value not carrying
i have errors set to E_ALL and it'f not finding anything. i don't get what's wrong. the appnu function is NOT sending the fn value appnu when you choose a person
(edited to prevent scrolling)
set in includes:
$host, $login2, $pass2, $admins, bgnpg(), bgnmsgpg(), $approvers, $suspenders, $jra, $adm, $wbm, $ok
<?php
include(\"/home/joshua/includes/fyd.incs.php\"); # includes file
/* ***************************************************
** set any and all variables that need to be set **
*************************************************** */
$fn=$_POST['fn']; // what you want to do
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify yourself
# check for access in the db
# connect to the db
$db=mysql_connect($host, $login2, $pass2) or die(\"cannot access mysql\");
# get the db
$fyd=mysql_select_db('findyourdesire', $db) or die(\"cannot access db\");
$accessfind=mysql_query(\"SELECT site_access FROM users WHERE username='$un' AND
password='$pw'\", $db);
if(!(mysql_num_rows($accessfind)==0)){ # we found a user
# find out the access level
$accesscheck=mysql_fetch_array($accessfind); $sa=$accesscheck['site_access'];
if(contains($sa, $admins)){ # if the level is an admin level
/* *******************************************************
*** find where we are and call the creation functions ***
******************************************************* */
if(isset($fn)){ // we wanna do something
# approve new user profile
if($fn=='appnu'){ bgnpg('New User Approval'); appnu($db); }
elseif($fn=='appbio'){ bgnpg('Bio Approval'); appbio($db); } # approve bios
# approve bios
elseif($fn=='appmain'){ bgnpg('Main Pic Approval'); appmain($db); }
# approve thumb 1
elseif($fn=='appt1'){ bgnpg('Thumbnail Pic Approval'); appt1($db); }
# approve thumb 2
elseif($fn=='appt2'){ bgnpg('Thumbnail Pic Approval'); appt2($db); }
# approve thumb 3
elseif($fn=='appt3'){ bgnpg('Thumbnail Pic Approval'); appt3($db); }
# approve thumb 4
elseif($fn=='appt4'){ bgnpg('Thumbnail Pic Approval'); appt4($db); }
# approve salute
elseif($fn=='appsalute'){ bgnpg('Salute Pic Approval'); appsalute($db); }
elseif($fn=='susus'){ bgnmsgpg('Member Suspension'); susus($db); } # suspend user
# review suspensions
elseif($fn=='susrev'){ bgnmsgpg('Suspension Review'); susrev($db); }
elseif($fn=='delu'){ bgnmsgpg('Member Deletion page'); delu(); } # delete user
# adjust user's site access
elseif($fn=='access'){ bgnmsgpg('Site Access Adjustment'); access($db); }
# adjust forums
elseif($fn=='adjfor'){ bgnmsgpg('Forum Adjustment'); adjfor($db); }
# give miscellaneous commands
elseif($fn=='misc'){ bgnmsgpg('Josh\'s Special Page'); misc(); }
# something's wrong
else{ bgnmsgpg('Administration Area (restricted access)'); choice($db); }
# begin this craziness
}else{ bgnmsgpg('Administration Area (restricted access)'); choice($db); }
# user shouldn't be this far
}else{ bgnmsgpg('Administration Area (restricted access)'); problem(); }
# user shouldn't be this far
}else{ bgnmsgpg('Administration Area (restricted access)'); problem(); }
function problem(){ // unauthorized access (problem)
echo <<<END
<h3>You have reached a restricted area. Alert the Administration to how you
came to this page.</h3>
</center>
</body>
</html>
END;
}
function error(){ // unauthorized access (error)
echo <<<END
<h3>You seem to have reached a page in err. Make sure administration didn't
<!--'--> change your site access.</h3>
</center>
</body>
</html>
END;
}
function choice($db){ # main admin page
# includes file (precautionary measure)
include(\"/home/joshua/includes/fyd.altincs.php\");
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify
$options=''; // what can ya do
/* find access level in db. set appropriately */
$accessret=mysql_query(\"SELECT site_access FROM users WHERE username='$un' AND
password='$pw'\", $db);
$access=mysql_fetch_array($accessret); // get the access level
$sa=$access['site_access']; // set the access level
if(contains($sa, $approvers)){ // you are allowed to approve
$options.=\" <option value=\\"appnu\\">Approve New Users</option>\n
<option value=\\"appbio\\">Approve Bios</option>\n <option value=\\"appmain\\">
Approve Main Pictures</option>\n <option value=\\"appt1\\">Approve 1st Thumb
</option>\n <option value=\\"appt2\\">Approve 2nd Thumb</option>\n <option
value=\\"appt3\\">Approve 3rd Thumb</option>\n <option value=\\"appt4\\">Approve 4th
Thumb</option>\n <option value=\\"appsalute\\">Approve Salute Picture
</option>\n\"; } # add the approver options
if(contains($sa, $suspenders)){ // you're allowed to suspend
# add the suspend options
$options.=\" <option value=\\"susus\\">Suspend User</option>\n\"; }
// youre more than a someone given the ability to suspend and/or approve
if(($sa==$jra)||($sa==$adm)||($sa==$wbm)){
# add things for jr/full admins
$options=$options.\" <option value=\\"susrev\\">Review Suspended Users</option>\n
<option value=\\"access\\">Adjust User Access</option>\n\"; }
if(($sa==$adm)||($sa==$wbm)){ // you're a full admin
$options.=\" <option value=\\"delu\\">Delete User</option>\n
<option value=\\"adjfor\\">Adjust Forums</option>\n\"; } # full admin options
if($sa==$wbm){ // you're the webmaster
# only the webmaster, since the other
# full admins might not have a grasp of how to use dbs
$options.=\" <option value=\\"misc\\">Misc Commands</option>\"; }
echo <<<END
<h3>Welcome to the Admin Choice Page. If you link a non-admin to any admin page,
they will see nothing, except for the an error message letting them to know to report
it. (security)</h3>
<p>
<!-- php checks access level in form creation & makes select choices based on
it -->
<form action=\"$_SERVER[PHP_SELF]\" target=\"_blank\" method=\"POST\" >
<select name=\"fn\" size=\"1\">
$options
</select>
<input type=\"submit\" value=\"Administrate!\">
</form>
</p>
</center>
</body>
</html>
END;
}
function appnu($db){ # approve a new user
# includes file (precautionary measure)
include(\"/home/joshua/includes/fyd.altincs.php\");
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify
$options=''; // what can ya do
/* find access level (site_access) in db. set appropriately */
$accessret=mysql_query(\"SELECT site_access FROM users WHERE username='$un' AND
password='$pw'\", $db);
$access=mysql_fetch_array($accessret); // get access level
$sa=$access['site_access']; // set access level
if(!(contains($sa, $approvers))){ error(); } # double check on access
else{ # we're gonna do find and appprove someone
if($_POST['action']==='APPROVED'){ # approve
$ruin=$_POST['ruin']; // id # being approved
$run=$_POST['run']; // name being approved
// approve profile
$update=mysql_query(\"UPDATE users SET approved='$ok' WHERE uid='$ruin'\", $db);
foreach($pics as $pic){ // for each picture you have
$img=getcwd().'/unapproved/'.$pic.'.'.$run.'.jpg'; $to=getcwd().'/userpics/'.
$pic.'.'.$run.'.jpg';
if(is_file($img)){ rename($img, $to); } # move to approved
} // pictures should now show up
if(mysql_affected_rows($update)==1){ // it worked
$result=\"$run's profile successfully approved\"; }
else{ // something went wrong
$errno=mysql_errno($db); // error number
$error=mysql_error($db); // error message
// set error message
$result=\"Error approving $run's profile<br />$errno: $error\"; }
echo \" <p>$result</p>\n\"; // report what happened
}elseif($_POST['action']==='REJECT'){ # reject
$ruin=$_POST['ruin']; // id number
$run=$_POST['run']; // username
$reason=$_POST['reason']; // reson for rejection
# find user's email
$findemail=mysql_query(\"SELECT email FROM users WHERE uid='$ruin'\", $db);
$getemail=mysql_fetch_array($findemail); // get email
$to=$getemail['email']; // set email
unapproveMessage('Profile', $reason, $run, $to); // let the user know why
}elseif($_POST['action']==='review'){ # review
# get the info
$ui=explode(',', $_POST['ui']); // array info
$ruin=$ui[0]; // set id number
$run=$ui[1]; // set username
# make the approval form
echo <<<END
<h1>Do NOT link to the pictures in the forum. It will defeat the purpose of
the obscuring done in the profiles. You are linked to the originals for approval
only</h1>
<form action=\"$_SERVER[PHP_SELF]\">
<input type=\"hidden\" name=\"fn\" value=\"appnu\"><input type=\"hidden\"
name=\"ruin\" value=\"$ruin\">
$tsnw
<tr><td>user:<input type=\"text\" size=\"15\" readonly name=\"run\"
value=\"$run\"> </td><td>APPROVING: PROFILE</td></tr>
<tr><td colspan=\"2\"><iframe frameborder=\"0\" name=\"bio\" scrolling=\"auto\"
src=\"bio.php?un=$run&uin=$ruin&show=yes\">if you see this upgrade to
<a href=\"http://www.mozilla.org/\">Mozilla</a> 1.3.1 or later</iframe></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/main.$run.jpg\"
target=\"pic\">Main</a></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/t1.$run.jpg\"
target=\"pic\">Thumb 1</a></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/t2.$run.jpg\"
target=\"pic\">Thumb 2</a></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/t3.$run.jpg\"
target=\"pic\">Thumb 3</a></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/t4.$run.jpg\"
target=\"pic\">Thumb 4</a></td></tr>
<tr><td colspan=\"2\" align=\"center\"><a href=\"uapproved/salute.$run.jpg\"
target=\"pic\">Salute</a></td></tr>
<tr>
<td><input type=\"text\" name=\"reason\" size=\"21\"></td>
<td>
<select name=\"action\">
<option value=\"REJECT\">REJECT</option>
<option value=\"APPROVED\">APPROVE</option>
</select>
<input type=\"submit\" value=\"Done\">
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
END;
}
if($_POST['action']!=='review'){ # if we're not reviewing
# who needs to be approved
# find newbs
$newbs=mysql_query(\"SELECT uid,username FROM users WHERE approved='$nuv'\", $db);
// while there's more newbs, get their info
while($user[]=mysql_fetch_array($newbs)){
$id=$user['uid']; // find id number
$name=$user['username']; // find name
# make them an option
$newmems=$newmems.\"<option value=\\"$id,$name\\">$name</option>\";
} #so we can place it in the form
# find out who they want to approve
echo <<<END
$poserr
<form action=\"$_SERVER[PHP_SELF]\">
<input type=\"hidden\" name=\"fn\" value=\"appnu\">
<input type=\"hidden\" name=\"action\" value=\"review\">
<select name=\"un\" size=\"1\">
$newmems
</select>
<input type=\"submit\" value=\"Review Profile!\">
</form>
</center>
</body>
</html>
END;
}
}
}
?>POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
Suzanne posted this at 23:22 — 9th September 2003.
She has: 5,507 posts
Joined: Feb 2000
Looking at the coloured code, can you spot the error? HINT: it involves an unescaped single quote.
Suzanne posted this at 23:42 — 9th September 2003.
She has: 5,507 posts
Joined: Feb 2000
Also, if it's not sending, can we see the form that's supposed to send the details?
m3rajk posted this at 01:28 — 10th September 2003.
They have: 461 posts
Joined: Jul 2003
i don't see it. the issue is that in the appnu, after you select a user, when you hit send, you get the choice panel again, which means that the hidden field, fn, is not getting a value.
yet the hidden fn field has the same value that was given to fn to get you to the selection page!
POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
Suzanne posted this at 01:39 — 10th September 2003.
She has: 5,507 posts
Joined: Feb 2000
Dude, if you're not passing the information... why aren't you passing the information?
<?php<input type=\"hidden\" name=\"fn\" value=\"appnu\">
<input type=\"hidden\" name=\"ruin\" value=\"$ruin\">
?>
Should the value be "appnu" for "fn"?
m3rajk posted this at 13:37 — 10th September 2003.
They have: 461 posts
Joined: Jul 2003
yes. and when it submits the fn isn't being set. i know this because it doesn't go back to the appnu function. fn is the function that SHOULD be called. each function handles something, so it submits with the fn being itself
POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
m3rajk posted this at 15:34 — 10th September 2003.
They have: 461 posts
Joined: Jul 2003
found it... missing method="POST" in html, and i was looking to php for the error
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.