[RESOLVED] Script not executing, and skipping to the home page.

ShadeSlayer

I have some code here for editing content on a page. Some of the stuff on this page just don't work. No errors displayed, no nothing. When you press on the submit button for these, instead of executing, it goes to the main page (bottom of script).

The comments in this explain what works, what doesn't work, and some other things. I can't figure this out at all.

admin.manage.php

<?php
ob_start("ob_gzhandler");
/* Readerboard Management File
 * Script by Alex Crooks
 * Copyright 2009, protected under Creative Commons Licence
 */
include("config.php");
$functionset = "admin";

if($_GET['page'] == "content") // Script displays content fine, add + edit page don't work.
{
$pagetitle = "Manage Content";
$output = "This page is for managing your base content. You may add, edit, or delete them. Choose an appropriate graphic that corresponds to what you'd like to do.<br /><br />\n"
         ."<table width=\"100%\" border=\"1\" bgcolor=\"#ffffff\">\n"
         ."<tr align=\"center\">\n"
         ."<td><b>ID</b></td>\n"
         ."<td><b>Title</b></td>\n"
         ."<td style=\"width: 30px;\"><b>Edit</b></td>\n"
         ."<td style=\"width: 30px;\"><b>Delete</b></td>\n"
         ."</tr>\n";

$sql = "SELECT * FROM ".TABLE_CONTENT." ORDER BY ID ASC";
 if($exe = mysql_query($sql))
 {
  while($row = mysql_fetch_array($exe))
  {
  $row['editlink'] = "<a href=\"".$_SERVER['PHP_SELF']."?page=content&action=edit&wid=".$row['ID']."\"><img style=\"width: 25px; height: 25px;\" src=\"edit.png\" /></a>";
  $row['deletelink'] = "<a href=\"".$_SERVER['PHP_SELF']."?page=content&action=delete&wid=".$row['ID']."\"><img style=\"width: 25px; height: 25px;\" src=\"delete.png\" /></a>";
  $output .= "<tr>\n"
            ."<td>".$row['ID']."</td>\n"
            ."<td>".stripslashes($row['title'])."</td>\n"
            ."<td>".$row['editlink']."</td>\n"
            ."<td>".$row['deletelink']."</td>\n"
            ."</tr>\n";
  }
 }
$output .= "</table><br /><br />\n"
          ."<a href=\"".$_SERVER['PHP_SELF']."?page=content&action=add\"><img style=\"width: 25px; height: 25px;\" src=\"add.png\" /> Add New</a>\n";

 if($_GET['action'] == "add") // Script doesn't execute, Submit button sends you to the main page.
 {
 $output = "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
          ."<b>Title:</b> <input type=\"text\" name=\"title\" value=\"\" /><br />\n"
          ."<b>Content:</b><textarea style=\"width: 100%; height: 100px;\" name=\"body\" value=\"\"></textarea><br /><br />\n"
 		  ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
          ."<input type=\"submit\" />\n"
		  ."</form>\n";
  if($_POST['do'] == "process") // Gets skipped
  {
  $sql = "INSERT INTO ".TABLE_CONTENT." (title, body) VALUES ('".addslashes($_POST['title'])."', '".addslashes($_POST['body'])."')";
   if($exe = mysql_query($sql))
   {
   $output = "Content item successfully added.\n";
   }
  }
 }
 if($_GET['action'] == "edit") // Script doesn't execute, Submit button sends you to the main page.
 {
 $sql = "SELECT * FROM ".TABLE_CONTENT." WHERE ID = '".$_GET['wid']."'";
 $row = mysql_fetch_array(mysql_query($sql));
 $output = "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
          ."<b>Title:</b> <input type=\"text\" name=\"title\" value=\"".stripslashes($row['title'])."\" /><br />\n"
          ."<b>Content:</b><textarea style=\"width: 100%; height: 100px;\" name=\"body\" value=\"\">".stripslashes($row['body'])."</textarea><br /><br />\n"
		  ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
          ."<input type=\"submit\" />\n"
		  ."</form>\n";
  if($_POST['do'] == "process") // Gets skipped
  {
  $sql = "UPDATE ".TABLE_CONTENT." SET title = '".addslashes($_POST['title'])."', body = '".addslashes($_POST['body'])."' WHERE ID = '".$_GET['wid']."'";
   if($exe = mysql_query($sql))
   {
   $output = "Content item #".$_GET['wid']." successfully updated.\n";
   }
  }
 }
 if($_GET['action'] == "delete") // Works
 {
 $sql = "DELETE FROM ".TABLE_CONTENT." WHERE ID = '".$_GET['wid']."'";
  if($exe = mysql_query($sql))
  {
  $output = "Content item #".$_GET['wid']." successfully removed.\n";
  }
 }
}

Look for the next post for the other half, apparently this post is too long.

ShadeSlayer

Post 2/2

if($_GET['page'] == "messages") // Displaying of content works.. adding and editing doesnt
{
$pagetitle = "Manage Messages";
$output = "This page is for managing your messages. You may add, edit, or delete them. Choose an appropriate graphic that corresponds to what you'd like to do.\n"
         ."<table width=\"100&#37;\" border=\"1\" bgcolor=\"#ffffff\">\n"
         ."<tr align=\"center\">\n"
         ."<td><b>ID</b></td>\n"
         ."<td><b>Name</b></td>\n"
         ."<td style=\"width: 30px;\"><b>Edit</b></td>\n"
         ."<td style=\"width: 30px;\"><b>Delete</b></td>\n"
         ."</tr>\n";

$sql = "SELECT * FROM ".TABLE_MESSAGES." ORDER BY ID ASC";
 if($exe = mysql_query($sql))
 {
  while($row = mysql_fetch_array($exe))
  {
  $row['editlink'] = "<a href=\"".$_SERVER['PHP_SELF']."?page=messages&action=edit&wid=".$row['ID']."\"><img style=\"width: 25px; height: 25px;\" src=\"edit.png\" /></a>";
  $row['deletelink'] = "<a href=\"".$_SERVER['PHP_SELF']."?page=messages&action=delete&wid=".$row['ID']."\"><img style=\"width: 25px; height: 25px;\" src=\"delete.png\" /></a>";
  $output .= "<tr>\n"
            ."<td>".$row['ID']."</td>\n"
            ."<td>".stripslashes($row['name'])."</td>\n"
            ."<td>".$row['editlink']."</td>\n"
            ."<td>".$row['deletelink']."</td>\n"
            ."</tr>\n";
  }
 }
$output .= "</table><br /><br />\n"
          ."<a href=\"".$_SERVER['PHP_SELF']."?page=messages&action=add\"><img style=\"width: 25px; height: 25px;\" src=\"add.png\" /> Add New</a>\n";

 if($_GET['action'] == "add")  // Script doesn't execute, Submit button sends you to the main page.
 {
 $output = "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
          ."<b>Name:</b> <input type=\"text\" name=\"name\" value=\"\" />\n"
 		  ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
          ."<input type=\"submit\" />\n"
		  ."</form>";
  if($_POST['do'] == "process") // Gets Skipped
  {
  $sql = "INSERT INTO ".TABLE_MESSAGES." (name) VALUES ('".addslashes($_POST['name'])."')";
   if($exe = mysql_query($sql))
   {
   $output = $_POST['name']." successfully added to the messages.\n";
   }
  }
 }
 if($_GET['action'] == "edit")  // Script doesn't execute, Submit button sends you to the main page.
 {
 $sql = "SELECT * FROM ".TABLE_MESSAGES." WHERE ID = '".$_GET['wid']."'";
 $row = mysql_fetch_array(mysql_query($sql));
 $output = "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
          ."<b>Name:</b> <input type=\"text\" name=\"name\" value=\"".stripslashes($row['name'])."\" />\n"
		  ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
          ."<input type=\"submit\" />\n"
		  ."</form>\n";
  if($_POST['do'] == "process") // Gets skipped
  {
  $sql = "UPDATE ".TABLE_MESSAGES." SET name = '".addslashes($_POST['name'])."' WHERE ID = '".$_GET['wid']."'";
   if($exe = mysql_query($sql))
   {
   $output = $_POST['name']." successfully updated.\n";
   }
  }
 }
 if($_GET['action'] == "delete") // Works.
 {
 $sql = "DELETE FROM ".TABLE_MESSAGES." WHERE ID = '".$_GET['wid']."'";
  if($exe = mysql_query($sql))
  {
  $output = $_POST['name']." successfully removed from the messages.\n";
  }
 }
}
if($_GET['page'] == "status") // Script doesn't execute, Submit button sends you to the main page. Radio buttons don't display what is selected.
{
$pagetitle = "Manage Status";
$sql = "SELECT ID, status FROM ".TABLE_SETTINGS." WHERE ID = '1'";
$row = mysql_fetch_array(mysql_query($sql));
$row['status'] = $s;
$output =  "This page is for managing the readerboard status.<br /><br />\n"
          ."<b>Readerboard Status:</b><br />\n"
          ."<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
		  ."<input type=\"radio\" name=\"stat\" value=\"1\" ";
		  if($s == "1")
		  {
$output .= "selected=\"selected\"";
          }
$output .= "/> Enabled\n"
		  ."<input type=\"radio\" name=\"stat\" value=\"0\" ";
		  if($s == "0")
		  {
$output .= "selected=\"selected\"";
          }
$output .= "/> Disabled \n"
		  ."<input type=\"hidden\" name=\"do\" value=\"process\" /><br /><br />\n"
          ."<input type=\"submit\" />\n"
		  ."</form>\n";
 if($_POST['do'] == "process") // Gets skipped
 {
 $sql = "UPDATE ".TABLE_SETTINGS." SET status = '".$_POST['stat']."'";
  if($exe = mysql_query($sql))
  {
  $output = "Query Successful.\n";
  }
 }
}
if($_GET['page'] == "stylesheet") // Script doesn't execute, Submit button sends you to the main page.
{
$pagetitle = "Manage Stylesheet";
$output = "This page is for managing your stylesheet and banner. Don't edit the stylesheet unless you are experienced with the code.\n";
$sql = "SELECT stylesheet FROM ".TABLE_SETTINGS;
$row = mysql_fetch_array(mysql_query($sql));

$output  .= "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
         ."<textarea style=\"width: 90%; height: 200px;\" name=\"stylesheet\" value=\"\">".$row['stylesheet']."</textarea><br /><br />\n"
         ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
		 ."<input type=\"submit\" />\n";
 if($_POST['do'] == "process") // Gets skipped
 {
 $sql = "UPDATE ".TABLE_SETTINGS." SET stylesheet = '".$_POST['stylesheet']."'";
  if($exe = mysql_query($sql))
  {
  $output = "Stylesheet successfully updated.\n";
  }
 }
}
if(($_GET['page'] == "") || (!$_GET['page'])) // When the Submit button is pressed, everything seems to come here...
{
$pagetitle = "Management Page";
$output = "Welcome to the Readerboard management page. Please choose an option to your left.<br /><br />\n"
         ."<b>Manage Content:</b><br />\n"
		 ."Allows you to add, edit, or delete any piece of main content. Also includes a format bar to edit various information (and include pictures).<br /><br />\n"
		 ."<b>Manage Messages:</b><br />\n"
		 ."Allows you to add, edit, or delete the messages at the office for people. Also includes a color bar to edit the color of the text.<br /><br />\n"
		 ."<b>Manage Status:</b><br />\n"
		 ."Allows you to edit whether or not the readerboard is live.<br /><br />\n"
		 ."<b>Manage Stylesheet:</b><br />\n"
		 ."Allows you to edit the banner and style of the readerboard.\n";
}

$pagecontents = $output;
include("layout.php");
?>

The URL of the script when I click submit (this example will be for page=content) is not what it should be.

The URL displays like this (which is also likely the reason it's displaying the main page):

admin.manage.php?title=fasdfgasg&body=sfasdfasd&do=process
Instead of:

admin.manage.php?page=content&do=process

Which must be a bit of a security flaw, but alas, even after adding a hidden tag at the top of the form instructing it to go to page=content, the script still doesn't work.

Also, changing the form action to $_SERVER['PHP_SELF'] doesn't help.

This problem has just completely mindboggled me. I can't even figure out what it might be.

Thanks a bunch!

CoderDan

i see in your comments a few times "sends you to the main page." - what do you mean by this?
"add + edit page don't work" - what happens when you click on them? main page? same page?

and also assuming that $pagecontents is echoed by layout.php

Your indentation is a little off, making it hard to follow (but that there is any at all is nice, and it's right for the most part)

I suspect your problem may be in your form action.
try $SERVER['PHP_SELF'].'?page=content' or similar (ie. actually add teh get string you expect to it)
alternativly you can use $REQUEST['page'] == 'content' type checks, (_REQUEST contains both post and get (and cookies), so you put the page var into a post variable just the same)

ShadeSlayer

if(($_GET['page'] == "") || (!$_GET['page'])) // When the Submit button is pressed, everything seems to come here... 
{ 
$pagetitle = "Management Page"; 
$output = "Welcome to the Readerboard management page. Please choose an option to your left.<br /><br />\n" 
         ."<b>Manage Content:</b><br />\n" 
         ."Allows you to add, edit, or delete any piece of main content. Also includes a format bar to edit various information (and include pictures).<br /><br />\n" 
         ."<b>Manage Messages:</b><br />\n" 
         ."Allows you to add, edit, or delete the messages at the office for people. Also includes a color bar to edit the color of the text.<br /><br />\n" 
         ."<b>Manage Status:</b><br />\n" 
         ."Allows you to edit whether or not the readerboard is live.<br /><br />\n" 
         ."<b>Manage Stylesheet:</b><br />\n" 
         ."Allows you to edit the banner and style of the readerboard.\n"; 
}

That's the main page. When you click submit on any of the scripts with the form, it redirects the page to there. Probably because the link lacks anything that says "page=".

The add and edit ones not working means that when clicking "submit query", instead of using the hidden input value and going to "do=process" as well as actually executing the query in the process page, it goes to the home page (mentioned above) and doesn't do what required to the database.

CoderDan

I'll quote myself here 🙂

CoderDan;10916278 wrote:
I suspect your problem may be in your form action.
try $_SERVER['PHP_SELF'].'?page=content'

lemme know if this fixes your problem?

ShadeSlayer

The only thing it changes is that when you click submit, it goes to:

admin.manage.php?page=content

and all of the:

admin.manage.php?title=asdfas&content=asfas&do=process

is now gone.

It still doesn't execute the script for some reason.

CoderDan

well, you want to pass all the get string values you want to be there as part of the form action.
so if you want more than just page=content, then add the others on.
you can even do:

$get_array = array();
foreach ( $_GET as $key => $value )
{
  $get_array[] = "$key=".urlencode( $value );
}
$form_action = $_SERVER['PHP_SELF'].'?'.join( '&', $get_array );

as a cheat way of passing all get values along.

ShadeSlayer

I don't really mind that the other parts of the links aren't there... but this is what should happen:

if($_GET['action'] == "add") // Script doesn't execute, Submit button sends you to the main page.
{
$output = "<form action=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
          ."<b>Title:</b> <input type=\"text\" name=\"title\" value=\"\" /><br />\n"
          ."<b>Content:</b><textarea style=\"width: 100%; height: 100px;\" name=\"body\" value=\"\"></textarea><br /><br />\n"
          ."<input type=\"hidden\" name=\"do\" value=\"process\" />\n"
          ."<input type=\"submit\" />\n"
          ."</form>\n";
  if($_POST['do'] == "process") // Gets skipped
  {
  $sql = "INSERT INTO ".TABLE_CONTENT." (title, body) VALUES ('".addslashes($_POST['title'])."', '".addslashes($_POST['body'])."')";
   if($exe = mysql_query($sql))
   {
   $output = "Content item successfully added.\n";
   }
  }
}

So with that, once the user clicks on the submit button, the page should go to "page=content&do=process" which is defined by the <input hidden... />.

But instead of the page going to the "page=content&do=process", it goes to "page=content" and obviously, doesn't execute the query in "do=process".

So I'm assuming there is some sort of problem with the form, because it won't work properly.

ShadeSlayer

Wow. I just found the problem.

I completely forgot about the "action=whatever", so in the form, it didn't read "&action=add".

The script works fine now.

CoderDan

🙂 glad you got it sorted out, sorry I didn't get the time to read through it in detail.