Looking for some help on an error I can't resolve.
I've written a CMS in PHP which can edit code and save it to an SQL Database. The actual process of it works fine with HTML, text, and other stuff.
However if I submit PHP in the form (which is what the main goal is) I get a 501 error. The next page doesn't even get run, it just flat our errors when I click the button.
I think the inserted PHP is interfering with the php on the page, but I can't see a way to fix it as I have to reload the page before I can process any of the text.
All three of these sections are on the same page, and in this order.
Code: Select all
<!-- EDIT MODULE ------------------------------------------- -->
<?
if (isset($_POST['module_edit']))
{
$result = mysql_query("SELECT * FROM c_pages WHERE code = '".$_POST['content_code']."'", $link);
if ( $result === false ){ echo 'ERROR: COULD NOT ACCESS DATABASE.'; exit; };
$num_rows = mysql_num_rows($result);
echo '<form action="'.curPageURL().'" method="post">';
echo '<h1>Title: <input type="text" name="module_name" value="';
if ($num_rows != 0){ echo str_replace('_', ' ', mysql_result($result, 0, "name")); };
echo '" size=60></h1><br>';
echo '<h1>Content:</h1>';
echo '<textarea cols="80" id="editor1" name="editor1" rows="40">';
if ($num_rows != 0){echo mysql_result($result, 0, "content");};
echo '</textarea> <br>';
echo '<input type="submit" name="module_edit_save" value="Save Module" />';
echo '<input type="hidden" name="module_code" value="';
echo $_POST['content_code'];
echo '" /></form>';
}
?>
Code: Select all
<!-- MODULE EDIT SAVE -->
<?
if (isset($_POST['module_edit_save']))
{
echo $_POST['editor1'];
$editor1 = $_POST['editor1'];
//echo '<br>'.$editor1.'<br>';
/* $query = "UPDATE c_pages SET content='".$editor1."' WHERE code = '".$_POST['module_code']."'";
$update = mysql_query($query);
if (!$update) {
die('<p style="background: #00DD00; padding: 5px;">Text could not be saved.<br>'.mysql_error().'</p><br>');
}else{
echo '<p style="background: #00DD00; padding: 5px;">Content text has been saved.</p><br>';
}
$name = $_POST['module_name'];
$name = str_replace(' ', '_', $_POST['content_name']);
$name = preg_replace("/[^a-zA-Z0-9_\s]/", "", $name);
$query = "UPDATE c_pages SET name='".$name."' WHERE code = '".$_POST['module_code']."'";
$update = mysql_query($query);
if (!$update) {
die('<p style="background: #00DD00; padding: 5px;">Text could not be saved.<br>'.mysql_error().'</p><br>');
}else{
echo '<p style="background: #00DD00; padding: 5px;">Content name has been saved.</p><br>';
}
*/
};
?>
Code: Select all
...
echo '<input type="hidden" name="content_code" value="'.mysql_result($c_result,$c_counter,"code").'">';
echo '<input type="submit" name="module_edit" value="Edit" />';
...
Code: Select all
<?php
// WHERE WOULD YOU LIKE THE SUBMISSIONS SENT?
$to='marketing@....co.uk';
$messageSubject='...: Contact Form';
// MESSAGE ON FORM BUTTON
$button_message = "Click to send email.";
// SENDERS CONFIRMATION EMAIL
$confirmationSubject='www.....co.uk - Contact Form';
$confirmationBody="\n\nThank you for taking the time to email me. I'll be in touch shortly.\n";
$email='';
$body='';
$displayForm=true;
if ($_POST){
$email=stripslashes($_POST['email']);
$body=stripslashes($_POST['body']);
// validate e-mail address
$valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$email);
$crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$body);
if ($email && $body && $valid && !$crack){
if (mail($to,$messageSubject,$body,'From: '.$email."\r\n")
&& mail($email,$confirmationSubject,$confirmationBody.$body,'From: '.$to."\r\n")){
$displayForm=false;
?>
<p style="background: #84b1e3;">
Your message was successfully sent. In addition, a confirmation copy was sent to your e-mail address.
</p>
<?php
}else{ // the messages could not be sent
?>
<p style="background: #84b1e3;">
Something went wrong when the server tried to send your message.<br>
This is usually due to a server error, and is not your fault.<br>
Please try again. If the error persists please email ...@....co.uk.
</p>
<?php
}
}else if ($crack){ // cracking attempt
?>
<p style="background: #84b1e3;">
Your message contained e-mail headers within the message body. This seems to be a cracking attempt and the message has not been sent.
</p>
<?php
}else{ // form not complete
?>
<p style="background: #84b1e3;">
Your message could not be sent. You must include both a valid e-mail address and a message.
</p>
<?php
}
}
if ($displayForm){
?>
<form action="contact.php" method="post">
<table border=0>
<tr>
<td width=100><label for="email"><p>Your E-mail:</p></label></td>
<td>
<input type="text" name="email" id="email" value="<?php echo htmlspecialchars($email); ?>" size="30">
</td>
</tr>
<tr>
<td><label for="body"><p>Message:</p></label></td>
<td><textarea name="body" id="body" cols="55" rows="10">
<?php echo htmlspecialchars($body); ?>
</textarea></td>
</tr>
<tr><td></td><td id="submit"><button type="submit"><? echo $button_message; ?></button></td></tr>
</table>
</form>
<?php
}
?>
John.