|
PHP - $this-> Bugs Me
I have a lot of these in my script that work on my old server but dont on my new one.
$this-> Is there a work around? I dont have the money i used to so cant afford a scripter to help and i can do basic php but i dont know what they are and google isnt much help 8-( Thanks Similar TutorialsHi all i am working on forum and i am close to testing stage and right now i am fighting serious bugs with $_GET ... http://hostings.flush.ws/?section=forumview&id=1 [you can manipulate the values and create unknown threads in unknown forums ] http://hostings.flush.ws/?section=forumthreadsubmit&id=1 [you can manipulate the values and create unknown threads ] also can mix both and get like backdoor trojan without admin knowledge if ($id = ((isset($_GET['id'])) && (ctype_digit($_GET['id'])) ? (int)$_GET['id'] : '')) { true; } else { echo $redirect.false; } Sow if somebody could show example how to counter attack value changing You can login in web with user help pass help12 address http://hostings.flush.ws/?section=news I'm more of a php hobbiest having learned most of what I use from experimenting on our page. I just switched servers from Total choice hosting to Godaddy and now some of my functions are not working. The 2 biggest a On our where to play page the default that loads is our All page and that works but then people are supposed to be allowed to change types at the top and then hit select and pull up that page. The function loads up the folder properly but when you press Select City it just reloads the All page. I still have access to the old server till the end of the month in order to get files and anything else that I may have forgotten to copy over. Is there maybe a php file I should have brought over and forgot? The other big difference I noticed my old page was stored in public_html the new one is stored in the root directory. The page was originally created outside and I have maintained it for the last 5 years so I have been following behind the old code and didn't do the foundation myself. Thank you for any help you can give. The Code I have for these functions is: <?php echo "<form method=POST action=$PHP_SELF> <select name=\"selected_city\"> <option value=\"\"></option>"; //check files in directory if ($handle = opendir('locations/')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { echo $file; $file = substr($file, 0, -4); echo "<option value=" . $file . ">$file</option>"; } } closedir($handle); } ?> </select> <input type="submit" name="submit" value="Select City" /> </form> <?php DEFINE('LOG_DIR', $_SERVER['DOCUMENT_ROOT'].'/locations/'); //if this is the first visit to this page, display the default city. if ($submit){ if($_POST['selected_city'] == ""){ echo "<p>No city selected, please try again.</p>"; exit; } $selected_city = $_POST['selected_city']; } else{ //default city - must match csv filename exactly prior to appending extension $selected_city = "All"; } echo "<p>$selected_city</p>"; $filename = $selected_city . ".csv"; $file = file(LOG_DIR.$filename); ?> The other big announce is that our front page has a news feed that I update through another page that edits and deletes and adds to the notepad file that is read by the front page. I have the notepad files permissions set to 777 but when I use the update it doesn't do anything. The code for this page is: <?php include "header.php" ?> <td width="75%" id="maincontain" class="main"> <?php include "adminbar.php" ?> <hr /> <?php if($action == "edit" && isset($HTTP_POST_VARS['password'])) { if($HTTP_POST_VARS['password'] == "gonews") { //Recompile that line with the pipe symbols so we can reinsert it $line = $HTTP_POST_VARS['date'] . "|" . $HTTP_POST_VARS['title']; $line .= "|" . $HTTP_POST_VARS['news']; $line = str_replace("\r\n","<BR>",$line); $line .= "\r\n"; $line = stripslashes($line); $data = file('news.txt'); $data[$id] = $line; //the next line makes sure the $data array starts at the beginning reset($data); //now we open the file with mode 'w' which truncates the file $fp = fopen('news.txt','w'); foreach($data as $element) { fwrite($fp, $element); } fclose($fp); echo "Item Edited!<BR><BR>\n"; echo "<a href=\"$PHP_SELF\">Go Back</a>\n"; exit; } else { echo "Bad password!\n"; exit; } } if($action == "edit") { $data = file('news.txt'); $element = trim($data[$id]); $pieces = explode("|", $element); //the next line is to reverse the process of turning the end of lines into breaking returns $news = str_replace("<BR>","\r\n",$pieces[2]); echo "Make the changes you would like and press save.<BR>\n"; echo "<FORM ACTION=\"$PHP_SELF?action=edit\" METHOD=\"POST\" NAME=\"editform\">\n"; echo "Title:<BR>\n"; echo "<INPUT TYPE=\"text\" SIZE=\"30\" NAME=\"title\" value=\"".$pieces[1]."\"><BR>\n"; echo "The News:<BR>\n"; echo "<TEXTAREA NAME=\"news\" COLS=\"40\" ROWS=\"5\">".$news."</TEXTAREA><BR><BR>\n"; echo "Password:<BR>\n"; echo "<INPUT TYPE=\"password\" SIZE=\"30\" NAME=\"password\"><BR>\n"; echo "<INPUT TYPE=\"hidden\" NAME=\"date\" VALUE=\"".$pieces[0]."\">\n"; echo "<INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; echo "<INPUT TYPE=\"submit\" NAME=\"submit\" VALUE=\"Save\"><BR>\n"; echo "</FORM>\n"; exit; } if($action == "delete" && isset($HTTP_POST_VARS['password'])) { if($HTTP_POST_VARS['password'] == "nonews") { $data = file('news.txt'); //this next line will remove the single news item from the array array_splice($data,$id,1); //now we open the file with mode 'w' which truncates the file $fp = fopen('news.txt','w'); foreach($data as $element) { fwrite($fp, $element); } fclose($fp); echo "Item deleted!<BR><BR>\n"; echo "<a href=\"$PHP_SELF\">Go Back</a>\n"; exit; } else { echo "Bad password!\n"; exit; } } if($action == "delete") { echo "<H2>You are about to delete the following news item.</H2>\n"; $data = file('news.txt'); $element = trim($data[$id]); $pieces = explode("|", $element); echo $pieces[2] . "<BR>" . "<b>Posted by " . $pieces[1] . " on " . $pieces[0] . "</b>\n"; echo "<BR><BR>\n"; echo "Are you sure you want to delete this news item? If so, enter the password and click on Delete.<BR>\n"; echo "<FORM ACTION=\"$PHP_SELF?action=delete\" METHOD=\"POST\" NAME=\"deleteform\">\n"; echo "Password:<BR>\n"; echo "<INPUT TYPE=\"password\" SIZE=\"30\" NAME=\"password\"><BR>\n"; echo "<INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n"; echo "<INPUT TYPE=\"submit\" NAME=\"submit\" VALUE=\"Delete\"><BR>\n"; echo "</FORM>\n"; ?> </td> </tr> </table> <br /> <?php include "footer.php"; exit; } ?> <?php $data = file('news.txt'); //next line removed to make everything else easier in the admin script //$data = array_reverse($data); foreach($data as $key=>$element) { $element = trim($element); $pieces = explode("|", $element); echo "<strong>" . $pieces[1] . "</strong> - <font color=\"DF9D00\" size=\"1\">" . $pieces[0] . "</font><BR>" . $pieces[2] . "<br /><br />"; echo " <a href=\"$PHP_SELF?action=delete&id=$key\">Delete</a>\n"; echo " <a href=\"$PHP_SELF?action=edit&id=$key\">Edit</a>\n"; echo "<hr><BR>\n"; } echo "<HR>\n"; echo "<H4><u>Add News</u></H4>\n"; if($HTTP_POST_VARS['submit']) { if($HTTP_POST_VARS['password'] == 'gonews') { if(!$HTTP_POST_VARS['title']) { echo "You must enter a Title"; exit; } if(!$HTTP_POST_VARS['news']) { echo "You must enter some news"; exit; } if(strstr($HTTP_POST_VARS['title'],"|")) { echo "Title cannot contain the pipe symbol - |"; exit; } if(strstr($HTTP_POST_VARS['news'],"|")) { echo "News cannot contain the pipe symbol - |"; exit; } $fp = fopen('news.txt','a'); if(!$fp) { echo "Error opening file!"; exit; } $line = date("m.d.y") . "|" . $HTTP_POST_VARS['title']; $line .= "|" . $HTTP_POST_VARS['news']; $line = str_replace("\r\n","<BR>",$line); $line .= "\r\n"; $line = stripslashes($line); fwrite($fp, $line); if(!fclose($fp)) { echo "Error closing file!"; exit; } echo "<b>News added!</b>\n"; } else { echo "Bad Password"; } } ?> <FORM ACTION="<?=$PHP_SELF?>" METHOD="POST" NAME="newsentry"> Your Title:<BR> <INPUT TYPE="text" SIZE="30" NAME="title"><BR> The News:<BR> <TEXTAREA NAME="news" COLS="40" ROWS="5"></TEXTAREA><BR><BR> News Password:<BR> <INPUT TYPE="password" SIZE="30" NAME="password"><BR> <INPUT TYPE="submit" NAME="submit" VALUE="Post it!"><BR> </FORM> </td> <?php include "footer.php" ?> My problem could be odd if say it but i will spill it out, only don't say I am mad completely jut a bit ! 1.when comment is first in whole news if i press edit appear html form but if i am trying to submit any information it returns to comments and don't update ! 2.if there were more than one comment in news if i press edit appear html forms 1.not working | 2.working and do updates | 3.were appear but is gone but not sure does bug will return also not working ! Sample how it looks ! This is indeed odd hope somebody has knowledge in such issues or at least a cure for such severe bug website http://hostings.flush.ws/ user guest password guest11 | to test bug go to the news comments and spam as much needed ! Link to edit code Code: [Select] echo "<a href='/?section=nwcomment&id=".$id."&comment=edit&id_edit=".$row_news_comment['hosting_comment_id']."'>Edit Comment</a>"; Update code as far i know it is correct at least i do hope sow (also this code is inside while cycle ) Code: [Select] if ($_GET['comment'] == 'edit') { $comment_id_edit = (INT)$_GET['id_edit']; $comment_text = $row_news_comment['hosting_comment_text']; $edit_comment_text = $_POST['hosting_comment_text']; if(isset($_POST['hosting_comment_text'])) { mysql_query("UPDATE hosting_comment SET hosting_comment_text = '".$edit_comment_text."' WHERE hosting_comment_id = '".$comment_id_edit."' ") or die (mysql_error()); } if (isset($_POST['Submit'])) { echo "<meta http-equiv='REFRESH' content='0;url=/?section=nwcomment&id=".$id."'>"; } echo ("<form action='/?section=nwcomment&id=".$id."&comment=edit&id_edit=".$comment_id_edit."'' id='edit_comment' name='edit_comment' method='post'> <p> <textarea name='hosting_comment_text' cols='50' rows='10' id='textarea' value='$edit_comment_text' ></textarea> <p> <input type='submit' name='Submit' id='button' value='{$lang['BODY_NEWS_COMMENT_SUBMIT']}' /> <input type='reset' name='Reset' id='button' value='{$lang['BODY_NEWS_COMMENT_RESET']}' /> </p> </form>"); } if is needed more complete code just ask i will publish it (i hope to fix bug as soon possible grand opening of registration will be on the Aprils Fools Day) |
|||||||