| codefreek |
07-03-2008 10:16 AM |
My News Script [No errors] - Just wont work!
The problem is that when i try to visit edit?=1 or addnews.php
it redirects me to index.php and it should only do that if i am not logged in which i am.. so what is the problem :S?
Index.php
PHP Code:
<?php
// Turn on error reporting and start the session
error_reporting(E_ALL);
session_start();
include('lib_class/db_class_connect.php');
$database_connection = new db_connect();
//Look for our logged status, if not found redirect the user
if($_SESSION['logged'] != 1)
{
//header("Location: users.php");
exit();
}
define('DEBUG', 1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
h1 {
font-size: 2em;
}
h2 {
margin-bottom: 1em;
font-size: 1.6em;
color: #FF9900;
font-weight: bold;
}
table, td {
border: none;
border-collapse: collapse;
}
</style>
<title>Codefreek's Page</title>
</head>
<body>
<h1>This is the main page!</h1>
<?php
if (isset($_GET['cat']))
{
$category = (int) $_GET['cat'];
$q = sprintf("SELECT des, rest FROM `news` WHERE valid = 1 AND cat_id = %d", $category);
$result = mysql_query($q);
if( ! $result)
{
if (defined('DEBUG'))
{
echo $q; // so we can verify the query was properly formatted. Not really necessary here, but useful when you
// you're using dyanmically created query strings (such as those using $_GET variables)
echo mysql_error(); // Useful for debugging, but for a live site this will give useful information to a potential hacker, just so you know.
}
else
{
echo "Category ID not found.";
}
}
else
{
while($row = mysql_fetch_assoc($result))
{
echo '<h2>'.$row['des'].'</h2>';
echo '<table><tr><th>NEWS:</th><td>'.$row['rest'].'</td></tr></table>';
}
}
// Add some whitespace
echo "<br /><br />";
}
// You had a second query on the 'news' table here, but it wasn't doing anything, so I just removed it?
// In addition you were checking $cat_result in your if statement, when $cat_result had yet to be assigned.
$q = "SELECT id, name FROM `cat`";
$result = mysql_query($q);
if( ! $result)
{
echo mysql_error();
}
else
{
while($row = mysql_fetch_assoc($result))
{
echo '<a href="index.php?cat='.$row['id'].'">'.$row['name'].'</a><br />';
}
}
echo '<br /><a href="logout.php">Logout</a>';
?>
</body>
</html>
ADD NEWS
PHP Code:
<?php
error_reporting(E_ALL & ~E_NOTICE);
include("login_config.php");
include("lib_class/db_class_connect.php");
$database_connection = new db_connect();
if(!isset($_POST['add_news']))
{
echo"
<form action='addnews.php' name='addnews' method='post'>
<table>
<tr>
<td>
Author
</td>
</tr>
<tr>
<td>
<input type='text' name='name'>
</td>
</tr>
<tr>
<td>
Title
</td>
</tr>
<tr>
<td>
<input type='text' name='des'>
</td>
</tr>
<tr>
<td>
News
</td>
</tr>
<tr>
<td>
<textarea cols='50' name='rest' rows='20'></textarea>
</td>
</tr>
<tr>
<td>
<input type='submit' name='add_news' value='submit news topic'>
</td>
</tr>
</table>
</form>";
}
if(isset($_POST['add_news']))
{
$name = mysql_real_escape_string(strip_tags($_POST['name']));
$des = mysql_real_escape_string($_POST['des']);
$rest = $_POST['rest'];
$tim = date("y.m.d");
$errors = array();
if(empty($name)) {
$errors[] = "Please enter your name";
}
if(empty($des)) {
$errors[] = "Enter a News topic title!";
}
if(empty($rest)) {
$errors[] = "Enter some News text please";
}
if(count($error) > 0) {
echo"<font size='3' color='CC0000'><strong>ERROR:</strong></font>";
foreach($errors as $error) {
echo $error;
}
} else {
$sql = "INSERT INTO news(id, name, des, rest, tim, valid) VALUES(NULL, '$name', '$des', '$rest', '$tim', '0')";
mysql_query($sql) or die(mysql_error());
echo"News successfully added to the database.";
}
}
?>
<a href="index.php"> home </a>
Login_config
PHP Code:
<?php
//i can include this on pages i want to be secure
session_start(); // Starts the session.
if ($_SESSION[‘logged’] != 1) { // There was no session found!
header("Location: users.php"); // Goes to login page.
exit(); // Stops the rest of the script.
}
echo "This is the main page!";
echo '</br>';
print "Welcome";
?>
Logout.php
PHP Code:
<?php
session_start();
session_unset(); // Destroys the session.
header("Location: users.php"); // Goes back to login.
?>
Edit.php
PHP Code:
<?php
error_reporting(E_ALL & ~E_NOTICE);
include('lib_class/db_class_connect.php');
include('login_config.php');
$database_connection = new db_connect();
$id = (int) $_REQUEST['id'];
if($id <= 0) header('Location: index.php');
if(isset($id) && !empty($id)) {
$sql = "SELECT * FROM `news` WHERE `id` = '".$id."'";
$query = mysql_query($sql) or die(mysql_error());
$news = mysql_fetch_array($query, MYSQL_ASSOC);
if(!isset($_POST['edit_news'])) {
echo '<form action="edit.php?id='.$id.'" name="edit" method="post">
<table>
<tr>
<td>
Author
</td>
</tr>
<tr>
<td>
<input type="text" name="name" value="'.$news['name'].'">
</td>
</tr>
<tr>
<td>
Title
</td>
</tr>
<tr>
<td>
<input type="text" name="des" value="'.$news['des'].'">
</td>
</tr>
<tr>
<td>
News
</td>
</tr>
<tr>
<td>
<textarea cols="50" name="rest" rows="20">'.$news['rest'].'</textarea>
</td>
</tr>
<tr>
<td>
<input type="submit" name="edit_news" value="edit news">
</td>
</tr>
</table>
</form>';
} else {
$name = mysql_real_escape_string(strip_tags($_POST['name']));
$des = mysql_real_escape_string($_POST['des']);
$rest = mysql_real_escape_string($_POST['rest']);
$errors = array();
if(empty($name)) {
$errors[] = "Please enter your name";
}
if(empty($des)) {
$errors[] = "Enter a News topic title!";
}
if(empty($rest)) {
$errors[] = "Enter some News text please";
}
if(count($error) > 0) {
echo"<font size='3' color='CC0000'><strong>ERROR:</strong></font>";
foreach($errors as $error) {
echo $error;
}
} else {
$sql = "UPDATE `news` SET `name` = '".$name."', `des` = '".$des."', `rest` = '".$rest."' WHERE `id` = '".$id."'";
mysql_query($sql) or die(mysql_error());
echo 'News successfully updated.';
}
}
}
?>
users.php
PHP Code:
<?php
session_start(); // Starts the session.
error_reporting(E_ALL & ~E_NOTICE);
include("lib_class/db_class_connect.php");
$database_connection = new db_connect();
if ($_SESSION['logged'] == 1) { // User is already logged in.
header("Location: index.php"); // Goes to main page.
exit(); // Stops the rest of the script.
} else {
if ( ! isset($username))
{
$username = '';
}
if ( ! isset($password))
{
$password = '';
}
$szForm = <<<FORM
<form action="users.php" name="login" method="post">
<table>
<tr><td>username</td>
<td><input type="text" name="username" value="{$username}" /></td>
</tr>
<tr><td>password</td>
<td><input type="password" name="password" value="{$password}" /></td>
</tr>
<tr><td colspan="2"><input type='submit' name='login' value='login' /></td></tr>
</table>
</form>
FORM;
echo $szForm;
$password = mysql_real_escape_string($_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
$q = mysql_query("SELECT * FROM users WHERE username = '$username'
AND password = '$password'") or die (mysql_error()); // mySQL query
$r = mysql_num_rows($q); // Checks to see if anything is in the db.
if ($r == 1) { // There is something in the db. The username/password match up.
$_SESSION['logged'] = 1; // Sets the session.
header("Location: index.php"); // Goes to main page.
exit(); // Stops the rest of the script.
} else { // Invalid username/password.
exit("Incorrect username/password!"); // Stops the script with an error message.
}
}
?>
in a folder->< lib_class>" db_class_connect.php"
PHP Code:
<?php
error_reporting(E_ALL & ~E_NOTICE);
class db_connect
{
private $dbn;
private $user;
private $pass;
private $db_selected;
private $dbtestcon;
public function db_connect()
{
$this->specs('localhost', 'orb', '123123');
$this->showConnectionDetails('zone');
}
public function specs ($dbn, $user, $pass)
{
$this->dbn = $dbn;
$this->user = $user;
$this->pass = $pass;
$this->dbtestcon = mysql_connect($dbn, $user, $pass);
if ( ! $this->dbtestcon)
{
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
}
// Now this function will work
function showConnectionDetails($db_selected)
{
$this->db_selected = $db_selected;
$db_selected = mysql_select_db($this->db_selected, $this->dbtestcon) or die(mysql_error());
if (!$db_selected)
{
die ('Can\'t use workspace : ' . mysql_error());
}
echo 'db_selected';
}
}
?>
|
