Page 1 of 1

No Trailing Slashes?

Posted: Thu Jul 30, 2009 7:57 pm
by JayGeePee
I bought software written in php, and have a problem with part of it. The website I bought it from no longer exists, so I cant get an answer. The problem I'm having is in the admin part of the php code. When I log in to my live admin area I have a space to put my website, but it says I cant use trailing slashes. But in order for this to work properly I need to put http:// in front of my web address, but it keeps saying it is forbidden. It causes a problem, when a member signs up they have to verify there email address by clicking this link. But with out http:// its just an un clickable link in there email. They have to copy and paste in order to use the link. I was wondering if someone could find the problem somewhere in this code -

Code: Select all

<?php
 
session_start();
 
include "../adminheader.php";
include "../config.php";
include "../style.php";
include "../config.php";
if( session_is_registered("alogin") ) {
 
        ?><table> <tr> <td width="15%" valign=top><br> <? include("adminnavigation.php"); ?> 
</td><td valign="top" align="center" width="5%"> <td valign="top" align="center" ><br><br> 
<?
    echo "<font size=2 face='$fonttype' color='$fontcolour'><p><center>";
    if ($action=="save") {
        if (($maxwinningp==0)||($maxwinningp==1)) {
            $maxwinningp=2;
        }
        if ($scratchfreqp==1) {
            $scratchfreqp=2;
        }
        if (($scratchoddsp==0)||($scratchoddsp==1)) {
            $scratchoddsp=2;
        }
        $update1=mysql_query("update settings set setting='$sitenamep' where name='sitename'");
        $update2=mysql_query("update settings set setting='$domainp' where name='domain'");
        $update3=mysql_query("update settings set setting='$adminpwp' where name='adminpw'");
        $update4=mysql_query("update settings set setting='$adminemailp' where name='adminemail'");
        $update5=mysql_query("update settings set setting='$paypalp' where name='paypal'");
        $update6=mysql_query("update settings set setting='$stormpayp' where name='stormpay'");
        $update9=mysql_query("update settings set setting='$prointervalp' where name='prointerval'");
        $update10=mysql_query("update settings set setting='$bannerpricep' where name='bannerprice'");
        $update13=mysql_query("update settings set setting='$bannerpricep' where name='bannerprice'") ;
        $update14=mysql_query("update settings set setting='$freecommissionp' where name='freecommission'");
        $update15=mysql_query("update settings set setting='$procommissionp' where name='procommission'");
        $update16=mysql_query("update settings set setting='$freepostp' where name='freepost'");
        $update17=mysql_query("update settings set setting='$propostp' where name='propost'");
        $update18=mysql_query("update settings set setting='$com1p' where name='com1'");
        $update19=mysql_query("update settings set setting='$com2p' where name='com2'");
        $update20=mysql_query("update settings set setting='$com3p' where name='com3'");
        $update21=mysql_query("update settings set setting='$com4p' where name='com4'");
        $update22=mysql_query("update settings set setting='$com5p' where name='com5'");
        $update23=mysql_query("update settings set setting='$upsp' where name='ups'");
        $update24=mysql_query("update settings set setting='$adminfeep' where name='adminfee'");
        $update25=mysql_query("update settings set setting='$safepayp' where name='safepay'");
        $update26=mysql_query("update settings set setting='$solidtrustp' where name='solidtrust'");
        $update33=mysql_query("update settings set setting='$basecolourp' where name='basecolour'") ;
        $update34=mysql_query("update settings set setting='$contrastcolourp' where name='contrastcolour'");
        $update35=mysql_query("update settings set setting='$fonttypep' where name='fonttype'");
        $update36=mysql_query("update settings set setting='$fontcolourp' where name='fontcolour'");
        echo "<p><b>Your settings have been saved.</b></p>";
    }
    else {
    ?> <H2>Your Site Settings</H2><p>Is is absolutely vital you set this up first 
before doing anything else. You can change your settings at any time you wish.</p><form method="GET" action="settings.php"> 
<input type="hidden" name="action" value="save"> <center> <hr> <p><b>Site settings</b></p>Sitename<br> 
<input type="text" name="sitenamep" value="<? echo $sitename; ?>"><br><br> The 
url to where your script is installed including http:// (no trailing '/')<br> 
<input type="text" name="domainp" value="<? echo $domain; ?>"><br><br> Admin password<br> 
<input type="text" name="adminpwp" value="<? echo $adminpw; ?>"><br><br> Your 
contact email<br> <input type="text" name="adminemailp" value="<? echo $adminemail; ?>"><br><br> 
Your Paypal email (leave blank if you do not wish to offer paypal as a payment 
method)<br> <input type="text" name="paypalp" value="<? echo $paypal; ?>"> <br><br> 
Your Alertpay email (leave blank if you do not wish to offer Alertpay as a payment 
method)<br> <input type="text" name="stormpayp" value="<? echo $stormpay; ?>"><br><br> 
Your SafepaySolutions username (leave blank if you do not wish to offer SafePaySolutions as a payment 
method)<br> 
<input type="text" name="safepayp" value="<? echo $safepay; ?>"><br>
<br> 
<strong>(UNAVAILABLE IN THIS VERSION) </strong>Your SolidTrustPay email (leave blank if you do not wish to offer SolidTrustPay as a payment 
method)<br>
<input type="text" name="solidtrustp" value="<? echo $solidtrust; ?>" />
<br>
<br>
Admin (PROCESSING) FEE per transaction<br> <input type="text" name="adminfeep" value="<? echo $adminfee; ?>"><br><br> 
<hr> <p><b>Membership Level Price settings</b></p>
Level 1 price<br> <input type="text" name="com1p" value="<? echo $com1; ?>"><br><br>
Level 2 price<br> <input type="text" name="com2p" value="<? echo $com2; ?>"><br><br> 
Level 3 price<br> <input type="text" name="com3p" value="<? echo $com3; ?>"><br><br>
Level 4 price<br> <input type="text" name="com4p" value="<? echo $com4; ?>"><br><br>
Level 5 price<br> <input type="text" name="com5p" value="<? echo $com5; ?>"><br><br>
<br>
<br> 
<hr> <p><br> 
<b>Misc settings</b></p>
<p>If you are stuck, use basecolour #E2E2E2, contrastcolour 
#C0C0C0, fonttype Tahoma and fontcolour #5C5C5C.</p>Base colour<br> <input type="text" name="basecolourp" value="<? echo $basecolour; ?>"><br><br> 
Contrast colour<br> <input type="text" name="contrastcolourp" value="<? echo $contrastcolour; ?>"><br><br> 
Font type<br> <input type="text" name="fonttypep" value="<? echo $fonttype; ?>"><br><br> 
Font colour<br> <input type="text" name="fontcolourp" value="<? echo $fontcolour; ?>"><br><br> 
<hr> <input type="submit" value=" Save "> </form></center> <? }
 
    echo "</td><td valign=top align=center width=5%></tr></table>";
    }
 
else  {
    echo "Unauthorised Access!";
    }
 
include "../adminfooter.php";
mysql_close($dblink);
php?>

Re: No Trailing Slashes?

Posted: Thu Jul 30, 2009 8:07 pm
by jackpf
Sorry, I can't see any validation preventing the use of http://. In fact, I don't even see where the data is retrieved from, nor where a link is displayed. Is this the entire script? The data could be coming from one of the included files such as config.php...

Do you reckon you could post that as well?