($result))
{ 
	$locked = $rows['locked'];
	echo '<tr><td width="92%" border="0" ><span class="style5">STICKY:</span><a href="view_topic.php?id='.$rows['id'].'">'.forumbb($rows['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'. $rows['reply'].'</td></tr>';
}

$sql2="SELECT * FROM forum_question WHERE sticky='0' AND important='0' AND place='main' ORDER BY lastreply DESC, reply DESC LIMIT 30";
$result2=mysql_query($sql2) or die(mysql_error());
while($rows2=mysql_fetch_array($result2))
{ 
	$locked = $rows2['locked'];
	echo '<tr><td width="92%" border="0" ><a href="view_topic.php?id='.$rows2['id'].'">'.htmlentities($rows2['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'.$rows2['reply'].'</td></tr>';
}
?>
</table>
<center><form action="Forum.php" method="post">
Title:<br> 
<input name="title" style="border:1px solid black;" class="tbox" type="text"><br>
Content:<br>
<textarea name="content" style="border:1px solid black;" class="tbox" cols="50" rows="8"></textarea><br><br>
<center><input name="Submit" type="submit" class="tbox" value="Post topic!"></center>
</form></center>
<br><br>
<?php

if ($userlevel >= 10) 
{
	echo '<center><a href="wipeforum.php"><font color="#FF0000">*<b>Clear Forum</b></font></a></center>';
}
?>
<br><br>
</td>
<TD width="150" valign="top">
<?php include("rightmenu.php");?>
</TD>
</TR>
</table>
</center>
</body>
</html>
?>

 

What is wrong with it?

Link to comment
Share on other sites

Hi

 

Cannot see where the variables $userlevel or $mute come from (they might be set up in one of the includes).

 

You have this code:-

 

	$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");
$result=mysql_query($sql) or die(mysql_error());

$info = mysql_fetch_object($query);

 

The middle line appears to be totally redundant.

 

Similarly with

 

			$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));
$result=mysql_query($sql) or die(mysql_error());

 

you haven't set up $sql to contain anything to execute, and also you do not use $fetch haveing executed that sql.

 

Another unnecessary line here executing $sql without setting anything up:-

 

			mysql_query("UPDATE forum_question SET new='0' WHERE new='1'");
$result=mysql_query($sql) or die(mysql_error());

 

Also $content doesn't appear to be initialised. Possibly should be $detail (as you have set $detail = $_POST['content'];).

 

All the best

 

Keith

Link to comment
Share on other sites

ok, so my $detail == ($_Post['content']) is right then?  You lost me on that one.

 

As far as the middle line being redundant, how so?  if it can't get the query, should it not die?

I'll fix the $fetch, and I don't see the other unecessary line that didn't set anything up. :S

Link to comment
Share on other sites

ok, so my $detail == ($_Post['content']) is right then?  You lost me on that one.

 

You are referring to a variable called $content which is never set up. However you put the form field content into the variable $detail. I suspect you either want to put the form field content into a field called $content, or change the lines that refer to $content to refer to $detail.

 

As far as the middle line being redundant, how so?  if it can't get the query, should it not die?

I'll fix the $fetch, and I don't see the other unecessary line that didn't set anything up. :S

 

OK, lets go through it:-

 

$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");

 

This executes a query, with the SQL that is in the brackets. The result is put into $query.

 

$result=mysql_query($sql) or die(mysql_error());

 

This is trying to execute a query that is in the brackets (ie, the SQL stored in the variable $sql but which you haven't set up) and put the result into $result. If the query fails it will die and put out the error (and it will fail as you haven't passed it any SQL). It has nothing to do with the previous line.

 

$info = mysql_fetch_object($query);

 

This fetches the next line (in this case the next line is the first one as you hadn't previously retrieved a line) from $query.

 

I suspect what you wanted was:-

 

$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40") or die(mysql_error());		
$info = mysql_fetch_object($query);

 

All the best

 

Keith

Link to comment
Share on other sites

ok, I understand the mysql lines, that makes sense completely. 

 

now I'm still trying to figure out the content.  Right now I have:

 

$topic = $_POST['title']; 
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

 

You're saying I need to have it as:

$topic = $_POST['title']; 
$content = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

??

 

Sorry again, I'm getting much better at understanding this, I just am trying to figure out what small errors I've missed.

Link to comment
Share on other sites

Hi

 

Close, but you need to also change it a couple of lines down where you strip the tags from it.

 

$topic = $_POST['title'];

$content = $_POST['content'];

$topic = strip_tags($topic);

$content = strip_tags($content);

$ownusername=$_SESSION["real_name"];

$time=time();

 

All the best

 

Keith

Link to comment
Share on other sites

I'm sorry, I just realized I didn't put up my code lol

 

<?php
session_start();  

if (!(isset($_SESSION["real_name"])))
{
//echo "I'm not logged in";
header('Location: index.php');
}
?>
<html>
<head>
<title>Mafia Syndicate BETA</title>
<style type="text/css">
<!--
.style4 {color: #FF0000}
.style5 {color: #0000FF}
-->
</style>
</head>
    	<link REL="stylesheet" TYPE="text/css" HREF="main.css">
<script language=javascript src=Menus.js></script>
<body background="wallpaper.jpg">
<center> 
<table border="0" cellspacing="0" cellpadding="0" align="center" width="95%" class="cat">
<TR> 
<TD width="150" background="tdbg3.jpg" bgcolor="#222222" valign="top">
<?php include("leftmenu.php");?>
</TD>
    <td width="100%" valign="top">	<br>	
<?php

include "includes/db_connect.php";
include "bb.php";

$delete = strip_tags($_GET['delete']);
if($delete && $userlevel>=5) 
{
	mysql_query("DELETE FROM forum_question WHERE id='$delete'") or die(mysql_error());
}

$sticky = strip_tags($_GET['sticky']);
if($sticky && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '1', important = '0' WHERE id='$sticky'") or die(mysql_error());
}

$unsticky = strip_tags($_GET['unsticky']);
if($unsticky && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unsticky'") or die(mysql_error());
}

$important = strip_tags($_GET['important']);
if($important && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '1' WHERE id='$important'") or die(mysql_error());
}

$unimportant = strip_tags($_GET['unimportant']);
if($unimportant && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unimportant'") or die(mysql_error());
}

$lock = strip_tags($_GET['lock']);
if($lock && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock'") or die(mysql_error());
}

$userlock = strip_tags($_GET['userlock']);
if($userlock) 
{
	mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock' AND username='$username'") or die(mysql_error());
}

$unlock = strip_tags($_GET['unlock']);
if($unlock && $userlevel>=5) 
{
	mysql_query("UPDATE forum_question SET locked='0' WHERE id='$unlock'") or die(mysql_error());
}
if ($_POST['Submit'] && strip_tags($_POST['title']) && strip_tags($_POST['content']))
{

$topic = $_POST['title']; 
$content = $_POST['content'];
$topic = strip_tags($topic);
$content = strip_tags($content);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
	echo "<font color=red><b>You have been muted!</b></font><br><br>";  
} 
else
{
	$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40") or die(mysql_error());		
$info = mysql_fetch_object($query);

$info = mysql_fetch_object($query);

	if ($info->title == $topic)
	{

	echo "There is already a topic with this title!";

	}
	else
	{
		$mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));
$result=mysql_query($sql) or die(mysql_error());

		$datetime=date("d/m/y h:i:s"); //create date time

		if ($topic == "")
		{
			echo "You must add a title!";
		}
		else
		{
			$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40") or die(mysql_error());		
$info = mysql_fetch_object($query);
			if ($topic !="" && $content !="")
			{
				$sql="INSERT INTO forum_question(id, title, content, datetime, username, place, lastreply)VALUES('', 'title', '$content','$datetime', '$username', 'main', '$time')";
				$result=mysql_query($sql);
			}
		}
	}
}
}

mysql_query("DELETE FROM forum_question WHERE title=''");
$sql="SELECT * FROM forum_question WHERE sticky='1' AND place='main' ORDER BY lastreply DESC, reply DESC";
$result=mysql_query($sql) or die(mysql_error());

$username=$_SESSION['username'];
?>
<table border="1" cellspacing="0" cellpadding="0" bordercolor="black" align="center" width="75%" class="sub2">
<tr>
<td class="header" colspan="2" align="center">Main Forum </td>
</tr>
<?php
include "includes/db_connect.php";
$sql3="SELECT * FROM forum_question WHERE important='1' AND place='main' ORDER BY lastreply DESC, reply DESC";
$result3=mysql_query($sql3) or die(mysql_error());

while($rows3=mysql_fetch_array($result3))
{ 
	$locked = $rows3['locked'];
	echo '<tr><td width="92%" border="0" ><font color=red>IMPORTANT:</font><a href="view_topic.php?id='.$rows3['id'].'">'.forumbb($rows3['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'.$rows3['reply'].'</td></tr>';
}

while($rows=mysql_fetch_array($result))
{ 
	$locked = $rows['locked'];
	echo '<tr><td width="92%" border="0" ><span class="style5">STICKY:</span><a href="view_topic.php?id='.$rows['id'].'">'.forumbb($rows['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'. $rows['reply'].'</td></tr>';
}

$sql2="SELECT * FROM forum_question WHERE sticky='0' AND important='0' AND place='main' ORDER BY lastreply DESC, reply DESC LIMIT 30";
$result2=mysql_query($sql2) or die(mysql_error());
while($rows2=mysql_fetch_array($result2))
{ 
	$locked = $rows2['locked'];
	echo '<tr><td width="92%" border="0" ><a href="view_topic.php?id='.$rows2['id'].'">'.htmlentities($rows2['title']).'</a>';
	if ($locked == 1)
	{
		echo '<span class="style4">(Locked)</span>';
	}
	echo '</td><td width="8%" align="right">'.$rows2['reply'].'</td></tr>';
}
?>
</table>
<center><form action="Forum.php" method="post">
Title:<br> 
<input name="title" style="border:1px solid black;" class="tbox" type="text"><br>
Content:<br>
<textarea name="content" style="border:1px solid black;" class="tbox" cols="50" rows="8"></textarea><br><br>
<center><input name="Submit" type="submit" class="tbox" value="Post topic!"></center>
</form></center>
<br><br>
<?php

if ($userlevel >= 10) 
{
	echo '<center><a href="wipeforum.php"><font color="#FF0000">*<b>Clear Forum</b></font></a></center>';
}
?>
<br><br>
</td>
<TD width="150" valign="top">
<?php include("rightmenu.php");?>
</TD>
</TR>
</table>
</center>
</body>
</html>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.