Jump to content

Need help with a 3rd party , small CMS script.


cyber_alchemist

Recommended Posts

I found this small CMS script over the internet , all tough this script few errors, i managed to clear a few, but I still can't find the problem why it isn't posting any data into the database. 

 

here is the script related to this :

<?php
require_once 'db.inc.php';
require_once 'cms_http_functions.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
    die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

if (isset($_REQUEST['action'])) {

    switch ($_REQUEST['action']) {
    case 'Submit New Article':
        $title = (isset($_POST['title'])) ? $_POST['title'] : '';
        $article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
            : '';
        if (isset($_SESSION['user_id']) && !empty($title) &&
            !empty($article_text)) {
            $sql = 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' . $_SESSION['user_id'] . ', 
                    "' . date('Y-m-d H:i:s') . '",
                    "' . mysql_real_escape_string($title, $db) . '",
                    "' . mysql_real_escape_string($article_text, $db) . '")';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_index.php');
        break;

    case 'Edit':
        redirect('cms_compose.php?action=edit&article_id=' . $_POST['article_id']);
        break;

    case 'Save Changes':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        $user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
        $title = (isset($_POST['title'])) ? $_POST['title'] : '';
        $article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
            : '';
        if (!empty($article_id) && !empty($title) && !empty($article_text)) {
            $sql = 'UPDATE cms_articles SET 
                    title = "' . mysql_real_escape_string($title, $db) . '",
                    article_text = "' . mysql_real_escape_string($article_text,
                        $db) . '",
                    submit_date = "' . date('Y-m-d H:i:s') . '"
                WHERE
                    article_id = ' . $article_id;
            if (!empty($user_id)) {
                $sql .= ' AND user_id = ' . $user_id;
            }
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        if (empty($user_id)) {
            redirect('cms_pending.php');
        } else {
            redirect('cms_cpanel.php');
        }
        break;

    case 'Publish':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'UPDATE cms_articles SET 
                    is_published = TRUE,
                    publish_date = "' . date('Y-m-d H:i:s') . '"
                WHERE
                    article_id = ' . $article_id;
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Retract':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'UPDATE cms_articles SET 
                    is_published = FALSE,
                    publish_date = "0000-00-00 00:00:00"
                WHERE
                    article_id = ' . $article_id;
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Delete':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'DELETE a, c FROM
                    cms_articles a LEFT JOIN cms_comments c ON
                    a.article_id = c.article_id
                WHERE
                    a.article_id = ' . $article_id . ' AND
                    is_published = FALSE';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Submit Comment':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        $comment_text = (isset($_POST['comment_text'])) ?
            $_POST['comment_text'] : '';
        if (isset($_SESSION['user_id']) && !empty($article_id) &&
            !empty($comment_text)) {
            $sql = 'INSERT INTO cms_comments 
                    (article_id, user_id, comment_date, comment_text)
                VALUES
                    (' . $article_id . ',
                    ' . $_SESSION['user_id'] . ',
                    "' . date('Y-m-d H:i:s') . '",
                    "' . mysql_real_escape_string($comment_text, $db) . '")';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_view_article.php?article_id=' . $article_id);
        break;

    default:
        redirect('cms_index.php');
    }
} else {
    redirect('cms_index.php');
}
?>

It is the article transact file...

 

and below is the composing script :

<?php
require 'db.inc.php';
include 'cms_header.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
    die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

$action = (isset($_GET['action'])) ? $_GET['action'] : '';
$article_id = (isset($_GET['article_id']) && ctype_digit($_GET['article_id'])) ?
    $_GET['article_id'] : '' ;

$title = (isset($_POST['title'])) ? $_POST['title'] : '' ;
$article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : '' ;
$user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '' ;

if ($action == 'edit' && !empty($article_id)) {
    $sql = 'SELECT
            title, article_text, user_id
        FROM
            cms_articles
        WHERE
            article_id = ' . $article_id;
    $result = mysql_query($sql, $db) or die(mysql_error($db));

    $row = mysql_fetch_array($result);
    extract($row);
    mysql_free_result($result);
}
?>
<h2>Compose Article</h2>
<form method="post" action="cms_transact_article.php">
 <table>
  <tr>
   <td><label for="title">Title:</label></td>
   <td><input type="text" name="title" id="title" maxlength="255"
     value="<?php echo htmlspecialchars($title); ?>"/></td>
  </tr><tr>
   <td><label for="article_text">Text:</label></td>
   <td><textarea name="article_text" name="article_text" rows="10"
     cols="60"><?php echo htmlspecialchars($article_text); ?></textarea></td>
  </tr><tr>
   <td> </td>
   <td>
<?php
if ($_SESSION['access_level'] < 2) {
    echo '<input type="hidden" name="user_id" value="' . $user_id . '"/>';
}

if (empty($article_id)) {
    echo '<input type="submit" name="action" "value="Submit New Article"/>';
} else {
    echo '<input type="hidden" name="article_id" value="' . $article_id . '"/>';
    echo '<input type="submit" name="action" "value="Save Changes"/>';
}
?>
   </td>
  </tr>
 </table>
</form>
<?php
require_once 'cms_footer.inc.php';
?>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.