Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
Try this one:
<?php include('globals.php'); /* Application Send */ if ($Apply == 'Send') { // Security $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'"); $user = mysql_fetch_array($result); if ($OekakiPass == $user['usrpass']) { // Get owner name $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'"); $owner = mysql_fetch_array($result); $numrows = mysql_num_rows($result); if ($numrows != 0) { // Send application to owner // $body = slash_it($_POST['body']); $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()"); // Send notification to applicant $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}. Please wait for approval."; $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()"); all_done('applythanks.php'); } else { report_err('Owner mailbox cannot be found!'); } } else { report_err('You need to be logged in to send applications.'); } } report_err('Bad POST data. Owner: check form syntax.'); ?>
First of all, you're using the wrong SQL resource ("$result2" instead of "$result"). Second, there's no language import, so the language error "$langop_functions_err10" is blank. I replaced that with a normal error message.
Wax 5.5.6 now has the dbconn and config imports in globals.php, so those includes should be removed. Also, the errorCheck() function doesn't exists in globals.php, as it is only defined in functions.php.
Ok....well, after abandoning my advanced oekaki for a bit, I decided to re-open it.
It's the latest version of Wax Poteto, and I'd like to re-install the apply page script. When I try to submit somethign, I get returned to the error page, but no error is shown (basically, a blank error page).
These are my files:
apply.php
<?php /* Wax Poteto by Marc "Waccoon" Leveille, http://www.NineChime.com/products/ Version 5.5.6 - Last modified 3/13/2006 NOTE: this file is not officially part of OekakiPoteto 5.x. */ require ('globals.php'); // Security $result = mysql_query ("SELECT usrpass, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'"); $row = mysql_fetch_array ($result); $usrflags = $row['usrflags']; $is_admin = 0; if (check_flag('O') || check_flag('S') || check_flag('A')) { $is_admin = 1; } if ($OekakiPass != $row['usrpass'] || !($is_admin || check_flag('G'))) { report_err('You do not have the credentials to apply for the advanced oekaki.'); } ?> <? include('header.php'); if($action == 'reply'){ $result = mysql_query("SELECT * FROM ".$OekakiPoteto_MemberPrefix."oekakimailbox WHERE MID='$MID'"); $row = mysql_fetch_array($result); } ?> <form name="form1" method="post" action="functions_apply.php"> <table width="<?=$hWidth?>" cellpadding="<?=$hCellPadding?>" align="center"> <tr> <td class="infotable"> <font size="-2"> </font> </td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td class="header"> <strong><?=$langop_sendm_title?></strong> </td> </tr> <tr> <td> <table width="75%" border="0" align="center" cellpadding="2" cellspacing="0" class="infotable"> <tr> <td> </td> </tr> <tr> <td> </td> </tr> <tr> <td height="44"> Advanced URL: <em>Enter a URL to ONE picture so that an admin may view it and see if it's up to standards.</em></td> </tr> <tr> <td> <input name="body" type="text" class="txtinput" id="body" style="width:100%;" value="http://" size="40" maxlength="255"> </td> </tr> <? if($action == 'reply') { ?> <tr> <td> <input type="hidden" name="MID" value="<?=$MID?>" /> <input type="hidden" name="action" value="reply" /> </td> </tr> <? } ?> <tr> <td> <input name="Apply" type="submit" id="Apply" value="Send" class="submit" /> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </form> <br /> <? include('footer.php'); ?>
functions_apply.php
<?php include('globals.php'); include('config.php'); include('dbconn.php'); /* Application Send */ if ($Apply == 'Send') { // Security $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'"); $user = mysql_fetch_array($result2); if ($OekakiPass == $user['usrpass']) { // Get owner name $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'"); $owner = mysql_fetch_array($result); $numrows = mysql_num_rows($result); if ($numrows != 0) { // Send application to owner // $body = slash_it($_POST['body']); $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()"); // Send notification to applicant $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}. Please wait for approval."; $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()"); errorCheck('applythanks.php'); } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode('Owner mailbox cannot be found!')); exit; } } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode($langop_functions_err10)); exit; } } header ('Location: error.php?error='.urlencode('Bad POST data. Owner: check form syntax.')); exit; ?>
do you have any idea what's wrong?
It works now Thank you once again!
Your SQL resource is wrong.
$result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'"); $user = mysql_fetch_array($result2);
Note that you are using $result to get a query, but $result2 to fetch the data. Change them both to the same variable.
Gotta watch for these things, buddy.
I changedit...but I get this:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 12
Warning: Cannot modify header information - headers already sent by (output started at /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php:12) in /home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 37
Just to make certain, this is the code of my apply_functions.php:
<?php include('globals.php'); include('config.php'); include('dbconn.php'); /* Application Send */ if ($Apply == 'Send') { // Security $result = mysql_query("SELECT * FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrname='$OekakiU'"); $user = mysql_fetch_array($result2); if ($OekakiPass == $user['usrpass']) { // Get owner name $result = mysql_query("SELECT usrname, usrflags FROM {$OekakiPoteto_MemberPrefix}oekaki WHERE usrflags LIKE '%O%'"); $owner = mysql_fetch_array($result); $numrows = mysql_num_rows($result); if ($numrows != 0) { // Send application to owner // $body = slash_it($_POST['body']); $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='$OekakiU', reciever='{$owner['usrname']}', subject='Advanced Application', body='{$body}', senddate=NOW()"); // Send notification to applicant $body2 = "Your application to the advanced board has been sent to {$owner['usrname']}. Please wait for approval."; $result = mysql_query("INSERT INTO {$OekakiPoteto_MemberPrefix}oekakimailbox SET sender='{$owner['usrname']}', reciever='{$OekakiU}', subject='Advanced Application', body='{$body2}', senddate=NOW()"); errorCheck('applythanks.php'); } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode('Owner mailbox cannot be found!')); exit; } } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode($langop_functions_err10)); exit; } } header ('Location: error.php?error='.urlencode('Bad POST data. Owner: check form syntax.')); exit; ?>
Oops. Your POST value is wrong.
In functions_apply.php, change this:
if($Apply == 'Apply'){
to this:
if($Apply == 'Send'){
When you have an input tag formatted as a submit button, the "value" field is what will be printed on the button, as well as is what will be sent to the script.
>< ack.... I typed in a URL of an image and I get the following error message:
Bad POST data. Owner: check form syntax.
I'm sure I overwritten the file that you gave me. I have no idea wha could have caused it....
Brace yourself, we're in for some fun.
I was pretty apprehensive about editing the 'mailbox send' code becuase I don't want to mess up my database too much.
You should delete the code that updates the MID (if($action == 'reply'){). There is no existing message to update (reply), we're simply adding a new one. The code you have now will always mark message #0 to "reply".
Also, how can I do it so that after a user subits they are redirected to applythanks.php for example?
There are two functions that handle redirects automatically, all_done() and errorCheck().
all_done() will close the database and redirect to the page specified, or index.php if nothing is defined. You may use it as all_done('mypage.php'), or simply all_done() to redirect to index.php.
errorCheck() is from Oekaki Poteto. It is identical to all_done() except that If there is a database error, it will redirect to error.php and print a message. If there is no database error, it will redirect to the page you have defined. You'd want to use errorCheck('applythanks.php');. all_done() will work, but in this case, errorCheck() would be better.
When running the scipt I get the following error message:
Your code is indented incorrectly right after //$subject = slash_it();, so you have an extra closing bracket at the very end of the file that shoulnd't be there. The code should be reformatted for security reasons, so I'll do that.
Oh, and I have a question regarding PHP. On the line: body='$body' why don't you have to define the string? Why is it that you don't add somewhere before the 'insert into mySQL' bit $body = $_REQUEST['body'] ? Or is that defined somewhere else in functions.php... or is body='$body' a short-hand way of writing that? Just wondering...
Yes, that's short-hand, and it's very bad practice that has been going on in the PHP world for a long time.
Old versions of PHP used to automatically assign GET or POST data to varialbles, so if you had a <input name="me" value="you" /> in your form, once the form was submitted, the PHP script would automatically have the variable $me defined with the value 'you'. This is called Registered Globals, and it's very, very bad.
New versions of PHP have this turned off, and all variables must be defined manually, with a statement like, $me = addslashes($_POST['me']);
Oekaki Poteto doesn't filter its POST data correctly, which is why globals.php was added. It allows Oekaki Poteto to run on servers with registered globals turned off. I've fixed all these problems in Wacintaki, but Wax still has a lot of this stuff left over.
To make matters worse, PHP also supports something called "magic quotes" that handles addslashes() automatically. This causes even more problems, because while adding slashes keeps dangerous code from being put in the database, it's possible that slashes can be added twice, which isn't good. globals.php also takes care of this with my custom function slash_it(). It makes sure slashes are added only once, regardless of the setting for magic quotes.
I'm afraid PHP was designed for newbies, and just grew into a "real" language, so today a lot of people have to un-learn old PHP and learn new PHP. Registered globals, magic quotes, and other bad techniques just have to be tolerated and hacked.
The good news is, globals.php does all this for you. Just use $body, or $_POST['body'], and you'll be fine. You don't have to worry about slashes and other stuff, though maintaining the code in the future can be confusing.
Your form code is fine. Here's an updated functions_apply.php. I haven't tested it, so use it with caution. But, I'm pretty sure it'll work as expected. It automatically finds out the owner name, sends the application, sends a confirmation to the applicant, and redirects to applythanks.php.
I tried the script on my board and I got it to go to functions_apply.php but it won't send the mail or anything so I could try to come up with something that'll work for you ^^ I used an automated oemailing system for oevista.org's registration so I can probably fiddle with that a bit for you and make it work =3 (unless waccoon gets to it first xDD )
I have an advanced oekaki, and I'd like to intergrate it with my other 4 boards. Creating extra flags is easy and so it
changing functions.php so it assigns people with that flag. And merging the datanase shouldn't be hard becuase I have hardly
any members anyway.
I've created an 'application' page which looks like this:
[http://] <-- text where people put a URL in
[Send] <-- button
I want it so that when a user hits 'send' an o-mail is sent to me (Pinkie) with the URL and obviously the sender as in
regular o-mails.
Here is part of the code in my apply.php page:
<form name="form1" method="post" action="functions_apply.php"> <table width="<?=$hWidth?>" cellpadding="<?=$hCellPadding?>" align="center"> <tr> <td class="infotable"> <font size="-2"> </font> </td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td class="header"> <strong><?=$langop_sendm_title?></strong> </td> </tr> <tr> <td> <table width="75%" border="0" align="center" cellpadding="2" cellspacing="0" class="infotable"> <tr> <td> </td> </tr> <tr> <td> </td> </tr> <tr> <td height="44"> Advanced URL: <em>Enter a URL to ONE picture so that an admin may view it and see if it's up to standards.</em></td> </tr> <tr> <td> <input name="body" type="text" class="txtinput" id="body" style="width:100%;" value="http://" size="40" maxlength="255"> </td> </tr> <? if($action == 'reply') { ?> <tr> <td> <input type="hidden" name="MID" value="<?=$MID?>" /> <input type="hidden" name="action" value="reply" /> </td> </tr> <? } ?> <tr> <td> <input name="Apply" type="submit" id="Apply" value="Send" class="submit" /> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </form>
I want functions_apply.php to handle this form (becuase if any updates are made for WP it'll be quicker for me to edit
functions.php as I would have only made small changes)
Here is the full code of functions_apply.php:
<?php include_once('globals.php'); include('config.php'); include('dbconn.php'); ?> <?php /* Application Send */ if($Apply == 'Apply'){ //$body = slash_it(); //$subject = slash_it(); $result = mysql_query("SELECT usrname FROM ".$OekakiPoteto_MemberPrefix."oekaki where usrname='Pinkie'"); $row = mysql_fetch_array($result); $numrows = mysql_num_rows($result); if($numrows != 0){ if($action == 'reply'){ $result = mysql_query("UPDATE ".$OekakiPoteto_MemberPrefix."oekakimailbox SET mstatus='3' where MID='$MID'"); } $result = mysql_query("INSERT INTO ".$OekakiPoteto_MemberPrefix."oekakimailbox SET sender='$OekakiU', reciever='Pinkie', subject='Advanced Application', body='$body', senddate=NOW()"); errorCheck('mailbox.php'); } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode($langop_functions_err9)); exit; } } else { @mysql_close ($dbconn); header ('Location: error.php?error='.urlencode($langop_functions_err10)); exit; } } ?>
I was pretty apprehensive about editing the 'mailbox send' code becuase I don't want to mess up my database too much. Also,
how can I do it so that after a user subits they are redirected to applythanks.php for example?
And what is this line mean? : errorCheck('mailbox.php'); and can I remove it?
When running the scipt I get the following error message:
Parse error: parse error, unexpected '}' in
/home/pinkie/domains/pichu.mihopa.com/public_html/oekakis/advanced/functions_apply.php on line 35
----------------------------------------------------
Oh, and I have a question regarding PHP. On the line: body='$body' why don't you have to define the string? Why is it that
you don't add somewhere before the 'insert into mySQL' bit $body = $_REQUEST['body'] ? Or is that defined somewhere else in
functions.php... or is body='$body' a short-hand way of writing that? Just wondering...
I would appreciate your help a lot.