eval()

zingbats

HI!

As I have some code (both HTML and PHP) stored in a database, I was told that I needed to eval() the code.

I have done and I have ended up with this:

<?php
//THIS PAGE IS index.php
    /* Connecting, selecting database */
    $link = mysql_connect("localhost", "username", "pwl")
        or die("Could not connect");
    mysql_select_db("tycooneden_com") or die("Could not select database");

$query = "SELECT * FROM HTML WHERE page = '$page'";
$result = mysql_query($query) or die("Query failed");
$foo=mysql_fetch_array($result);

/* Start the clan defining */

$page=$foo['page'];
$code=$foo['code'];

mysql_close($link);
?>

<? 
eval('?>'.$code);
?>

That is all well and good; but when I post a form to this page: I get header errors.

<?php
//THS PAGE is index.php?page=login_process
    $md5_pwl = md5("$form_password");
    /* Connecting, selecting database */
    $link = mysql_connect("localhost", "username", "password")
        or die("Could not connect");
    mysql_select_db("tycooneden_com") or die("Could not select database");

$query = "SELECT * FROM clan_members WHERE username = '$form_username' AND password = '$md5_pwl' AND clan = '$form_clan'";
$result = mysql_query($query) or die("Query failed");
$foo=mysql_fetch_array($result);

/* Start the clan defining */

$username=$foo['username'];
$clan=$foo['clan'];
$user_level=$foo['user_level'];
$user_password=$foo['user_password'];

$sql = mysql_query("SELECT * FROM phpbb_users WHERE username='$form_username' AND user_password='$md5_pwl'") or die("went wrong"); 
$login_check = mysql_num_rows($sql); 

mysql_close($link);
?>
<?
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
    foreach( $row AS $key => $val ); 
        $$key = stripslashes( $val );

}

?><? 
if ($form_clan == $clan && $user_level == 'admin') {
session_start();
   $form_clan = $_POST['form_clan'];
   session_register('form_clan');
   $_SESSION['form_clan'] = $form_clan;
   header("Location: [url]http://www.tycooneden.com/clan_user_admin/main.php[/url]"); 
} else { 
print "You have selected the wrong clan"; 
} 
?><?
} else {
print "User details incorrect";
}
?>

Any ideas?

Option

because this is an invalid header:

header("Location: <a href="http://www.tycooneden.com/clan_user_admin/main.php" target="_blank">[url]http://www.tycooneden.com/clan_user_admin/main.php[/url]</a>");

try...

header("Location: http://www.tycooneden.com/clan_user_admin/main.php");

or was it the forum parsing the URL...

If it was just the forum then make sure that there is absolutely nuthing output before you send the header. check after all ?> and before all <?

If you still cant solve it... do it in html

print"<html><head><link href=\"http://www.tycooneden.com/clan_user_admin/main.php\"></head></html>";

hope this helps 😛

Option