hidden variable not being picked up by php on resubmission
Posted: Wed Sep 10, 2003 9:00 am
that didn't help.
it's sending me back to the choice page after i choose a user to approve. this doesn't make sense because the hidden input fn should set fn correctly to go back to appnu. on top of that, only two functions seem to be passing an fn in the hidden fields. i don't understand why it's not passing in the others. the fn was passed to bring up the section of the admin panels in question
this is only the relevant functions (everything from the opening through appnu)
note: errors on E_ALL
set in includes: $host, $login2, $pass2, $admins, bgnpg(), bgnmsgpg(), $approvers, $suspenders, $jra, $adm, $wbm, $ok
it's sending me back to the choice page after i choose a user to approve. this doesn't make sense because the hidden input fn should set fn correctly to go back to appnu. on top of that, only two functions seem to be passing an fn in the hidden fields. i don't understand why it's not passing in the others. the fn was passed to bring up the section of the admin panels in question
this is only the relevant functions (everything from the opening through appnu)
note: errors on E_ALL
set in includes: $host, $login2, $pass2, $admins, bgnpg(), bgnmsgpg(), $approvers, $suspenders, $jra, $adm, $wbm, $ok
Code: Select all
<?php
include("/home/joshua/includes/fyd.incs.php"); # includes file
/* ***************************************************
** set any and all variables that need to be set **
*************************************************** */
$fn=$_POST['fn']; // what you want to do
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify yourself
# check for access in the db
$db=mysql_connect($host, $login2, $pass2) or die("cannot access mysql"); # connect to the db
$fyd=mysql_select_db('findyourdesire', $db) or die("cannot access db"); # get the db
$accessfind=mysql_query("SELECT site_access FROM users WHERE username='$un' AND password='$pw'", $db);
if(!(mysql_num_rows($accessfind)==0)){ # we found a user
$accesscheck=mysql_fetch_array($accessfind); $sa=$accesscheck['site_access']; # find out the access level
if(contains($sa, $admins)){ # if the level is an admin level
/* *******************************************************
*** find where we are and call the creation functions ***
******************************************************* */
if(isset($fn)){ // we wanna do something
if($fn=='appnu'){ bgnpg('New User Approval'); appnu($db); } # approve new user profile
elseif($fn=='appbio'){ bgnpg('Bio Approval'); appbio($db); } # approve bios
elseif($fn=='appmain'){ bgnpg('Main Pic Approval'); appmain($db); } # approve bios
elseif($fn=='appt1'){ bgnpg('Thumbnail Pic Approval'); appt1($db); } # approve thumb 1
elseif($fn=='appt2'){ bgnpg('Thumbnail Pic Approval'); appt2($db); } # approve thumb 2
elseif($fn=='appt3'){ bgnpg('Thumbnail Pic Approval'); appt3($db); } # approve thumb 3
elseif($fn=='appt4'){ bgnpg('Thumbnail Pic Approval'); appt4($db); } # approve thumb 4
elseif($fn=='appsalute'){ bgnpg('Salute Pic Approval'); appsalute($db); } # approve salute
elseif($fn=='susus'){ bgnmsgpg('Member Suspension'); susus($db); } # suspend user
elseif($fn=='susrev'){ bgnmsgpg('Suspension Review'); susrev($db); } # review suspensions
elseif($fn=='delu'){ bgnmsgpg('Member Deletion page'); delu(); } # delete user
elseif($fn=='access'){ bgnmsgpg('Site Access Adjustment'); access($db); } # adjust user's site access
elseif($fn=='adjfor'){ bgnmsgpg('Forum Adjustment'); adjfor($db); } # adjust forums
elseif($fn=='misc'){ bgnmsgpg('Josh''s Special Page'); misc(); } # give miscellaneous commands
else{ bgnmsgpg('Administration Area (restricted access)'); choice($db); } # something's wrong
}else{ bgnmsgpg('Administration Area (restricted access)'); choice($db); } # begin this craziness
}else{ bgnmsgpg('Administration Area (restricted access)'); problem(); } # user shouldn't be this far
}else{ bgnmsgpg('Administration Area (restricted access)'); problem(); } # user shouldn't be this far
function choice($db){ # main admin page
include("/home/joshua/includes/fyd.altincs.php"); # includes file (precautionary measure)
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify
$options=''; // what can ya do
/* find access level in db. set appropriately */
$accessret=mysql_query("SELECT site_access FROM users WHERE username='$un' AND password='$pw'", $db);
$access=mysql_fetch_array($accessret); // get the access level
$sa=$access['site_access']; // set the access level
if(contains($sa, $approvers)){ // you are allowed to approve
$options.=" <option value="appnu">Approve New Users</option>\n <option value="appbio">Approve Bios</option>\n <option value="appmain">Approve Main Pictures</option>\n <option value="appt1">Approve 1st Thumb</option>\n <option value="appt2">Approve 2nd Thumb</option>\n <option value="appt3">Approve 3rd Thumb</option>\n <option value="appt4">Approve 4th Thumb</option>\n <option value="appsalute">Approve Salute Picture</option>\n"; } # add the approver options
if(contains($sa, $suspenders)){ // you're allowed to suspend
$options.=" <option value="susus">Suspend User</option>\n"; } # add the suspend options
if(($sa==$jra)||($sa==$adm)||($sa==$wbm)){ // your more than a someone given the ability to suspend and/or approve
$options=$options." <option value="susrev">Review Suspended Users</option>\n <option value="access">Adjust User Access</option>\n"; } # add things for jr/full admins
if(($sa==$adm)||($sa==$wbm)){ // you're a full admin
$options.=" <option value="delu">Delete User</option>\n <option value="adjfor">Adjust Forums</option>\n"; } # full admin options
if($sa==$wbm){ // you're the webmaster
$options.=" <option value="misc">Misc Commands</option>"; } # only the webmaster, since the other full admins might not have a grasp of how to use dbs
echo <<<END
<h3>Welcome to the Admin Choice Page. If you link a non-admin to any admin page, they will see nothing, except for the an error message letting them to know to report it. (security)</h3>
<p>
<!-- php checks access level in form creation & makes select choices based on it -->
<form action="$_SERVER[PHP_SELF]" target="_blank" method="POST" >
<select name="fn" size="1">
$options
</select>
<input type="submit" value="Administrate!">
</form>
</p>
</center>
</body>
</html>
END;
}
function appnu($db){ # approve a new user
include("/home/joshua/includes/fyd.altincs.php"); # includes file (precautionary measure)
$un=$_COOKIE['un']; // who you are
$pw=$_COOKIE['pw']; // verify
$options=''; // what can ya do
/* find access level (site_access) in db. set appropriately */
$accessret=mysql_query("SELECT site_access FROM users WHERE username='$un' AND password='$pw'", $db);
$access=mysql_fetch_array($accessret); // get access level
$sa=$access['site_access']; // set access level
if(!(contains($sa, $approvers))){ error(); } # double check on access
else{ # we're gonna do find and appprove someone
if($_POST['action']==='APPROVED'){ # approve
$ruin=$_POST['ruin']; // id # being approved
$run=$_POST['run']; // name being approved
$update=mysql_query("UPDATE users SET approved='$ok' WHERE uid='$ruin'", $db); // approve profile
foreach($pics as $pic){ // for each picture you have
$img=getcwd().'/unapproved/'.$pic.'.'.$run.'.jpg'; $to=getcwd().'/userpics/'.$pic.'.'.$run.'.jpg';
if(is_file($img)){ rename($img, $to); } # move to approved
} // pictures should now show up
if(mysql_affected_rows($update)==1){ $result="$run's profile successfully approved"; } // worked
else{ // something went wrong
$errno=mysql_errno($db); // error number
$error=mysql_error($db); // error message
$result="Error approving $run's profile<br />$errno: $error"; } // set error message
echo " <p>$result</p>\n"; // report what happened
}elseif($_POST['action']==='REJECT'){ # reject
$ruin=$_POST['ruin']; // id number
$run=$_POST['run']; // username
$reason=$_POST['reason']; // reson for rejection
$findemail=mysql_query("SELECT email FROM users WHERE uid='$ruin'", $db); # find user's email
$getemail=mysql_fetch_array($findemail); // get email
$to=$getemail['email']; // set email
unapproveMessage('Profile', $reason, $run, $to); // let the user know why
}elseif($_POST['action']==='review'){ # review
# get the info
$ui=explode(',', $_POST['ui']); // array info
$ruin=$ui[0]; // set id number
$run=$ui[1]; // set username
# make the approval form
echo <<<END
<h1>Do NOT link to the pictures in the forum. It will defeat the purpose of the obscuring done in the profiles. You are linked to the originals for approval only</h1>
<form action="$_SERVER[PHP_SELF]">
<input type="hidden" name="fn" value="appnu"><input type="hidden" name="ruin" value="$ruin">
$tsnw
<tr><td>user:<input type="text" size="15" readonly name="run" value="$run"> </td><td>APPROVING: PROFILE</td></tr>
<tr><td colspan="2"><iframe frameborder="0" name="bio" scrolling="auto" src="bio.php?un=$run&uin=$ruin&show=yes">if you see this upgrade to <a href="http://www.mozilla.org/">Mozilla</a> 1.3.1 or later</iframe></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/main.$run.jpg" target="pic">Main</a></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/t1.$run.jpg" target="pic">Thumb 1</a></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/t2.$run.jpg" target="pic">Thumb 2</a></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/t3.$run.jpg" target="pic">Thumb 3</a></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/t4.$run.jpg" target="pic">Thumb 4</a></td></tr>
<tr><td colspan="2" align="center"><a href="uapproved/salute.$run.jpg" target="pic">Salute</a></td></tr>
<tr>
<td><input type="text" name="reason" size="21"></td>
<td>
<select name="action">
<option value="REJECT">REJECT</option>
<option value="APPROVED">APPROVE</option>
</select>
<input type="submit" value="Done">
</td>
</tr>
</table>
</form>
</center>
</body>
</html>
END;
}
if($_POST['action']!=='review'){ # if we're not reviewing
$unapproved=''; // who needs to be approved (options)
$users=array(); // who needs to be approved (raw db retrieval)
# who needs to be approved
$newbs=mysql_query("SELECT uid,username FROM users WHERE approved='$nuv'", $db); # find newbs
$found=mysql_num_rows($newbs); // how many newbs
for($i=0;$i<$found;$i++){ $users[]=mysql_fetch_array($newbs); } # for each newb, get the info
foreach($users as $user){ # for each newb
$id=$user['uid']; // find id number
$name=$user['username']; // find name
$newmems=$newmems."<option value="$id,$name">$name</option>"; # make them an option
} #so we can place it in the form
# find out who they want to approve
echo <<<END
$poserr
<form action="$_SERVER[PHP_SELF]">
<input type="hidden" name="fn" value="appnu">
<input type="hidden" name="action" value="review">
<select name="un" size="1">
$newmems
</select>
<input type="submit" value="Review Profile!">
</form>
</center>
</body>
</html>
END;
}
}
}