| Author |
Message |
Donovan
Client
Joined: Oct 07, 2003
Posts: 735
Location: Ohio
|
 Posted:
Thu Jul 20, 2006 11:06 am |
|
Well for some odd reason this page stopped working. I only made some small changes like making sure it was passed thru 'ADMIN_FILE', and making usre it was compatible to the 3.1 patched version.
My case.php has the following
Code:switch($op) {
case "EditWar":
case "SaveWar":
include("modules/$module_name/admin/index.php");
break;
}
|
The actions of my form is
Code:echo "<form name=\"editwar\" action=\"".$admin_file.".php\" method=\"post\">";
|
This has worked correctly before but somewhere something was changed ( probably something small). It can pull records marked as "checked" and they are displayed. I can't update any other records and select a checkbox and write that value to the db.
For example this screen shows record that has never been updated to show they participated in a match.
This one shows records that are pulled from the database and shows some records that have the checkbox clearly checked. I can no longer update these records by checking the boxes to add or unchecking the boxes to delete the value.
The page just refreshes.
Code:<?php
/************************************************************************/
/* MILPACS (Military Personell and Classification System) */
/* Author::Donovan [3rd ID] */
/* Copyright (c) 2005 by Steven Donovan AKA Donovan [3rd ID] */
/* Email:: [ Only registered users can see links on this board! Get registered or login! ]
/* Homepage::http://www.3rd-infantry-division.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/* */
/* This program is distributed in the hope that it will be useful, but */
/* WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU */
/* General Public License for more details. */
/* */
/* If you want a copy of the GNU General Public License write to the */
/* Free Software Foundation, Inc. */
/* 59 Temple Place, Suite 330, Boston, MA 02111-1307 */
/* USA */
/************************************************************************/
if (!defined('ADMIN_FILE')) {
die ("Access Denied");
}
define('INDEX_FILE', true);
$index = 1;
include_once("header.php");
global $module_name, $db, $prefix, $admin_file, $bgcolor1, $bgcolor2;
@include("modules/MILPACS/includes/milpacs.inc.php");
$warid = $_GET['warid'];
if ($op == "SaveWar") {
// Validations go here
$result1 = $db->sql_query("SELECT * FROM vwar" . $n . " v JOIN vwar" . $n . "_opponents vo JOIN vwar" . $n . "_matchtype vmt WHERE v.status = 1 AND v.oppid = vo.oppid AND warid = '$warid'");
if (!$result1) {
echo("<p>Error accessing war data!" . mysql_error() . "</p>");
}
while ($row = $db->sql_fetchrow($result1)) {
$oppid = $row["oppid"];
$sql = "SELECT mm.uniqueid, mm.unit_id, mm.position, mr.rank_abbr, mm.u_name FROM " . $prefix . "_milpacs_members mm JOIN " . $prefix . "_milpacs_ranks mr WHERE mm.rank_id = mr.rank_id AND mm.unit_id != '' AND mm.status IN ('Active','LOA') ORDER BY mr.rank_order ";
$result = $db->sql_query($sql);
while ( $row = $db->sql_fetchrow($result) ) {
$uniqueid = $row["uniqueid"];
if ($warstatus[$uniqueid] == "Yes") {
$result2 = $db->sql_query ("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = '$warid' AND uniqueid='$uniqueid'");
if ($myrow2 = $db->sql_fetchrow($result2)){
} else {
$sql = "INSERT INTO " . $prefix . "_milpacs_combat (warid, uniqueid, oppid ) VALUES ($warid, $uniqueid, $oppid)";
$result3 = $db->sql_query ($sql);
}
} else {
$result2 = $db->sql_query ("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = " . $warid . " AND uniqueid = " . $uniqueid);
if ($myrow2 = $db->sql_fetchrow($result2)){
$result3 = $db->sql_query ("DELETE FROM " . $prefix . "_milpacs_combat WHERE warid = '$warid' AND uniqueid = '$uniqueid'");
}
}
}
}
}
$result1 = $db->sql_query("SELECT * FROM vwar" . $n . " v JOIN vwar" . $n . "_opponents vo JOIN vwar" . $n . "_matchtype vmt WHERE v.status = 1 AND v.oppid = vo.oppid AND warid = '$warid' AND v.matchtypeid = vmt.matchtypeid");
if (!$result1) {
echo("<p>Error accessing war data!" . mysql_error() . "</p>");
}
while ($row = $db->sql_fetchrow($result1)) {
$date = date("F j, Y", $row["dateline"]);
$oppname = $row["oppname"];
$matchtypename = $row["matchtypename"];
}
$result4 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_main");
$info = $db->sql_fetchrow($result4);
$unit_tag = $info[unit_tag];
OpenTable();
echo "<p><a href=\"admin.php?op=milpacs\">Return to Main Administration</a></p>";
echo "<form name=\"editwar\" action=\"".$admin_file.".php\" method=\"post\">";
echo "<div align=\"center\">"
. "<label><H2>$unit_tag War Report</H2></label>"
. "<HR>"
. "</div>"
. "<br>"
. "<p>"
. "<strong>War Date: $date</strong>"
. "<br>"
. "<strong>Enemy Engaged: $oppname</strong>"
. "<br>"
. "<strong>Matchtype: $matchtypename</strong>"
. "<br>"
. "<table border=\"0\" width=\"100%\" cellpadding=\"5\"><tr>"
. "<table border=\"0\" width=\"100%\" cellpadding=\"3\"><tr><th width=\"5%\">Rank</th><th width=\"20%\">Name</th><th width=\"15%\"><b>Position</b></th><th width=\"20%\">Present</th>"
. "</tr>"
. "</table>"
. "<table border=\"0\" width=\"100%\" cellpadding=\"5\">";
$sql = "SELECT mm.uniqueid, mm.unit_id, mm.position, mr.rank_abbr, mm.u_name FROM " . $prefix . "_milpacs_members mm JOIN " . $prefix . "_milpacs_ranks mr WHERE mm.rank_id = mr.rank_id AND mm.unit_id != '' AND mm.status IN ('Active','LOA') ORDER BY mr.rank_order ";
$result = $db->sql_query($sql);
while ( $row = $db->sql_fetchrow($result) ) {
$id = $row["uniqueid"];
$rank = $row["rank_abbr"];
$u_name = $row["u_name"];
$position = $row["position"];
$result2 = $db->sql_query ("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = " . $warid . " AND uniqueid = '$id'");
if ($myrow2 = $db->sql_fetchrow($result2)){ $checked = "checked"; } else { $checked = ""; }
?>
<tr>
<td align="center" width="5%"><b><?php echo $rank ?></b>
</td>
<td align="center" width="20%"><b><?php echo $u_name ?></b>
</td>
<td align="center" width="15%"><b><?php echo $position ?></b>
</td>
<td align="center" width="20%"><input <?=$checked?> name="warstatus[<?=$id?>]" type="checkbox" id="warstatus" value="Yes">
</td>
</tr>
<?php
}
echo "</table>"
."<input type=\"submit\" align=\"center\" name=\"Submit\" value=\"Save\"/>"
."<input type=\"hidden\" name=\"op\" value=\"SaveWar\"/>"
."<input type=\"hidden\" name=\"warid\" value=\"$warid\"/>"
."</form>";
CloseTable();
include("footer.php");
?>
|
I read a comment on another site that perhaps the use of short_tags may be disabled. as in... name="warstatus[<?=$id?>]"
Any help is appreciated. |
| |
|
 
 |
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Thu Jul 20, 2006 3:31 pm |
|
Have you been able to confirm that it's getting into:
Code:if ($op == "SaveWar") {
// Validations go here
|
If not, insert something like die("Inside SaveWar"); after the // Validations go here comment.
You can continue to debug from there... |
_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
|
Donovan
|
| Posted:
Thu Jul 20, 2006 8:00 pm |
|
Yes I am getting inside if ($op == "SaveWar") { |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Thu Jul 20, 2006 8:32 pm |
|
Ok this is probably way off base, but isnt $adminfile defined as admin.php?
I dont know but thought perhaps that variable being used in nuke may be your problem.
But that probably isnt the solution either.
As for the short tags being disabled on a server. Yes very possible.
To work around this, use the long tag which works either enviroment(<?php)
the clsing tag is still ?>
Hope someone is able to help more then I. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
  
 |
|
kguske
|
| Posted:
Thu Jul 20, 2006 9:37 pm |
|
If $adminfile wasn't defined, he wouldn't be getting inside...
So there must be something happening in the SQL that isn't working. Stop the process (use the same die command) just before executing the SQL statements (go through each one) and try executing the current SQL statement in phpMyAdmin to see what errors occur (would could also display the MySQL error in PHP, but that's a bit more complicated). |
| |
|
|
|
|
Donovan
|
| Posted:
Thu Jul 20, 2006 9:56 pm |
|
| kguske wrote: | | If $adminfile wasn't defined, he wouldn't be getting inside... |
hmmm..
As a test I took out the $admin_file in the global declaration on my script.
global $module_name, $db, $prefix, $bgcolor1, $bgcolor2;
Added the die("Inside SaveWar"); after the
if ($op == "SaveWar") {
And was still "Inside SaveWar" after I submitted.
$admin_file is global in my admin/index.php so I guess that is where it gets it.
Is there anything wrong with my case statment in my admin/index.php
Code:/* If you are not an admin, get out of here... */
if ($row2['radminsuper'] == 1 || $auth_user == 1) {
switch($op) {
case "milpacs":
case "ViewMainInfo":
milpacs();
break;
case "UpdateInfo":
case "EditInfo":
include("modules/$module_name/admin/editinfo.php");
break;
case "AddMedal":
case "NewMedal":
include("modules/$module_name/admin/addmedal.php");
break;
case "EditMedal":
case "SaveMedal":
include("modules/$module_name/admin/editmedal.php");
break;
case "DelMedal":
case "ConfirmDelMedal":
include("modules/$module_name/admin/delmedal.php");
break;
case "AddRank":
case "NewRank":
include("modules/$module_name/admin/addrank.php");
break;
case "EditRank":
case "SaveRank":
include("modules/$module_name/admin/editrank.php");
break;
case "AddSoldier":
case "NewSoldier":
include("modules/$module_name/admin/addsoldier.php");
break;
case "EditSoldier":
case "SaveSoldier":
include("modules/$module_name/admin/editsoldier.php");
break;
case "DelSoldier":
case "ConfirmDelSoldier":
include("modules/$module_name/admin/delsoldier.php");
break;
case "AddWeapon":
case "NewWeapon":
include("modules/$module_name/admin/addweapon.php");
break;
case "EditWeapon":
case "SaveWeapon":
include("modules/$module_name/admin/editweapon.php");
break;
case "DelWeapon":
case "ConfirmDelWeapon":
include("modules/$module_name/admin/delweapon.php");
break;
case "ServiceRecord":
include("modules/$module_name/admin/servicerecord.php");
break;
case "EditServiceRecord":
case "SaveServiceRecord";
include("modules/$module_name/admin/editservicerecord.php");
break;
case "DelServiceRecord":
include("modules/$module_name/admin/delservicerecord.php");
break;
case "AddServiceRecord":
case "NewServiceRecord":
include("modules/$module_name/admin/addservicerecord.php");
break;
case "MedalRecord":
include("modules/$module_name/admin/medalrecord.php");
break;
case "EditMedalRecord":
case "SaveMedalRecord":
include("modules/$module_name/admin/editmedalrecord.php");
break;
case "AddMedalRecord":
case "NewMedalRecord":
include("modules/$module_name/admin/addmedalrecord.php");
break;
case "DelMedalRecord":
include("modules/$module_name/admin/delmedalrecord.php");
break;
case "AddDrillReport":
include("modules/$module_name/admin/adddrillreport.php");
break;
case "AddUnit":
case "NewUnit":
include("modules/$module_name/admin/addunit.php");
break;
case "EditUnit":
case "SaveUnit":
include("modules/$module_name/admin/editunit.php");
break;
case "DelUnit":
case "ConfirmDelUnit":
include("modules/$module_name/admin/delunit.php");
break;
case "AddSubUnit":
case "NewSubUnit":
include("modules/$module_name/admin/addsubunit.php");
break;
case "EditSubUnit":
case "SaveSubUnit":
include("modules/$module_name/admin/editsubunit.php");
break;
case "DelSubUnit":
case "ConfirmDelSubUnit":
include("modules/$module_name/admin/delsubunit.php");
break;
case "AddAdminUnit":
case "NewAdminUnit":
include("modules/$module_name/admin/addadminunit.php");
break;
case "SaveAdminUnit":
case "EditAdminUnit":
include("modules/$module_name/admin/editadminunit.php");
break;
case "DelAdminUnit":
case "ConfirmDelAdminUnit":
include("modules/$module_name/admin/deladminunit.php");
break;
case "AddDrillReport":
case "NewDrillReport":
include("modules/$module_name/admin/adddrillreport.php");
break;
case "EditDrillReport":
case "SaveDrillReport":
include("modules/$module_name/admin/editdrillreport.php");
break;
case "EditWar":
case "SaveWar":
include("modules/$module_name/admin/editwar.php");
break;
}
} else {
include("header.php");
GraphicAdmin();
OpenTable();
echo "<center><b>"._ERROR."</b><br><br>You do not have administration permission for module \"$module_name\"</center>";
CloseTable();
include("footer.php");
}
|
|
| |
|
|
|
|
gregexp
|
| Posted:
Thu Jul 20, 2006 10:09 pm |
|
What I meant, doesnt NUKE already define $admin_file within config.php?
Im thinking one part of the code error would be that it is using a predifined variable.
I may be completely off base as I have not looked at the extent in which $admin_file is used but I do know on the versions of nuke I have config.php uses it to set the admin file of nuke(normally admin.php). |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Thu Jul 20, 2006 10:14 pm |
|
$admin_file is defined in config.php
config.php is included in mainfile.php |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Thu Jul 20, 2006 10:16 pm |
|
| Quote: |
I may be completely off base as I have not looked at the extent in which $admin_file is used but I do know on the versions of nuke I have config.php uses it to set the admin file of nuke(normally admin.php).
|
"D", this is the line in config.php:
$admin_file = 'admin';
It does NOT include the extension... |
_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
|
Donovan
|
| Posted:
Fri Jul 21, 2006 7:57 am |
|
I added error checking in my SaveWar.
Code:if ($op == "SaveWar") {
// Get initial vwar data for all finished wars (status = 1)
$result1 = $db->sql_query("SELECT * FROM vwar" . $n . " v JOIN vwar" . $n . "_opponents vo JOIN vwar" . $n . "_matchtype vmt WHERE v.status = 1 AND v.oppid = vo.oppid AND warid = '$warid'");
if (!$result1) {
echo("<p>Error Accessing war data!" . mysql_error() . "</p>");
}
// Get opponent info and member info for active soldiers
while ($row = $db->sql_fetchrow($result1)) {
$oppid = $row["oppid"];
$sql = "SELECT mm.uniqueid, mm.unit_id, mm.position, mr.rank_abbr, mm.u_name FROM " . $prefix . "_milpacs_members mm JOIN " . $prefix . "_milpacs_ranks mr WHERE mm.rank_id = mr.rank_id AND mm.unit_id != '' AND mm.status IN ('Active','LOA') ORDER BY mr.rank_order ";
$result = $db->sql_query($sql);
//Get checkbox status for each uniqueid
while ( $row = $db->sql_fetchrow($result) ) {
$uniqueid = $row["uniqueid"];
if ($warstatus[$uniqueid] == "Yes") {
$result2 = $db->sql_query("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = '$warid' AND uniqueid='$uniqueid'");
if (!$result2) {
echo("<p>Error Accessing warid and uniqueid data!" . mysql_error() . "</p>");
}
//Insert checkbox values into database
if ($myrow2 = $db->sql_fetchrow($result2)){
} else {
$sql = "INSERT INTO " . $prefix . "_milpacs_combat (warid, uniqueid, oppid) VALUES ($warid, $uniqueid, $oppid)";
$result3 = $db->sql_query ($sql);
if (!$result3) {
echo("<p>Error Inserting War Data!" . mysql_error() . "</p>");
}
}
} else {
//Delete checkbox values from database
$result2 = $db->sql_query("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = " . $warid . " AND uniqueid = " . $uniqueid);
if ($myrow2 = $db->sql_fetchrow($result2)){
$result3 = $db->sql_query("DELETE FROM " . $prefix . "_milpacs_combat WHERE warid = '$warid' AND uniqueid = '$uniqueid'");
if (!$result3) {
echo("<p>Error Deleting War Data!" . mysql_error() . "</p>");
}
}
}
}
}
}
|
I am still getting the same result. No errors, but the page just refreshes.
The last time this page was working was June 4 2006.
Confused??? |
| |
|
|
|
|
gregexp
|
| Posted:
Fri Jul 21, 2006 4:01 pm |
|
Ok perhaps Either I'm just not getting it, or I'm not being clear enough.
In this code I see <form name=\"editwar\" action=\"".$admin_file.".php\" method=\"post\">
This is predefined in nuke so I was thinking that on submit it would Try to run the code against admin.php and I believe he wants it to run against the script.
Perhaps I'm wrong, Its and itch I need to scratch so to say. |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Fri Jul 21, 2006 5:54 pm |
|
Without digging all the way into this, here is a sample the error code that I use in my custom modules:
Code:
$sql = "SELECT username, user_email FROM ".$user_prefix."_users WHERE user_id='$uid'";
if( !($result = $db->sql_query($sql)) )
{
$error = $db->sql_error();
$msg = $error[xcode] . ' ' . $error[message];
$msg .= "<br> for the following sql: ".$sql."";
die($msg);
}
|
I'm not sure if your error reporting would work if there was an error or not but you might want to give this a shot with your SQL. It might not make any difference but it does use the standard objects that come with Nuke. Note: the xcode that appears inside the quoted code has to be changed to "code". Having "code" inside square parentheses confuses the Forum software. |
| |
|
|
|
|
montego
|
| Posted:
Sat Jul 22, 2006 8:02 am |
|
| darklord wrote: | Ok perhaps Either I'm just not getting it, or I'm not being clear enough.
In this code I see <form name=\"editwar\" action=\"".$admin_file.".php\" method=\"post\">
This is predefined in nuke so I was thinking that on submit it would Try to run the code against admin.php and I believe he wants it to run against the script.
Perhaps I'm wrong, Its and itch I need to scratch so to say. |
Darklord, this is correct. He has another input object at the end which defines the $op variable so that admin.php will find the appropriate module's case statements, etc.... |
| |
|
|
|
|
gregexp
|
| Posted:
Sat Jul 22, 2006 3:34 pm |
|
Ok, I'm no help and completely lost.
I'm confused at how admin.php can process the script is what I am saying.
But I do know that my knowledge is limited,
so perhaps this is setup correctly, I just had the idea that admin.php would not process the input and therefore would just simply redirect it to the admin panel.
To me personally, I would not have this itch to scratch if lets say the action was set to $admin_file.php?op=something
or something like that, perhaps Im way off track, and you all are saying I am so.... |
| |
|
|
|
|
gregexp
|
| Posted:
Sat Jul 22, 2006 3:37 pm |
|
ahh now I see what you mean, montego, . But wouldnt the admin.php need to get it or post it in order to process it? |
| |
|
|
|
|
montego
|
| Posted:
Mon Jul 24, 2006 6:47 am |
|
| Quote: |
As a test I took out the $admin_file in the global declaration on my script.
global $module_name, $db, $prefix, $bgcolor1, $bgcolor2;
Added the die("Inside SaveWar"); after the
if ($op == "SaveWar") {
And was still "Inside SaveWar" after I submitted.
|
Darklord, this is what I am basing my statements on. If Donovan hadn't already validated that he was getting into SaveWar, maybe....
Donovan, have not heard from you in awhile on this. I believe that I even gave you another method of checking for SQL errors in your other thread. Was hoping to hear back what you have found. |
| |
|
|
|
|
gregexp
|
| Posted:
Mon Jul 24, 2006 7:03 pm |
|
if ($warstatus[$uniqueid] == "Yes") {
$result2 = $db->sql_query ("SELECT * FROM " . $prefix."_milpacs_combat WHERE warid = '$warid' AND uniqueid='$uniqueid'");
Where is $warstatus, Nowhere else in this script is it called from, Do you set it in another script?
Same for $myrow2 |
| |
|
|
|
|
Donovan
|
| Posted:
Mon Jul 24, 2006 8:57 pm |
|
My $admin_file is not working on this page.
This...
Code:. "<form name=\"editwar\" action=\"admin.php?op=EditWar&warid=$warid\" method=\"POST\">"
|
...does work, so I left it and moved on to something else.
*scratches head*
I have several pages in my module that was using $admin_file perfectly but for this one page.
Here is one for adding a rank that works great.
Code:echo " <form name=\"addrank\" action=\"".$admin_file.".php\" method=\"post\">";
|
|
| |
|
|
|
|
montego
|
| Posted:
Mon Jul 24, 2006 9:52 pm |
|
Well, don't know what to say. At first it sounded like it worked and you got into the script and even into the IF. Was just going by what was said...
Sorry that I was of absolutely no help whatsoever.  |
| |
|
|
|
|
Donovan
|
| Posted:
Tue Jul 25, 2006 7:57 am |
|
| montego wrote: |
Sorry that I was of absolutely no help whatsoever. |
You have been tons of help Montego. Don't ever think your not.
I just couldnt figure out why one way works and the other doesn't. It was my bad for giving up so easily and moving on to something else. I will revist it soon.
I would like to pursue getting my module quality control checked for security purposes. I want to make sure I am not opening holes up into peoples websites. |
| |
|
|
|
|
gregexp
|
| Posted:
Tue Jul 25, 2006 12:32 pm |
|
I must admit, I have absolutely no clue how it was supposed to work in the first place, This might have something to do with the fact that I have limited knowledge.
This has been a nice, yet confusing, learning experience.
Hope all goes well. |
| |
|
|
|
|
montego
|
| Posted:
Wed Jul 26, 2006 8:56 am |
|
| Quote: |
I would like to pursue getting my module quality control checked for security purposes. I want to make sure I am not opening holes up into peoples websites.
|
The trouble that I think you may have with this is folks taking on the "liability", and I am not talking legal liability. There are reputations to uphold. Not saying you won't find someone, just giving you a potential constraint. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
