NineChime forum

Furry stuff, oekaki stuff, and other stuff.

You are not logged in.

Post a reply

Write your message and submit
Options
Humanity test

What is six + four?

Go back

Topic review (newest first)

Waccoon
03-25-2006 07:52:47

Try this one:

Code:

<?php

include('globals.php');


/* Application Send */
if ($Apply == 'Send') {
    // Security
    $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'");
    $user = mysql_fetch_array($result);

    if ($OekakiPass == $user['usrpass']) {
        // Get owner name
        $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'");
        $owner = mysql_fetch_array($result);
        $numrows = mysql_num_rows($result);

        if ($numrows != 0) {
            // Send application to owner
            // $body = slash_it($_POST['body']);
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()");

            // Send notification to applicant
            $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}.  Please wait for approval.";
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()");

            all_done('applythanks.php');
        } else {
            report_err('Owner mailbox cannot be found!');
        }
    } else {
        report_err('You need to be logged in to send applications.');
    }
}
report_err('Bad POST data.  Owner: check form syntax.');

?>

First of all, you're using the wrong SQL resource ("$result2" instead of "$result").  Second, there's no language import, so the language error "$langop_functions_err10" is blank.  I replaced that with a normal error message.

Wax 5.5.6 now has the dbconn and config imports in globals.php, so those includes should be removed.  Also, the errorCheck() function doesn't exists in globals.php, as it is only defined in functions.php.

Pinkie
03-25-2006 03:31:16

Ok....well, after abandoning my advanced oekaki for a bit, I decided to re-open it.

It's the latest version of Wax Poteto, and I'd like to re-install the apply page script. When I try to submit somethign, I get returned to the error page, but no error is shown (basically, a blank error page).

These are my files:

apply.php

Code:

<?php
/*
Wax Poteto by Marc "Waccoon" Leveille, http://www.NineChime.com/products/
Version 5.5.6 - Last modified 3/13/2006

NOTE: this file is not officially part of OekakiPoteto 5.x.
*/


require ('globals.php');


// Security
$result = mysql_query ("SELECT usrpass, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'");
$row = mysql_fetch_array ($result);
$usrflags = $row['usrflags'];

$is_admin = 0;
if (check_flag('O') || check_flag('S') || check_flag('A')) {
    $is_admin = 1;
}
if ($OekakiPass != $row['usrpass'] || !($is_admin || check_flag('G'))) {
    report_err('You do not have the credentials to apply for the advanced oekaki.');
}


?>


<?

include('header.php');

if($action == 'reply'){
    $result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'");
    $row = mysql_fetch_array($result);
}

?>
<form name="form1" method="post" action="functions_apply.php">
    <table width="<?=$hWidth?>" cellpadding="<?=$hCellPadding?>" align="center">
    <tr>
    <td class="infotable">
        <font size="-2">
            
        </font>
    </td>
    </tr>

    <tr>
    <td>
        <table width="100%" border="0" cellspacing="0" cellpadding="2">
         <tr>
        <td class="header">
            <strong><?=$langop_sendm_title?></strong>
        </td>
        </tr>

        <tr>
        <td>
            <table width="75%" border="0" align="center" cellpadding="2" cellspacing="0" class="infotable">


            <tr>
            <td>&nbsp;</td>
            </tr>

            <tr>
            <td>&nbsp;</td>
            </tr>

            <tr>
              <td height="44">
                Advanced URL: 
                <em>Enter a URL to ONE picture so that an admin may view it and see if it's up to 

standards.</em></td>
            </tr>

            <tr>
            <td>
                <input name="body" type="text" class="txtinput" id="body" style="width:100%;" value="http://" 

size="40" maxlength="255">
            </td>
            </tr>

<? if($action == 'reply') { ?>
            <tr>
            <td>
                <input type="hidden" name="MID" value="<?=$MID?>" />
                <input type="hidden" name="action" value="reply" />
            </td>
            </tr>

<? } ?>
            <tr>
            <td>
                <input name="Apply" type="submit" id="Apply" value="Send" class="submit" />
            </td>
            </tr>
            </table>
        </td>
        </tr>
        </table>
    </td>
    </tr>
    </table>
</form>
<br />

<? include('footer.php'); ?>

functions_apply.php

Code:

<?php

include('globals.php');
include('config.php');
include('dbconn.php');


/* Application Send */
if ($Apply == 'Send') {
    // Security
    $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'");
    $user = mysql_fetch_array($result2);

    if ($OekakiPass == $user['usrpass']) {
        // Get owner name
        $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'");
        $owner = mysql_fetch_array($result);
        $numrows = mysql_num_rows($result);

        if ($numrows != 0) {
            // Send application to owner
            // $body = slash_it($_POST['body']);
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', 

reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()");

            // Send notification to applicant
            $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}.  Please wait for 

approval.";
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', 

reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()");

            errorCheck('applythanks.php');
        } else {
            @mysql_close ($dbconn);
            header ('Location: error.php?error='.urlencode('Owner mailbox cannot be found!'));
            exit;
        }
    } else {
        @mysql_close ($dbconn);
        header ('Location: error.php?error='.urlencode($langop_functions_err10));
        exit;
    }
}
header ('Location: error.php?error='.urlencode('Bad POST data.  Owner: check form syntax.'));
exit;

?>

do you have any idea what's wrong?

Pinkie
01-16-2006 13:11:40

It works now big_smile Thank you once again!

Waccoon
01-15-2006 19:32:02

Your SQL resource is wrong.

Code:

$result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'");
$user = mysql_fetch_array($result2);

Note that you are using $result to get a query, but $result2 to fetch the data.  Change them both to the same variable.

Gotta watch for these things, buddy.  wink

Pinkie
01-15-2006 13:09:28

I changedit...but I get this:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 12

Warning: Cannot modify header information - headers already sent by (output started at /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php:12) in /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 37

Just to make certain, this is the code of my apply_functions.php:

Code:

<?php

include('globals.php');
include('config.php');
include('dbconn.php');


/* Application Send */
if ($Apply == 'Send') {
    // Security
    $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'");
    $user = mysql_fetch_array($result2);

    if ($OekakiPass == $user['usrpass']) {
        // Get owner name
        $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'");
        $owner = mysql_fetch_array($result);
        $numrows = mysql_num_rows($result);

        if ($numrows != 0) {
            // Send application to owner
            // $body = slash_it($_POST['body']);
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()");

            // Send notification to applicant
            $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}.  Please wait for approval.";
            $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()");

            errorCheck('applythanks.php');
        } else {
            @mysql_close ($dbconn);
            header ('Location: error.php?error='.urlencode('Owner mailbox cannot be found!'));
            exit;
        }
    } else {
        @mysql_close ($dbconn);
        header ('Location: error.php?error='.urlencode($langop_functions_err10));
        exit;
    }
}
header ('Location: error.php?error='.urlencode('Bad POST data.  Owner: check form syntax.'));
exit;

?>
Waccoon
01-14-2006 19:44:42

Oops.  Your POST value is wrong.  smile

In functions_apply.php, change this:

Code:

if($Apply == 'Apply'){

to this:

Code:

if($Apply == 'Send'){

When you have an input tag formatted as a submit button, the "value" field is what will be printed on the button, as well as is what will be sent to the script.

Pinkie
01-14-2006 06:46:38

>< ack.... I typed in a URL of an image and I get the following error message:

Bad POST data. Owner: check form syntax.


I'm sure I overwritten the file that you gave me. I have no idea wha could have caused it....

Waccoon
01-02-2006 23:52:49

Brace yourself, we're in for some fun.  smile

I was pretty apprehensive about editing the 'mailbox send' code becuase I don't want to mess up my database too much.

You should delete the code that updates the MID (if($action == 'reply'){).  There is no existing message to update (reply), we're simply adding a new one.  The code you have now will always mark message #0 to "reply".

Also, how can I do it so that after a user subits they are redirected to applythanks.php for example?

There are two functions that handle redirects automatically, all_done() and errorCheck().

all_done() will close the database and redirect to the page specified, or index.php if nothing is defined.  You may use it as all_done('mypage.php'), or simply all_done() to redirect to index.php.

errorCheck() is from Oekaki Poteto.  It is identical to all_done() except that If there is a database error, it will redirect to error.php and print a message.  If there is no database error, it will redirect to the page you have defined.  You'd want to use errorCheck('applythanks.php');.  all_done() will work, but in this case, errorCheck() would be better.

When running the scipt I get the following error message:

Your code is indented incorrectly right after //$subject = slash_it();, so you have an extra closing bracket at the very end of the file that shoulnd't be there.  The code should be reformatted for security reasons, so I'll do that.

Oh, and I have a question regarding PHP. On the line: body='$body' why don't you have to define the string? Why is it that you don't add somewhere before the 'insert into mySQL' bit $body = $_REQUEST['body'] ? Or is that defined somewhere else in functions.php... or is body='$body' a short-hand way of writing that? Just wondering...

Yes, that's short-hand, and it's very bad practice that has been going on in the PHP world for a long time.

Old versions of PHP used to automatically assign GET or POST data to varialbles, so if you had a <input name="me" value="you" /> in your form, once the form was submitted, the PHP script would automatically have the variable $me defined with the value 'you'.  This is called Registered Globals, and it's very, very bad.

New versions of PHP have this turned off, and all variables must be defined manually, with a statement like, $me = addslashes($_POST['me']);

Oekaki Poteto doesn't filter its POST data correctly, which is why globals.php was added.  It allows Oekaki Poteto to run on servers with registered globals turned off.  I've fixed all these problems in Wacintaki, but Wax still has a lot of this stuff left over.

To make matters worse, PHP also supports something called "magic quotes" that handles addslashes() automatically.  This causes even more problems, because while adding slashes keeps dangerous code from being put in the database, it's possible that slashes can be added twice, which isn't good.  globals.php also takes care of this with my custom function slash_it().  It makes sure slashes are added only once, regardless of the setting for magic quotes.

I'm afraid PHP was designed for newbies, and just grew into a "real" language, so today a lot of people have to un-learn old PHP and learn new PHP.  Registered globals, magic quotes, and other bad techniques just have to be tolerated and hacked.

The good news is, globals.php does all this for you.  Just use $body, or $_POST['body'], and you'll be fine.  You don't have to worry about slashes and other stuff, though maintaining the code in the future can be confusing.  wink

Your form code is fine.  Here's an updated functions_apply.php.  I haven't tested it, so use it with caution.  But, I'm pretty sure it'll work as expected.  It automatically finds out the owner name, sends the application, sends a confirmation to the applicant, and redirects to applythanks.php.

sfox8
01-02-2006 21:12:51

I tried the script on my board and I got it to go to functions_apply.php but it won't send the mail or anything so I could try to come up with something that'll work for you ^^ I used an automated oemailing system for oevista.org's registration so I can probably fiddle with that a bit for you and make it work =3 (unless waccoon gets to it first xDD )

Pinkie
01-02-2006 04:56:53

I have an advanced oekaki, and I'd like to intergrate it with my other 4 boards. Creating extra flags is easy and so it

changing functions.php so it assigns people with that flag. And merging the datanase shouldn't be hard becuase I have hardly

any members anyway.

I've created an 'application' page which looks like this:

[http://] <-- text where people put a URL in
[Send] <-- button


I want it so that when a user hits 'send' an o-mail is sent to me (Pinkie) with the URL and obviously the sender as in

regular o-mails.


Here is part of the code in my apply.php page:

Code:

 
<form name="form1" method="post" action="functions_apply.php">
    <table width="<?=$hWidth?>" cellpadding="<?=$hCellPadding?>" align="center">
    <tr>
    <td class="infotable">
        <font size="-2">
            
        </font>
    </td>
    </tr>

    <tr>
    <td>
        <table width="100%" border="0" cellspacing="0" cellpadding="2">
         <tr>
        <td class="header">
            <strong><?=$langop_sendm_title?></strong>
        </td>
        </tr>

        <tr>
        <td>
            <table width="75%" border="0" align="center" cellpadding="2" cellspacing="0" class="infotable">
            

            <tr>
            <td>&nbsp;</td>
            </tr>

            
            <tr>
            <td>&nbsp;</td>
            </tr>

            <tr>
              <td height="44">
                Advanced URL: 
                <em>Enter a URL to ONE picture so that an admin may view it and see if it's up to 

standards.</em></td>
            </tr>

            <tr>
            <td>
                <input name="body" type="text" class="txtinput" id="body" style="width:100%;" value="http://" 

size="40" maxlength="255">
            </td>
            </tr>

<? if($action == 'reply') { ?>
            <tr>
            <td>
                <input type="hidden" name="MID" value="<?=$MID?>" />
                <input type="hidden" name="action" value="reply" />
            </td>
            </tr>

<? } ?>
            <tr>
            <td>
                <input name="Apply" type="submit" id="Apply" value="Send" class="submit" />
            </td>
            </tr>
            </table>
        </td>
        </tr>
        </table>
    </td>
    </tr>
    </table>
</form>

I want functions_apply.php to handle this form (becuase if any updates are made for WP it'll be quicker for me to edit

functions.php as I would have only made small changes)

Here is the full code of functions_apply.php:

Code:

<?php 
include_once('globals.php');

include('config.php');

include('dbconn.php');
?>

<?php
/* Application Send */
if($Apply == 'Apply'){
    //$body = slash_it();
    //$subject = slash_it();

        $result = mysql_query("SELECT usrname FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='Pinkie'");
        $row = mysql_fetch_array($result);
        $numrows = mysql_num_rows($result);
        
        if($numrows != 0){
            if($action == 'reply'){
                $result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekakimailbox SET mstatus='3' 

where MID='$MID'");
            }
            $result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', 

reciever='Pinkie', subject='Advanced Application', body='$body', senddate=NOW()");
            errorCheck('mailbox.php');
        } else {
            @mysql_close ($dbconn);
            header ('Location: error.php?error='.urlencode($langop_functions_err9));
            exit;
        }
    } else {
        @mysql_close ($dbconn);
        header ('Location: error.php?error='.urlencode($langop_functions_err10));
        exit;
    }
}
?>

I was pretty apprehensive about editing the 'mailbox send' code becuase I don't want to mess up my database too much. Also,

how can I do it so that after a user subits they are redirected to applythanks.php for example?

And what is this line mean? :     errorCheck('mailbox.php'); and can I remove it?

When running the scipt I get the following error message:

Parse error: parse error, unexpected '}' in

/home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 35

----------------------------------------------------


Oh, and I have a question regarding PHP. On the line: body='$body' why don't you have to define the string? Why is it that

you don't add somewhere before the 'insert into mySQL' bit $body = $_REQUEST['body'] ? Or is that defined somewhere else in

functions.php... or is body='$body' a short-hand way of writing that? Just wondering...


I would appreciate your help a lot. big_smile

Board footer

Yep, still running PunBB
© Copyright 2002–2008 PunBB