Jump to content

Recommended Posts

i have a worksheet system designed and coded by an ex collegue, who didnt like to comment what some of the code does and how, i have been tasked to update the system from it current form which work with apache 2.2 and mysql 5.1.34, the php version is 5.2
.9 (yes i know very old!!!), boss hasnt wanted to update coz of time n money, but i point out some flaws and he is now willing to update a bit.

 

I am trying to update the code to work with xampp, PHP 5.6.19 and apache 2.4.17. the problem is i have Undefined variable: state across 9 line's of code, all with the undefinded variable: state.

 

Have look at various google searches to no luck. so wondered if you guys could help out.

 

I have the variables define at the top of the code which was already orignally there:

<?php include("header.php"); ?>
<body link='#000000' vlink='#000000' alink='#000000' text='#000000' >
<?php//declare vars
$partcatid = 1;
$jobcatid = 1;
$state = 0; //default 0
$tempinvlineid = 0;
$invtotal = 0;



/*
-----state key-----------
0 display inv / request to create a inv
1 add std part cat
2 add std part
3 add std job
4 add non std
5 update line
6 CNSI
7 Date
8 addy
9 add std job cat
10 nothing
*/


<!-- react to buttons -->
<!-- run create worksheet -->

<?php

This is where it screws up and all the line have the same code, but do a slighlty different thing (e.g. add parts, add cost's, etc)

<?php
if ($state==0)
{
	//get work sheet id if needed
	if ($worksheetid==NULL)
	{
		$worksheetid = $_GET['worksheetid'];
	}
	//end get work sheet id if needed

	//display rate
	$cust_rp = mysql_query("SELECT rate FROM customers WHERE id=(select CustomerID from worksheets where id=" . $worksheetid . ")");
	$customer = mysql_fetch_array($cust_rp);

	echo "The Workshop rate per hour, for this customer is £" . $customer['rate'] . "+VAT";
	//end display rate


	$inv_rp = mysql_query("SELECT * FROM inv where jobid =" .  $worksheetid);
	if ($inv = mysql_fetch_array($inv_rp))
	{
		//Get VAT info
		$VATInfo_rp = mysql_query("SELECT * FROM vattable");
		$Xdate = 0;
		while ($VATInfo = mysql_fetch_array($VATInfo_rp))
		{
			if ($inv['Date']>$VATInfo['date'])
			{
				if ($VATInfo['date']>$Xdate)
				{
					$VATRate=$VATInfo['rate'];
					$Xdate=$VATInfo['date'];
				}
			}
		}
		//echo "<br>" . $VATRate . "%<br>";
		//convert vate rate to multiplier
		$VATRate = ($VATRate/100)+1;
		//echo "<br>" . $VATRate . "<br>";

		echo "<TABLE align=\"center\"><tr><td><FONT color=\"blue\" SIZE=\"+2\">INVOICE No. " . $inv['invid'] . "<br>Inv status is: ";

		if($inv['PaymentState'] == 0) { echo "Un-paid"; }
		    	elseif($inv['PaymentState'] == 1) { echo "Chased"; }
		    	elseif($inv['PaymentState'] == 3) { echo "Deleted"; }
		    	elseif($inv['PaymentState'] == 2) { echo "Paid Cash"; }
		    	elseif($inv['PaymentState'] == 4) { echo "Paid Till"; }
				elseif($inv['PaymentState'] == 5) { echo "Paid CHQ"; }
				elseif($inv['PaymentState'] == 6) { echo "Issued"; }

		echo "</font></td></tr></TABLE><br>";

		//display date
		echo "Date: " . date("d-m-Y", $inv['Date']) . "</p>";

		//display cust details
		//conver new lines name
		$name = $inv['name'];
		$remove = array("\n");
		$name = str_replace($remove, '<BR>', $name);
		echo $name . "</p>";
		//conver new lines addy
		$addy = $inv['addy'];
		$remove = array("\n");
		$addy = str_replace($remove, '<BR>', $addy);
		echo $addy . "</p>";


		echo "There is  a inv</p>";
		echo "<TABLE>";
		$invline_rp = mysql_query("SELECT * FROM invline where invid =" .  $inv['invid'] . " ORDER BY invlineid");
		while ($invline = mysql_fetch_array($invline_rp))
		{
			//conver new lines
			$des = $invline['description'];
			$remove = array("\n");
			$des = str_replace($remove, '<BR>', $des);


			echo "<tr><td align=\"left\">" . $invline['invlineid'] . ":  </td><td align=\"left\">";
			echo $des;
			$moneyout = sprintf('%.2f', $invline['price']);
			echo ":</td><td align=\"right\"><B>        £" . $moneyout;

			if ($invline['HasVAT'])
			{
				echo " +Std VAT</B></td></tr>";
			}
			else
			{
				echo " Zero Rate VAT</B></td></tr>";
			}

		}


		//get total of whole inv
		$invline_rp = mysql_query("SELECT SUM(price) FROM invline WHERE invid =" .  $inv['invid']);
		$invline = mysql_fetch_array($invline_rp);
		$invtotal = $invline['SUM(price)'];

		//get total of VAT lines only on inv
		$invlineVL_rp = mysql_query("SELECT SUM(price) FROM invline WHERE invid='" .  $inv['invid'] . "' AND HasVAT='1'" );
		$invlineVL = mysql_fetch_array($invlineVL_rp);
		$invtotalVL = $invlineVL['SUM(price)'];

		//display sub total ex vat
		$moneyout = sprintf('%.2f', round($invtotal, 2));
		echo "<tr><td></td><td align=\"right\"><B>Total ex VAT =</td><td align=\"right\"><B> £". $moneyout . "</td></tr>";

		//display vat element
		$moneyout = sprintf('%.2f', round(($invtotalVL*($VATRate-1)), 2 ));
		echo "<tr><td></td><td align=\"right\"><B>VAT = </td><td align=\"right\"><B>£" . $moneyout . "</td></tr>";

		//calc then display total inc vat
		$temptotal=$invtotalVL*$VATRate;
		$temptotal=$temptotal+($invtotal-$invtotalVL);
		$moneyout = sprintf('%.2f', round(($temptotal),2));
		echo "<tr><td></td><td align=\"right\"><B>Total inc VAT = </td><td align=\"right\"><B>£" . $moneyout . "</td></tr>";
		echo "</TABLE> ";

		echo "</p><form method=\"POST\" action=\"draftinv.php\">
		Line number:<input type=\"int\" name=\"edit_line\">
		<input type=\"submit\" value=\"edit line\">
		<input type=\"hidden\" name=\"worksheetid\" value=\"" . $worksheetid ."\">
		</form>";

		echo 	"<form method=\"POST\">
			<input type=\"hidden\" name=\"worksheetid\" value=\"" . $worksheetid ."\">
			<input type=\"submit\" name=\"AddStdPart\" value=\"Add Std Part\" >
			<input type=\"submit\" name=\"AddStdJob\" value=\"Add Std Job\" >
			<input type=\"submit\" name=\"AddNonStd\" value=\"Add Non Std\" >
			<input type=\"submit\" name=\"SetDate\" value=\"Set Date\" >
			<input type=\"submit\" name=\"Setaddy\" value=\"Change Address\" >
			<input type=\"submit\" name=\"AddCCsur\" value=\"CC Charge\" >";



		if($inv['beatIt']==1)
		{
			echo "<input type=\"submit\" name=\"cInvType\" value=\"Make WC INV\" >";
		}
		else
		{
			echo "<input type=\"submit\" name=\"cInvType\" value=\"Make BeatIt INV\" >";
		}
		echo "</form></br>";



		//display inv owner
			echo "This inv is a, <b>" . $engineer_names[$inv['whos']] . "</b> inv<br>";
		//end display inv owner


		echo "</p><form method=\"POST\">";
		echo "<input type=\"hidden\" name=\"worksheetid\" value=\"" . $worksheetid ."\">";
		echo "<select style=\"width: 100;\" name=\"entry_engineer\">";
		//pull Engineers from database
		$engineer_result_pointer = mysql_query("SELECT id, EngineerName FROM engineers");
		while ($engineer_results = mysql_fetch_array($engineer_result_pointer))
		{
			echo "<option value='$engineer_results[id]'";
		    if ($engineer_results["id"]==$inv["whos"]) echo " SELECTED";
		    echo ">$engineer_results[EngineerName]</option>";
		    //echo "<br>" . $engineer_results[id] . $engineer_results[EngineerName] . $inv['whos'];
	    }
	    echo "</select>";
	    echo "<input type=\"submit\" name=\"assign\" value=\"Assign Inv\">";
		echo "</form>";




		echo	"<form method=\"post\" name=\"form1\">
			<input type=\"hidden\" name=\"nothing\" value=\"nothing\" >
			<input type=\"hidden\" name=\"worksheetid\" value=\"" . $worksheetid ."\">
			<script>
			function Printinv () {
			window.open('printinv.php?worksheetid=" . $worksheetid . "', 'PrintInv', 'height=550, width=550, scrollbars=yes, menubar=no, toolbar=no, status=no');
			}

			function Pdfinv () {
			window.open('pdfinv.php?worksheetid=" . $worksheetid . "', 'PrintInv', 'height=550, width=550, scrollbars=yes, menubar=no, toolbar=no, status=no');
			}
			
			function Cloneinv () {
			window.open('cloneinv.php?worksheetid=" . $worksheetid . "', 'CloneInv', 'height=550, width=550, scrollbars=yes, menubar=no, toolbar=no, status=no');
			}
			</script>";

		echo 	"<button onClick=\"javascript:Printinv();\">Print Inv </button>
		<button onClick=\"javascript:Pdfinv();\">Generate PDF</button>
		<button onClick=\"javascript:Cloneinv();\">Clone Inv </button></form>";



	}

	else
	{

		echo $_POST['worksheetid'];

		echo "There is NO inv would you like to create one";

		echo "<form method=\"POST\">
			<input type=\"submit\" name=\"create\" value=\"Create a Inv\" >
			<input type=\"hidden\" name=\"worksheetid\" value=\"" . $_POST['worksheetid'] ."\">
			</form>";

	}

}
?>

i have had other errors but they have been easy to figure out, i dont know much about php but learn fast and understand what its meant to do.

 

the ex-collegue is unwilling to help which kinda sucks.

 

So any help would really be appreciated.

 

if you need the acutally php page i will supply it.

 

many thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/301102-undefined-variable-state/
Share on other sites

YOU ARE VULNERABLE TO AN SQL INJECTION ATTACK!

 

You NEVER EVER send user supplied data directly to the database.

 

You are using obsolete Mysql code that has been completely removed from PHP. You need to use PDO.

https://phpdelusions.net/pdo

 

Page formatting needs to go in an external CSS file.

 

The whole thing needs to be re-written and you need to update all your software versions. You are just begging to be hacked.

Edited by benanamen

if the $state variable is undefined at the line 504+ code, either it has been unset() at some point or there's a variable scope problem.

 

is the line 504+ code inside of a function definition or is it being included into the page using a URL instead of a file system path?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.