Page 1 of 1

Where's the mistake pls...

Posted: Fri Dec 10, 2004 4:23 am
by angelena

Code: Select all

<?php
<?php
	$curwd = getcwd();
	chdir('../catalog');
  require('includes/application_top.php');
	chdir($curwd);

	if (!tep_session_is_registered('customer_id') || $customer_type!='Admin' && $customer_type!='Boss' && $customer_type!='Center')    {
		header("Location: log_off.php");
	}
	$errormsg = "";
	$error = false;
	$veri = "false";
	$totalprice = 0;
	$submitted = false;
	
    # data pass from previous form
    $topic_id = tep_db_prepare_input($HTTP_GET_VARS['topic_id']);
    $location1 = tep_db_prepare_input($HTTP_GET_VARS['location']);

  
   	$get_center_query = tep_db_query("select * FROM topic where topic_id = '".$topic_id."'");
	$get_center = tep_db_fetch_array($get_center_query);

 if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'verify')) {
	$veri = tep_db_prepare_input($HTTP_POST_VARS['veri']);
	$customerid = tep_db_prepare_input($HTTP_POST_VARS['customerid']);
	$topic = tep_db_prepare_input($HTTP_POST_VARS['topic']);
	$motivator = tep_db_prepare_input($HTTP_POST_VARS['motivator']);
	$location = tep_db_prepare_input($HTTP_POST_VARS['location']);
	$time = tep_db_prepare_input($HTTP_POST_VARS['time']);
	$date = tep_db_prepare_input($HTTP_POST_VARS['date']);
    $process = tep_db_prepare_input($HTTP_POST_VARS['action1']);

    if($error==false) $veri = "true";
  
    if ($process == 'process') {

tep_db_query("update topic set topic = '".$topic2."', motivator = '".$motivator2."', location = '".$location."', date = '".$date2."', time = '".$time2."' where topic_id = '".$topic_id."'");


	$submitted = true;
	
  }
}   
if($submitted != true){
?>
<?PHP   require('includes/headbanner.php'); ?>
        
<table width="70%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DEE0E1">
     <form name="form1" method="post" action="<?PHP echo ("edit_attend.php"); ?>">   
        <input type="hidden" name="action" value="verify">
        <input type="hidden" name="veri" value="<?PHP echo $veri; ?>">
		<?PHP if($veri=="true"){ ?>
        <input type="hidden" name="action1" value="process">
		<?PHP } ?>
          <tr>
            <td class="mlm" height="21" colspan="3"><div align="center"></div></td>
          </tr>
          <tr class="headerNavigation"> 
            <td height="21" colspan="3"><img src="images/Button02.gif" width="18" height="18">CHANGE 
              COMMISSION <?PHP echo $errormsg; ?></td>
          </tr>
          <tr> 
            <td width="76" nowrap  class="mlm"><strong>Topic</strong></td>
            <td width="369" class="mlm" ><strong><font color="#FF0000"> 
               <?PHP  if($veri=="false"){
				 	echo(tep_draw_input_field('topic2',$get_center['topic'])); 
				}
				else{
					echo (tep_draw_hidden_field('topic2',$topic2));
					echo ($topic2);
				}
			?>
              </font></strong></td>
          </tr>
          <tr> 
            <td width="76" nowrap  class="mlm"><strong>Motivator</strong></td>
            <td class="mlm" ><strong><font color="#FF0000"> 
              <strong><font color="#FF0000">
              <?PHP  if($veri=="false"){
				 	echo(tep_draw_input_field('motivator2',$get_center['motivator'])); 
				}
				else{
					echo (tep_draw_hidden_field('motivator2',$motivator2));
					echo ($motivator2);
				}
			?>
              </font></strong>            </font></strong></td>
          </tr>
          <tr> 
            <td  class="mlm" height="21"><strong>Location</strong></td>
            <td  class="mlm" height="21"> 
              <strong><font color="#FF0000">
              <?PHP  if($veri=="false"){
				 	echo(tep_draw_input_field('location',$get_center['location'])); 
				}
				else{
					echo (tep_draw_hidden_field('location',$location));
					echo ($location);
				}
			?>
            </font></strong>            </td>
          </tr>
        
          <tr> 
            <td class="mlm" ><strong>Time</strong></td>
            <td class="mlm" > 
              <strong><font color="#FF0000">
              <?PHP  if($veri=="false"){
				 	echo(tep_draw_input_field('time2',$get_center['time'])); 
				}
				else{
					echo (tep_draw_hidden_field('time2',$time2));
					echo ($time2);
				}
			?>
            </font></strong>            </td>
          </tr>
          <tr> 
            <td class="mlm" ><strong>Date</strong></td>
            <td class="mlm" > 
              <strong><font color="#FF0000">
              <?PHP  if($veri=="false"){
				 	echo(tep_draw_input_field('date2',$get_center['date'])); 
				}
				else{
					echo (tep_draw_hidden_field('date2',$date2));
					echo ($date2);
				}
			?>
            </font></strong>            </td>
          </tr>
          <tr align="right" valign="top"> 
            <td class="mlm"  colspan="3" bgcolor="cdcdcd"> <font size="2" face="Arial, Helvetica, sans-serif"> 
              <?PHP if($veri=="false"){ ?>
              <input type="submit" name="submit" value="View First">
               <?php echo ($location);  ?>
              <?PHP } else { ?>
              <input type="submit" name="submit" value="Submit">
              <?php 
             

            ?>
              <?PHP } ?>
              <INPUT TYPE="RESET" VALUE="Clear">
              </font></td>
          </tr>
</form>
        </table>
<?PHP   require('includes/bottombanner.php'); ?>
<?PHP } else {?>
<?PHP require('includes/headbanner.php'); ?>
<div align="center"><?PHP echo("Topic changes have been updated successfully."); ?></div>
<?php echo ($location);  ?>
<?PHP   require('includes/bottombanner.php'); ?>
<?PHP } ?>
?>


Above is the update page....i did tried to test on the data that they pass,all is correct,even till the page where a message will be display to inform user that data has been successfully updated..but the data which is actually not even updated into my respective db...can anybody pls tell me where's the mistake....??

Posted: Fri Dec 10, 2004 10:07 am
by timvw
first mistake: you use the header - location with an incomplete url. this is not conform with the rfc on http1.1

second: you use deprecated $http_ vars

it is hard to guess what your custom tep_ functions do.

Posted: Fri Dec 10, 2004 7:56 pm
by angelena
Hi Timvw,

U mean me "header("Location : log_off.php")"??..actuually all this function i do have another fle to predefined it first,cz i guess it saves up my code space and just call the function from the respective files.

The prob is,everythg seems so okie and it didnt even gif me any error message thruout this update process...wondering why....huhhh

Posted: Fri Dec 10, 2004 8:03 pm
by timvw
angelena wrote:U mean me "header("Location : log_off.php")"??
Yes, i don't mean that you can't use that function, i mean that you are not conform with rfc 2616 http://www.w3.org/Protocols/rfc2616/rfc2616.html

should be something like header('Location: http://whateverhost/log_off.php');



also at line 46 you are writing code like

if ($submitted != true)

imho it's cleaner to write

if (!$submitted)



but as said before without know what your tep_ stuff does we can't say what is going wrong... using error_reporting(E_ALL) is a start in your debugging proces ;)

Posted: Sat Dec 11, 2004 1:54 am
by Weirdan
timvw wrote: but as said before without know what your tep_ stuff does we can't say what is going wrong...
Obviously it's a part of osCommerce engine. I can't really say more on this (aside from the fact I still have an open security-related bug on their bug-tracker :D )

Posted: Sun Dec 12, 2004 12:21 am
by angelena
emmm....error_reporting?.....im not familiar with that cz din use it before...can u pls provide me some guide,timvw?where shud that be included in?

thx ya ..