Problems with my CMS! Please Help

davygee

My hosting provider has upgraded their server from PHP 4 to 5 and now my CMS doesn't work. I get the following error when running a check content script from a submit, see below:

Parse error: syntax error, unexpected T_PUBLIC, expecting ']' in /home/fhlinux199/s/????????.com/user/htdocs/scripts/checkContent.php on line 94

Line 94 is the following:

$public = $_POST[public];

I understand that public is now a reserved word, but when I try and change the variable name to the new name that I have replace public with (spublic), it doesn't work and shows the following:

Found
The document has moved here.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

I also see the same error message above if I comment out the entire line.

Please help?

I've included the full script below:

<?php

include("functions.inc.php");

$chooser = $_POST[subter];
unset($_POST[subter]);
unset($subter);

unset($_POST[Submit]);
#unset($Submit);

unset($_POST[submit]);
#unset($submit);


#--------------------------------------------------------------------------------------
# this section makes the brand or product visible to the public.
#--------------------------------------------------------------------------------------
if($_GET[type]=='frontend'){
	 makePublic($brandID);
}  // end if($_GET[type]=='frontend')

if($email){
	mailCheck($email);
}//end email chack


function dbit($query){
	if( ($dbhandle     = opendb()) != -1  ){
		if(querydb($query, $dbhandle)){
			$ret = true;
		}
		$ret = true;
	}else{
		$ret = false;
	}
	return $ret;
} //end funtion



// this switch uses the function defined in function.inc.php line 118
switch($chooser) {
	case "deletecar": // Delete a car.
		$query = buildQuery($_POST, "DELETE", "smckay_showroom");
		#echo "$query";
		if( dbit($query)==FALSE ){
			sendHeader("../cms/index.php");
		}else{
			sendHeader("../cms/viewcars.php");
		}
	break;
	case "insertcar": // Insert a car.
		$query = buildQuery($_POST, "INSERT", "smckay_showroom");
		#echo "$query";
		if( dbit($query)==FALSE ){
			sendHeader("../cms/index.php");
		}else{
			sendHeader("../cms/viewcars.php");
		}
	break;
	case "updatecars": // Updating the brand.
		$query = buildQuery($_POST, "UPDATE", "smckay_showroom");
		if( dbit($query)==FALSE ){
			sendHeader("../cms/update.php?msg=sorry");
		}else{
			sendHeader("../cms/edit_car.php?idNum=$_POST[uniqueID]");
		}

break;
case "insertnews":
#echo "here -------------";
	$query = buildQuery($_POST, "INSERT", "smckay_news");
	if( dbit($query)==FALSE ){
		sendHeader("../cms/alter_products.php?msg=sorry");
	}else{
		sendHeader("../cms/viewnews.php");
	}
break;
case "updatenews": // Updating the brand.
#echo "here -------------";
	$query = buildQuery($_POST, "UPDATE", "smckay_news");
	if( dbit($query)==FALSE ){
		sendHeader("../cms/update.php?msg=sorry");
	}else{
		sendHeader("../cms/edit_news.php?uniqueID=$_POST[uniqueID]");
	}

break;
}

function makePublic($brandID){
$tracking = $_POST[tracking];
$public = $_POST[public];    // line 94
	if($public=="0"){  $public = 1;   } else {	 $public = 0; }  //reverse the public status.
		$dbhandle = opendb();
		$query = "UPDATE supplier SET public = '$public' WHERE brandID = '$brandID'";
		$result  = querydb($query,$dbhandle ); // update the database.
		if($result){
			$rowcheck = checkRows($dbhandle ); //make sure we have a result
			if($rowcheck>0){
				#sendHeader("../cms/cms.php?brand=$brand");
			}else{
				#sendHeader("../cms/cms.php?product=$product");
			} // end if ($brand)
		}else{
			#echo "$result no result\n";
		}// end if ($result)
	sendHeader("../cms/cms.php");
}// end makePublic function
?>

laserlight

You probably just need to change:

$public = $_POST[public];

to:

$public = $_POST['public'];

davygee

thanks laserlight, but that doesn't work...it comes up with the error at the bottom of my post after doing this.

laserlight

thanks laserlight, but that doesn't work...it comes up with the error at the bottom of my post after doing this.

I am guessing that is a problem with sendHeader() instead. Comment your external function calls out first and see what happens.

For one thing, what's this fragment of code about?

$chooser = $_POST[subter];
unset($_POST[subter]);
unset($subter);

unset($_POST[Submit]);
#unset($Submit);

unset($_POST[submit]);
#unset($submit);

You should have register_globals set to Off, then just use $POST['subter'] after checking that it exists with [man]isset[/man] or [man]empty[/man]. Notice that since the array indices are strings, they should be quoted in this context (i.e., $POST[subter] is wrong).

davygee

I commented out the call to the include file and it still comes up with the:

Found
The document has moved here.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

I will include the code from the include file as well below:

<?php
include("include.inc.php");
/*****************************************************/
/*         database function declarations            */
/*****************************************************/

// open database
function opendb(){
	$dblocalhandle=@mysql_connect(DBSERVER,DBUSER,DBPASSWD);
	if(!$dblocalhandle){
		echo "my handler ! Could not connect to database(1)!";
		return (-1);
	}

$result=@mysql_select_db(DBNAME, $dblocalhandle);
if(!$result){
	#echo "Could not connect to database(2)";
	return(-1);
}
return ($dblocalhandle);
}

// query database
function querydb($query){
	$result = mysql_query($query);
	if(!$result){
		$msg = "querydb failed. QUERY =\"". $query ."\".\n";
		WriteDebug($msg);
	}
	return ($result);
}

function fetchRow($result){
	$row = @mysql_fetch_assoc($result);
	if(!$row){
		$row=-1;
		return $row;
	}else{
		return $row;
	}
}

function checkRows($result){
	$rowcount = @mysql_affected_rows($result);
	return $rowcount;
}

function countRows($result){
	$rowCount = @mysql_num_rows($result);
	return $rowCount;
}

function countFields($row){
	$fieldcount = @mysql_num_fields($row);
	return $fieldcount;
}

function fieldnames($result, $fieldCount){
	$names = array();
	for($i=0;$i < $fieldCount;$i++) {
		$names[$i] =mysql_field_name($result, $i);
	}
return $names;
}

function fetchrownames($row){
	$name = mysql_field_name($row,0);
	return $names;
}
// create a temporary table for complex queries
/*
	function createtemptable($name){
		CREATE TEMPORARY TABLE $name;
	}

// get rid for the table
function droptemptable($name) {
	CREATE TEMPORARY TABLE $name;
}
*/
//close database
function closedb($dblocalhandle){
	mysql_close($dblocalhandle);
}

/* cookie functions */
function checkCookie($cookieName){
	if (!isset($_COOKIE[$cookieName])) {
		return (false);
	}else {
		return (true);
	}
}

function getCookieValue($cookieName){
	if (!isset($_COOKIE[$cookieName])) {
		return (false);
	}else {
	$cookie_info = explode("-", $_COOKIE[$cookieName]);  //Extract the Data
		$style = $cookie_info[0];
		setcookie ($cookieName, $style,  time() + 31536000000);
		$val = $cookie_info[0];
		return $val;
	}
	/*
	if ( !isset($_COOKIE[$cookieName]) ) {
		$val ="false";
	}else {
		$cookie_info = explode("-", $_COOKIE[$cookieName]);  //Extract the Data
		$style = $cookie_info[0];
		setcookie ($cookieName, $value,  time() + 31536000000);
		$val = $cookie_info[0];
	}
	return $val;
	*/
}

//THIS builds an query from $_GET or $_POST values
// called from checkContent.
function buildQuery($getArray, $sqlType, $table){
		#echo "sql TYPE = ".$sqlType;
		#build the first part of the query.

	# Build the second part of the query.
switch($sqlType){
	case "UPDATE":
		$query = "UPDATE $table SET ";
		while (list ($key, $value) = each($getArray)) {
			$query .=  " $key = '$value',";
		}
		$query = ereg_replace(",$","",$query);
		if(isset($getArray[itemID])){
			$query .= " WHERE itemID = '$getArray[itemID]'";
		}elseif(isset($getArray[uniqueID])){
			$query .= " WHERE uniqueID = '$getArray[uniqueID]'";
		}elseif(isset($getArray[uniqueID])){
			$query .= " WHERE uniqueID = '$getArray[uniqueID]'";
		#echo "query = ".$query;
		}
	break;

   case "INSERT":
   				$query = "INSERT INTO $table( ";
				while (list ($key, $value) = each($getArray)){ #build the query through post variables keys.
					$query .=  "$key, ";
				}
				$query = trim($query);  # tidy the query and remove the trailing comma
				$query = ereg_replace(",$","",$query);
				$query .= ") VALUES (" ;
				reset($getArray);
				while (list ($key, $value) = each($getArray)) {
				# again build the query through post variables values after the $_GET was reset.
					$query .=  "'$value', ";
				}
				$query = trim($query); # again tidy the query and remove the trailing comma
				$query = ereg_replace(",$","",$query);
				$query .= ")";
			break;

	case "DELETE":
	$query = "DELETE FROM $table WHERE uniqueID = '$getArray[idNum]'";
		$query = trim($query);  # tidy the query and remove the trailing comma
		$query = ereg_replace(",$","",$query);
		reset($getArray);
		#echo "query = ".$query;
	break;
}
	return $query;
} // end buildQuery funtion


function placeCookie($cookieName,$value,$exp){
	$cookie_info = explode("-", $_COOKIE[$cookieName]);  //Extract the Data
	$style = $cookie_info[0];
	$margin = time() + 31536000000;
	if (!isset($_COOKIE[$cookieName])) {
		setcookie ($cookieName, $value,  $margin);
	}else {
		setcookie ($cookieName, $value,  time() + 31536000000);
	}
	return true;
}
	//from the php documentation
	//page 886 of the pdf

function open_sess($save_path, $session_name) {
	global $sess_save_path, $sess_session_name;
	$sess_save_path = $save_path;
	$sess_session_name = $session_name;
	return(true);
}

function close_sess() {
	return(true);
}

function read_sess($id){
	global $sess_save_path, $sess_session_name;
	$sess_file = "$sess_save_path/sess_$id";
	if ($fp = @fopen($sess_file, "r")) {
		$sess_data = fread($fp, filesize($sess_file));
			return($sess_data);
		} else {
		return("");
	}
}

function write_sess($id, $sess_data){
	global $sess_save_path, $sess_session_name;
	$sess_file = "$sess_save_path/sess_$id";
	if ($fp = @fopen($sess_file, "w")) {
		return(fwrite($fp, $sess_data));
	} else {
		return(false);
	}
}

function destroy_sess($id) {
	global $sess_save_path, $sess_session_name;
	$sess_file = "$sess_save_path/sess_$id";
	return(@unlink($sess_file));
}

	/*********************************************
	* WARNING - You will need to implement some *
	* sort of garbage collection routine here.  *
	*********************************************/

function gc_sess($maxlifetime) {
	return true;
}
#session_set_save_handler ("open", "close", "read", "write", "destroy", "gc");
#session_start(); // proceed to use sessions normally

function checkUser($username, $password){

$dbhandle = opendb();
$query = "SELECT username, password, status FROM smckay_login  WHERE username = '$username' AND password='$password'";
$result = querydb($query);
$max =    countRows($result);

if($max != 1){
	return FALSE;
}else{
	$row = fetchrow($result);
	#$surl = "../index.php";
	session_start();
	$_SESSION['user'] = $username;
	$_SESSION['authorised'] = "level$row[status]";
	#echo "-----------".$_SESSION['authorised'] ;

return TRUE;
}
}

function insertUser($user, $pass, $email){
	$dbhandle = opendb();
	$query = "SELECT * FROM smckay_login WHERE username='$user'";
	$result = querydb($query, $dbhandle);
	$max   = countRows($result);
	if($max>0){
		return FALSE;
	}else{
		$query = "INSERT INTO smckay_login (username, password, email) VALUES ('$user', '$pass', '$email')";
		$result = querydb($query, $dbhandle);
		$count = checkRows($result);
		return TRUE;
	}
}
	// login functions from here
function init(){
    global $logged_user_id, $row;
    $logged_user_id = @$_SESSION["logged_user_id"];
}

//With this function, the script logs the user in or gives an error when one occurs
function log_in(){
global $message, $logged_user_id;
	if(!$_POST["username"]){
		$message = "You didn't enter your username";
	}elseif(!$_POST["password"]){
		$message = "You didn't enter your password";
	}
	if($message){
		return;
	}
	// connection to the users database
	$query = "SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".md5($_POST['password'])."'";
	$dbhandle = opendb();
	$result = querydb($query);
	$max = countrows($result);
	$row = fetchrow($result);
	if(!@$row["userID"]){
		$message = "Failed to log in! Your username and/or password is incorrect";
	}else{
		$logged_user_id = $row["user_id"];
		$_SESSION["logged_user_id"] = $row["user_id"];
		$message = "Welcome $logged_user_id !";
	}
	return;
}

// debug info to log
function WriteDebug($msg){
	//error_log( $msg, 3 , MAILADR);
	@error_log($msg,3,"error.log");
}

//send HTTP-Header
function SendHeader($url){
	header("Status: 302 Found");
	header("Location: $url");
	header("Expires: Mon, 01 Jan 05 00:00:00 GMT");
	header("Pragma: no-cache");
	header("Cache-Control: no-cache, must-revalidate");
}

function UnauthorisedHeader($url){
	header("HTTP/1.0  401  Unauthorized");
	header("Location: $url");
	header("Expires: Mon, 01 Jan 05 00:00:00 GMT");
	header("Pragma: no-cache");
	header("Cache-Control: no-cache, must-revalidate");
}

function ConvertDate($datestr){
  if(strpos($datestr,"-")>0){
    $newsplit = explode("-", $datestr);
    $newdate=strftime("%d.%m.%Y",mktime(0,0,0,$newsplit[1],$newsplit[2],$newsplit[0]));
  }else{
    $newsplit = explode(".", $datestr);
    $newdate=strftime("%Y-%m-%d",mktime(0,0,0,$newsplit[1],$newsplit[0],$newsplit[2]));
  }
  return $newdate;
}
//This function logs out the currently logged in user
/*
global $message, $logged_user_id;
$logged_user_id = "";
unset($_SESSION["logged_user_id"]);
*/
?>

this include file also calls another include file which contains the credentials to access the database and that is all.

I'm not that good at PHP and have only managed to build up on top of previous coding to do what I need, but obviously there must be huge changes in the code from Version 4 to 5 and this is perplexing me.

Any help would be great, or even a link to a simple PHP CMS that operates the same way but works on version 5 would be great.

laserlight

Okay, I suspect the problem lies with the location header. Read the PHP manual entry on [man]header/man and use that to make your URL an absolute URL. At the moment you are using relative URLs like "../cms/index.php".

davygee

Cheers Laserlight, it was the sendheader that was the problem. Thanks.

I know have a problem with my fileupload as part of the CMS. This now doesn't update the records. Can you help with this?

The upload.php script is as follows:

<?php
include("cmsheader.inc.php");
require("../scripts/fileupload-class.php");
$max_fileSize =   360000; //Kb
$max_fileWidth=  430;
$max_fileHeight= 400;

$_GET['uniqueID'];

#--------------------------------#
# Variables
#--------------------------------#

// The path to the directory where you want the 
// uploaded files to be saved. This MUST end with a
// trailing slash unless you use $path = ""; to 
// upload to the current directory. Whatever directory
// you choose, please chmod 777 that directory.

#$path = "uploads/";
$path = "../images/";

// The name of the file field in your form.

$upload_file_name = "userfile";

// ACCEPT mode - if you only want to accept
// a certain type of file.
// possible file types that PHP recognizes includes:
//
// OPTIONS INCLUDE:
//  text/plain
//  image/gif
//  image/jpeg
//  image/png

// Accept ONLY gifs
#$acceptable_file_types = "image/gifs";

// Accept GIF and JPEG files
$acceptable_file_types = "image/gif|image/jpeg|image/pjpeg";

// Accept ALL files
#$acceptable_file_types = "";

// If no extension is supplied, and the browser or PHP
// can not figure out what type of file it is, you can
// add a default extension - like ".jpg" or ".txt"

$default_extension = "";

// MODE: if your are attempting to upload
// a file with the same name as another file in the
// $path directory
//
// OPTIONS:
//   1 = overwrite mode
//   2 = create new with incremental extention
//   3 = do nothing if exists, highest protection
	$mode = 1;
#--------------------------------#
# PHP
#--------------------------------#
	if (isset($_REQUEST['submitted'])) {
		// Create a new instance of the class
		$my_uploader = new uploader($_POST['language']); // for error messages in french, try: uploader('fr');

	// OPTIONAL: set the max filesize of uploadable files in bytes
	$my_uploader->max_filesize($max_fileSize);

	// OPTIONAL: if you're uploading images, you can set the max pixel dimensions
	$my_uploader->max_image_size($max_fileWidth, $max_fileHeight); // max_image_size($width, $height)

	// UPLOAD the file
	if ($my_uploader->upload($upload_file_name, $acceptable_file_types, $default_extension)) {
		$my_uploader->save_file($path, $mode);
	}

	if ($my_uploader->error) {
		echo $my_uploader->error . "<br/><br/>\n";
	} else {
		// do the database stuff here........
		$image = $my_uploader->file['name'];
		switch ($arg) {
			case "thumb":
				$query = "UPDATE smckay_showroom SET thumbnailURL='$image' WHERE uniqueID='$_GET[uniqueID]'";
			break;
			case "one":
				$query = "UPDATE smckay_showroom SET image01URL='$image' WHERE uniqueID='$_GET[uniqueID]'";
			break;
			case "two":
				$query = "UPDATE smckay_showroom SET image02URL='$image' WHERE uniqueID='$_GET[uniqueID]'";
			break;
			case "three":
				$query = "UPDATE smckay_showroom SET image03URL='$image' WHERE uniqueID='$_GET[uniqueID]'";
			break;
			case "four":
				$query = "UPDATE smckay_showroom SET image04URL='$image' WHERE uniqueID='$_GET[uniqueID]'";
			break;
		}


		if( ($dbhandle     = opendb() ) != -1  ){
			$result           = querydb($query, $dbhandle);
		}else{
			echo "there was an error, sorry for the delay".NL;
			exit;
		}


		if(stristr($my_uploader->file['type'], "image")) {
			echo "<img src=\"" . $path . $my_uploader->file['name'] . "\" border=\"0\" alt=\"\"><br>Image= ". $image . "UniqueID= ". $_GET[uniqueID];
		} else {
			$fp = fopen($path . $my_uploader->file['name'], "r");
			while(!feof($fp)) {
				$line = fgets($fp, 255);
				echo $line;
			}
			if ($fp) { fclose($fp); }
		}
	}
}else{
#--------------------------------#
# HTML FORM
#--------------------------------#
# the form must be aware of various permutations.
# 1 brand and product uploads.
?>
 <form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
	<input type="hidden" name="submitted" value="true">
	<input type="hidden" name="uniqueID" value="<?=$_GET[uniqueID]?>">
	<input type="hidden" name="arg" value="<?=$_GET[arg]?>">
		Upload this file:<br> The max file dimensions are (<?=$max_fileWidth?> , <?=$max_fileHeight?>) pixels<br/>
		The Maximum file uploadable filesize is <?=$max_fileSize?> KiloBytes (kb).<br/>
		<input name="<?= $upload_file_name; ?>" type="file" class="inputclass">
		<br><br>
		<input type="submit" value="Upload File" class="inputclass">
	</form>
    UniqueID=<?=$_GET[uniqueID]?><br />

<?php
	if (isset($acceptable_file_types) && trim($acceptable_file_types)) {
		print("This form only accepts <b>" . str_replace("|", " or ", $acceptable_file_types) . "</b> files\n");
	}
}
?>
<br/><br />
<a href="edit_car.php?idNum=<?=$_GET[uniqueID]?>">edit cars page</a>
<?
include("cmsfooter.inc.php");
?>

It pulls in the UniqueID initially, but when you submit, it used to update the database as well as upload the file. What happens now is when you submit a file to be uploaded, it does upload the file, but doesn't update the database and loses the UniqueID.

I'm sure this is simple again, but can't work it out at all.

Please help.