Jump to content

PHP Seperation of duties

amsgwp

By amsgwp
in PHP Coding Help

 Share

Recommended Posts

amsgwp Newbie

amsgwp

Posted
Posted

Ok so I can't figure out a way to fix this because of how the script was written to begin with.

 

Has anyone ever had a variable that is used for two different things at the same time?  Let me try to explain...

 

I have a CMS system that is super basic.  You include a script on your homepage where you want some editable content then when you have the correct cookie you click on a link on the homepage and it allows you to edit that spot on the page.  Here is where the problem lies...

 

On the homepage when you click on the link to edit it sends something like edit.php?content=main_body

 

main_body tells the script which page you are editing...so in the edit.php I did a $_GET['content']

 

this then allows me to open the correct file and display it for editing.  Well when the editing is done I need to submit form with the changes.  Well I still need to send the same variable $content telling the script which file to be updating.

 

Well when you submit the form you have to do a $_POST['content'] to figure out which file to be updating(it is sent as a hidden form field).

 

Does anyone follow me at all?

 

here is the offending code

<?

include "config.inc.php";
include "$phpWebEd_language.inc.php";
include"spaw2/spaw.inc.php";
SpawConfig::setStaticConfigValue('default_height','420px');

$content = $_GET['content'];
$content = $_POST['content'];


if (!check_user()) {
echo "$no_auth_str\r\n";
exit;
}
if ($content == "") {
    echo "Access denied! \r\nWrong parameter count.\r\n";
    exit;
else {

}
$contentfile = $phpWebEd_dir . "/contents/" . $content . ".html";
if (is_file($contentfile)) {
    $status = "$content_modified_str<br>" . date("Y-m-d H:i:s", filemtime($contentfile));
} else {
    if ($fp = @fopen($contentfile, "w")) fclose($fp);
    else {
        echo "Error reading/writing file! \r\nPlease check the file permissions.\r\n";
        exit;
    }
}
if ($content != "" && isset($htmlsource)) {
    if ($edtype != "ax") {
        $is_tag = False;
        for ($i = 0; $i <= strlen($htmlsource); $i++) {
            if ($htmlsource[$i] == "<") $is_tag = True;
            if ($is_tag) $tmp .= $htmlsource[$i];
            else $tmp .= htmlentities($htmlsource[$i]);
            if ($htmlsource[$i] == ">") $is_tag = False;
        }
        $htmlsource = $tmp;
    }
    copy($contentfile, $contentfile . ".bak");
    $fp = fopen($contentfile, "w");
    if ($only_trusted_tags == 1) $htmlsource = strip_tags($htmlsource, $trusted_tags);
    fwrite($fp, stripslashes($htmlsource));
    if (fclose($fp)) {
        if ($edtype == "ax") echo "OK\r\n";
        else echo "<script language=\"JavaScript\">opener.location.reload();\n window.close();</script>";
    }
    exit;
}
if ($imagefile != "" && $imagefile_name != "") {
   set_time_limit(120);
   $new_imagefile = $phpWebEd_dir . "/contents/" . $imagefile_name;
   if (copy($imagefile, $new_imagefile)) echo "OK\r\n";
   exit;
}	
if ($deleteimage != "") {
   if (unlink($phpWebEd_dir . "/contents/" . $deleteimage)) echo "OK\r\n";
   exit;
}
?>
<html>
<head>
<? echo "<title>$content - $editor</title>";?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function ok() {
   <? 
   if ($edtype == "ax") echo "axwebed.save();\n opener.location.reload();\n window.close();";
   else echo "document.editform.submit();";
   ?> 
}
function cancel() {
   <? 
   if ($edtype == "ax") echo "axwebed.close();\n window.close();";
   else echo "window.close();";
   ?>     
}
//-->
</script>
</head>

<body bgcolor="#DDDDDD" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<?
   if ($edtype == "ax") {
    ?>
      <object classid="clsid:CCD2FBFF-41DA-4E94-9F66-847DD44A6B58" width="100%" height="100%" align="center" name="axwebed">
        <p>If you can read this, <a href="http://www.m-tecs.net/axwebed/" target="_blank">axWebEd</a>
        is not installed on your computer or your browser doesn't support ActiveX controls.</p>
      </object> 
      <script VBScript>
       axwebed.params(<? echo "'$phpWebEd_url', '$content', '$auth'";?>);
       <? if ($axWebEd_options != "") echo "axwebed.options('$axWebEd_options');";?>
       axwebed.load();
      </script>
<?
}
else {
    ?>      
<form name="editform" method="post" action="<? echo $_SERVER['PHP_SELF']; ?>" >
       <?
	  
	  if (!($fp = @fopen($contentfile, "r"))) echo "Error reading file";
	  else {
		$htmlsource = fread($fp, filesize($contentfile));
		fclose($fp);
		$htmlsource = new SpawEditor("htmlsource", $htmlsource);
		$htmlsource->show();
	  }
          ?>
	  <input type="hidden" name="content2" value="<? echo $_GET['content']; ?>">      
    </form>
<table width="0%" border="0">
  <tr>
    <td>Save: </td>
    <td><a href="javascript:ok();"><img src="images/ok.gif" width="40" height="40" border="0"></a></td>
    <td>Cancel: </td>
    <td><a href="javascript:cancel();"><img src="images/cancel.gif" width="40" height="40" border="0"></a></td>
  </tr>
</table>
<?
}
?>  
    </td>
  </tr>
  <tr>
    <td valign="bottom" bgcolor="#666666"><font size="1" face="Arial, Helvetica, sans-serif" color="#DDDDDD"><? echo $status;?></font></td>
  </tr>
</table>
</body>
</html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.