please help with this urgent problem on php code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gene4848
Forum Newbie
Posts: 19
Joined: Fri Nov 28, 2008 10:17 pm

please help with this urgent problem on php code

Post by gene4848 »

Hi guys im needing help on one more major problem with my classified ad php software ,heres the problem: when some one joins for free and they get one of the ad packages weather it be 25 credits or ten all the other members get the same credit qty as the ones you buy,other wards, if one member has 25 credits in there account and the other member buys 50 that other members acount updates to the same qty?how do you fix the credit problem they give the same credit amout to all users plus or minus this is useless please give the fix info for this see for your selflink below:


http://www.copylathe.com/post/index.php
note i dont know where to begine i know itys not the mysql data base ,i elimated that,


it might be in the my tow pages that might control the ad credit system php page /code here it is can some one look at it and see if its right? two php pages (select package ) & (detail)

Code: Select all

<?php 
    session_start();
    if(!isset($_SESSION['session_login']) || $_SESSION['session_login'] == "")
        header("Location:loginform.php?errFlag=1");
 
require("include/conn.php");
 
?>
<html>
<head>
<title>Online Classifieds; Add Advertisment</title>
<link href="include/style.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#ffffff" style="text-align: center" topmargin="0">
<table width="780"  border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td colspan="2"><?php include("include/top.php"); ?></td>
  </tr>
  <tr>
    <td width="224" valign="top" bgcolor="#E8E3E8"><? require("include/left.php");?></td>
    <td width="560" valign="top">
    <table width="98%"  border="0" align="center" cellpadding="2" cellspacing="0" class="brd">
      <tr>
        <td bgcolor="#B3A2B2" class="whitetxt">Select Package</td>
      </tr>
      <?
        
/*      $sql = "SELECT * FROM page_text WHERE page_id=1";
        $result = mysql_query($sql) or die(mysql_error());
        $qr = mysql_fetch_array($result);
        $page_text = $qr['page_text'];
 */   
      ?>
      <tr>
        <td height="23"><br><form action="save_ad.php" method="post" name="frm_ad" onSubmit="return validateForm(this);">
          <table width="90%"  border="0" align="center" cellpadding="3" cellspacing="0" class="brd">
            <tr bgcolor="#E0D2DF">
              <td width="33%" class="blacktxt">Package Name</td>
              <td width="28%" class="blacktxt"><div align="center">No of Credits</div></td>
              <td width="12%" class="blacktxt">Price</td>
              <td class="blacktxt"><div align="center">Pic.View Detail </div></td>
            </tr>
            <? 
        $result=mysql_query("Select * from packages order by amount asc");        
        $rc=mysql_num_rows($result);
        while($qr = mysql_fetch_array($result)) {
        ?>
            <tr>
              <td height="5" colspan="4"></td>
            </tr>
            <tr class="leftlinks">
              <td><? echo $qr["title"]; ?> </td>
              <td><div align="center"><a href="detail.php?sid=<?=$qr['siteid']?>" class="leftlinks">
                  <?=$qr['no_days'];?>
              </a></div></td>
              <td>$<?=$qr['amount']?>
              </td>
              <td><div align="center"><A href="paypal.php?pkid=<? echo $qr["packageid"];?>"><font color="#000000">Buy
                    Now</font></A></div></td>
            </tr>
            <? }?>
          </table>
        </form></td>
      </tr>
      <tr>
        <td class="leftlinks">&nbsp;</td>
      </tr>
      <tr>
        <td align="right"></td>
      </tr>
    </table>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br></td>
  </tr>
  <tr>
    <td colspan="2">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="2">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="2" bgcolor="#E0D2DF"><? require("include/footer.php");?></td>
  </tr>
</table>
</body>
</html>



Code: Select all

<? 
ob_start();
session_start();
require("include/conn.php");
 
 
$sql = "SELECT sitehits FROM ad WHERE siteid=".$_GET['sid'];
$row_hit = mysql_query($sql) or die(mysql_error());
$qr_hit = mysql_fetch_array($row_hit);
 
$sitehits = $qr_hit['sitehits'];
 
    if(!isset($_COOKIE['vote']) || $_COOKIE['vote'] != $_GET['sid']){
        
        $new_hits = $sitehits + 1;
        
        $sql = "UPDATE ad SET sitehits =".$new_hits." WHERE siteid=".$_GET['sid'];
        mysql_query($sql) or die(mysql_error());
    
    
    setcookie('vote',$_GET['sid'], time()+60*60*24,'/');
    
    }
 
?>
<html>
<head>
<title>Online Classifieds; Ad Details</title>
<link href="include/style.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#ffffff" style="text-align: center" topmargin="0">
<table width="780"  border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><?php include("include/top.php"); ?></td>
  </tr>
  <tr>
    <td align="center">&nbsp;   </td>
  </tr>
  <tr>
    <td align="center">&nbsp;</td>
  </tr>
  <tr>
    <td align="center"><table width="96%"  border="0" cellpadding="3" cellspacing="0" class="brd">
      <? 
      
        $sql = "SELECT * FROM ad WHERE approve=1 and siteid=".$_GET['sid'];
        $row = mysql_query($sql) or die(mysql_error());
        $qr = mysql_fetch_array($row);
        if (mysql_num_rows($row) < 1) 
        {
            header("Location: index.php");
        }
      
/** FOR CAT NAME *************************************/
        $sql_cat = "SELECT catname FROM category WHERE catid =".$qr['sitecatid'];
        $row_cat = mysql_query($sql_cat) or die(mysql_error());
        $qr_cat = mysql_fetch_array($row_cat);
      
      ?>
      <tr>
        <td colspan="2" bgcolor="#E0D2DF" class="blackhead">
          <?=$qr_cat['catname']?>
          &nbsp;>&nbsp;
          <?=$qr['sitetitle']?>
        </td>
      </tr>
      <tr>
        <td height="10" colspan="2"></td>
      </tr>
      <tr>
        <td width="63%" valign="top"><table width="100%"  border="0" cellpadding="3" cellspacing="0" class="brd">
          <tr>
            <td bgcolor="#E0D2DF" class="blacktxt">Description</td>
          </tr>
          <tr>
            <td class="leftlinks"><?=$qr['sitedescription']?></td>
          </tr>
          <tr>
            <td height="10"></td>
          </tr>
          <tr>
            <td bgcolor="#E0D2DF" class="blacktxt">General Details</td>
          </tr>
          <tr>
            <td><table width="100%"  border="0" cellspacing="0" cellpadding="0">
              <tr class="leftlinks">
                <td width="30%">Sold By </td>
                <td width="70%"><? 
            
                                $sql_mem = "SELECT name FROM users WHERE email='".$qr['ad_username']."'";
                                $row_mem = mysql_query($sql_mem) or die(mysql_error());
                                $qr_mem = mysql_fetch_array($row_mem);
                                
                                echo($qr_mem['name']);
                            ?>
                </td>
              </tr>
              <tr class="leftlinks">
                <td>Email </td>
                <td><a href="contact_seller.php?sid=<?=$_GET['sid']?>" class="leftlinks">Contact Seller</a> </td>
              </tr>
            </table></td>
          </tr>
          <tr>
            <td height="10"></td>
          </tr>
          <tr>
            <td bgcolor="#E0D2DF" class="blacktxt">Ad Details </td>
          </tr>
          <tr>
            <td><table width="70%"  border="0" cellspacing="0" cellpadding="0">
              <tr class="leftlinks">
                <td width="30%">Ad Id </td>
                <td width="70%"><?=$qr['siteid']?></td>
              </tr>
              <tr class="leftlinks">
                <td>Ad Views </td>
                <td><?=$sitehits?></td>
              </tr>
              <tr class="leftlinks">
                <td>Ad Expires </td>
                <td class="blacktxt">
                  <? 
                    $expire_days = $qr['expire_days'];
                    echo $prev_date = date("d.m.Y",strtotime ("+$expire_days day",mktime(0,0,0,substr($qr['sitedate'],3,2),substr($qr['sitedate'],0,2),substr($qr['sitedate'],6,4))));
                ?>
                </td>
              </tr>
              <tr class="leftlinks">
                <td>Added</td>
                <td><?=$qr['sitedate']?></td>
              </tr>
              <tr class="leftlinks">
                <td>Country</td>
                <td><?=$qr['country']?></td>
              </tr>
              <tr class="leftlinks">
                <td>State</td>
                <td><?=$qr['state']?></td>
              </tr>
              <tr class="leftlinks">
                <td>City</td>
                <td><?=$qr['city']?></td>
              </tr>
              <tr class="leftlinks">
                <td>&nbsp;</td>
                <td>&nbsp;</td>
              </tr>
            </table></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
      <?
      if(isset($_SESSION['session_login'])){
      
        $sql = "SELECT * FROM favourites WHERE f_adid=".$_GET['sid']." AND femail = '".$_SESSION['session_login']."'";
        $result_fav = mysql_query($sql) or die(mysql_error());
        if(mysql_num_rows($result_fav) == 0){
      
      ?>
          <tr>
            <td class="blacktxt"><a href="ad_favorite.php?sid=<?=$_GET['sid']?>" class="blacktxt"><img src="images/bookmark.gif" width="20" height="20" border="0"> Add to Favorites </a></td>
          </tr>
    <?
        }else{
    
    ?>
          <tr>
            <td class="blacktxt"><a href="ad_favorite.php?sid=<?=$_GET['sid']?>&id=r" class="blacktxt"><img src="images/bookmark.gif" width="20" height="20" border="0"> Remove from Favorites </a></td>
          </tr>
    <?
        }
        
    }
    ?>
          
        </table></td>
        <td width="37%" valign="top"><table width="100%"  border="0" cellpadding="0" cellspacing="0" class="brd">
        <?
            $sql_img = "SELECT * FROM picture WHERE pictures_siteid=".$qr['siteid']." ORDER BY id DESC LIMIT 0,3";
            $row_img = mysql_query($sql_img) or die(mysql_error());
            //$qr_img = mysql_fetch_array($row_img);
            if(mysql_num_rows($row_img) == 0){
        ?>
          <tr>
            <td align="center" class="leftlinks"><br><br><br>No Images Available!<br><br><br></td>
          </tr>
          <tr>
            <td height="10"></td>
          </tr>
        
        <?
            }else{
                while($qr_img = mysql_fetch_array($row_img)){
                    if($qr_img['filename'] != "") {
        ?>
          <tr>
            <td align="center"><a href="ad_images/<? echo($qr_img['filename']);?>" target="_blank"><img src="ad_images/<? echo($qr_img['filename']);?>" width="100px" border="0"></a></td>
          </tr>
          <tr>
            <td height="10"></td>
          </tr>
        <? 
                    }
                }
            }
        
        ?>        
        </table></td>
      </tr>
      <tr>
        <td colspan="2">&nbsp;</td>
      </tr>
      <tr>
        <td colspan="2">&nbsp;</td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td align="center"><table width="98%"  border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="24%" align="center" valign="top"><a href="search.php?cid=<?=$qr['sitecatid']?>" class="leftlinks"><img src="images/icon_moreadsincat.gif" width="32" height="32" border="0" align="middle"> More ads in this Category</a> </td>
        <td width="24%" align="center"><a href="search.php?sid=<?=$_GET['sid']?>" class="leftlinks"><img src="images/icon_adsfromseller.gif" width="32" height="32" border="0" align="middle"> Ads from this seller</a> </td>
        <td width="27%" align="center"><a href="contact_seller.php?sid=<?=$_GET['sid']?>" class="leftlinks"><img src="images/icon_contactsalesperson.gif" width="32" height="32" border="0" align="middle"> Contact Seller</a></td>
        <td width="25%" align="center"><a href="tell_friend.php?sid=<?=$_GET['sid']?>" class="leftlinks"><img src="images/icon_tellafriend.gif" width="32" height="32" border="0" align="middle"> Tell a Friend</a> </td>
        </tr>
    </table></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td bgcolor="#E0D2DF"><? require("include/footer.php");?></td>
  </tr>
</table>
</body>
</html>
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: please help with this urgent problem on php code

Post by jaoudestudios »

This wont help your issue, but I feel it is a point I should make: there is no protection on your mysql queries from injection, not even the basic!

A thought for your credit system, if you are using the InnoDB engine then transactions might be a useful way to go.
Post Reply