The file path to the problem file is http://mysite.com/Project Software/admin/add_agency.php
The form redirects to public_html/mysite.com/Software
I assume Software is the Software that is in /Software Projects/ But I don't know how it is coming up with this.
I have think possibly it is coming from the forth line down: header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
Below is the Coding
Code: Select all
<?php
session_start();
if (!isset($_SESSION['user_name'])) {
header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
}
$_SESSION['ADMIN_TYPE']="Agency";
require_once("../includes/config.php");
require_once("../includes/connection.php");
require_once("../includes/data.php");
require_once("../includes/utils.php");
require_once("../libs/smarty.php");
if($_POST["btnAdd"]<>"")
{
$agency = $_POST["agency_name"];
if($agency<>"")
{
$insertQuery = "INSERT INTO users set agency_name = '$agency'";
//echo mysql_error(). " ". $insertQuery;
if ($result = mysql_query($insertQuery))
{
// It worked, give confirmation
$message = '<font color=red><b>New agency added successfully.<br><br></b></font>';
}else{
// It hasn't worked so stop. Better error handling code would be good here!
$message = "<font color=red><b>Sorry, there was an error adding the agency name.<br><br></b></font>";
}
}else{
$message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
}
}
if($_POST["btnEdit"]<>"")
{
$aid = $_POST["agency_id"];
$agency = $_POST["agency_name"];
if($agency<>"")
{
$editQuery = "update users set agency_name = '$agency' where id=$aid";
//echo mysql_error(). " ". $insertQuery;
if ($result = mysql_query($editQuery))
{
// It worked, give confirmation
$message = '<font color=red><b>Agency name update successfully.<br><br></b></font>';
}else{
// It hasn't worked so stop. Better error handling code would be good here!
$message = "<font color=red><b>Sorry, there was an error to modify agency name.<br><br></b></font>";
}
}else{
$message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
}
}
if($_POST["btnDel"]<>"")
{
$aid = $_POST["agency_id"];
$agency = $_POST["agency_name"];
$delQuery1 = "delete from users where id=$aid";
$delQuery2 = "delete from users where agency='$agency'";
$delQuery3 = "delete from subdomain_approval where agency='$agency'";
$delQuery4 = "delete from subdomain_hold where agency='$agency'";
$delQuery5 = "delete from subdomain_submission where agency='$agency'";
if($result1 = mysql_query($delQuery1))
{
$delMessageAgency = "<font color=red size=1><b>1. Agency name '".$_POST["agency_name"]."' deleted successfully.<br></b></font>";
$delMessageAdmin = "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
}else{
$delMessageAgency = "<font color=red size=1><b>1. Sorry, there was an error to delete agency.<br></b></font>";
$delMessageAdmin = "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
}
/* if($result2 = mysql_query($delQuery2))
{
echo "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
}else{
echo "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
} */
if($result3 = mysql_query($delQuery3))
{
$delMessage3 = "<font color=red size=1><b>3. Approval Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
}else{
$delMessage3 = "<font color=red size=1><b>3. Sorry, there was an error to delete Approval for this agency.<br></b></font>";
}
if($result4 = mysql_query($delQuery4))
{
$delMessage4 = "<font color=red size=1><b>4. Hold Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
}else{
$delMessage4 = "<font color=red size=1><b>4. Sorry, there was an error to delete Hold/Edit for this agency.<br></b></font>";
}
if($result5 = mysql_query($delQuery5))
{
$delMessage5 = "<font color=red size=1><b>5. Submission Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
}else{
$delMessage5 = "<font color=red size=1><b>5. Sorry, there was an error to delete Submission for this agency.<br></b></font>";
}
}
//$query0 = "select * from users order by agency_name";
//$result0 = mysql_fetch_assoc(mysql_query($query0));
// 12.13.7; wiseobject <- hide super user
$query0 = "select * from users where role != 'super_admin' order by agency_name";
$result0 = mysql_query($query0);
while($row0=mysql_fetch_array($result0)){
$dispAdmin[]=$row0;
}
$smarty = new RuSmarty;
$smarty->assign("btnAdd",$_POST["btnAdd"]);
$smarty->assign("btnEdit",$_POST["btnEdit"]);
$smarty->assign("btnDel",$_POST["btnDel"]);
$smarty->assign("action",$_SERVER['PHP_SELF']);
$smarty->assign("aid",$_POST["agency_id"]);
$smarty->assign("agency",$_POST["agency_name"]);
$smarty->assign("message",$message);
$smarty->assign("delMessageAgency",$delMessageAgency);
$smarty->assign("delMessageAdmin",$delMessageAdmin);
$smarty->assign("delMessage3",$delMessage3);
$smarty->assign("delMessage4",$delMessage4);
$smarty->assign("delMessage5",$delMessage5);
$smarty->assign("result0",$dispAdmin);
$smarty->assign("admin_role",$_SESSION['admin_role']);
$smarty->display('admin/add_agency.tpl');
?>
Code: Select all
{if $admin_role ne "super_admin"}
{literal}
<script type="text/javascript" language="JavaScript">
alert("You are not authorized to perform this operation.\nPlease contact the super-admin for requesting authorization.");
location.href = 'Profile_Admin.php';
</script>
{/literal}
{/if}
<html>
<head>
<title>APEX New Agency</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body>
<h1>APEX Admin Console</h1>
<h2>Add New Agency</h2>
<div class="ContentsBox" id="Contents" style="width: 400">
{$message}
<h3>Enter New Agency</h3>
<table class="Input">
<form name=AddAgency action={$action} method=post>
<tr>
<td>Agency Name:</td>
<td><input type=text size=20 maxlength=20 name=agency_name></td>
<td align=right><input type=submit value=Add name=btnAdd></td>
</tr>
</form>
</table>
<br>
<br>
{if $btnDel ne ""}
{$delMessageAgency}</br>
{$delMessageAdmin}
{/if}
<h3>List of Agencies</h3>
<table class="Input">
{section name=dispRecords loop=$result0}
<tr>
<td>{$smarty.section.dispRecords.rownum}</td>
<form name=AddAgency action={$action} method=post>
<td><input type=hidden name=agency_id value="{$result0[dispRecords].id}">
<input type=text size=20 maxlength=20 name=agency_name value="{$result0[dispRecords].agency_name}"></td>
<td align=right><input type=submit value=Edit name=btnEdit></td>
<td align=right><input type=submit value=Del name=btnDel onClick="return confirm('Are you sure to delete agency name?')"></td>
<td align=right><input type=button value="Add New Admin" onClick="javascript: location.href='add_admin.php?ag={$result0[dispRecords].agency_name}';"></td>
</form>
</tr>
{sectionelse}
echo "<tr><th colspan=5>No agency found in list.</th></tr>";
{/section}
</table>
</div>
</body>