Need Help with Script page

Broc

Hi Ya'll

I'm not a PHP developer but am in a right bind.

I purchased a Classified script online and managed to install it of which 99% of the script runs fine, the problem an having is the person I purchased the script from is gone to a military training camp and will not be back for a few weeks, so there is no way he can help me with the script.... so I'm hoping that one of you bright sparks can show a bit of light on the problem... as I said I'm not a PHP developer but have dabbled in CFM.

The problem I'm having is when a user posts an ad, they then receive an automated email with an edit link, when clicked on takes you to the edit page but when they make a change and click on the continue/update button they get Error: Classified ID or Password Invalid! Redirecting

Here is the code on the edit page which is also the action page.

<?PHP
include("inc/header.php");
$id = $GET['id'];
$pass = $GET['pass'];
if(!isset($id)){
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
} else {
if(!isset($pass)){
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
}
$querya = "SELECT * FROM classifieds WHERE adid = '".$id."' AND password = '".$pass."'";
$a = mysql_query($querya) or die(mysql_error());
$num = mysql_num_rows($a);
if($num < 1){
echo "<script type='text/javascript'>alert('Error. Classified ID or Password Invalid! Redirecting...');</script>";
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
} else {
?>

<body>

That is the first section of code

I know this is quite a bit of code but if any of you guys or gals could show a bit of light on the problem, I sure would appreciate it.

Thank you

Ray
(Broc)

xxdalexx

Well first thing first, you need to go into the database and see what information has been stored there so you can compare it to what you are typing in to the id and password text boxes. Its hard to trouble shoot an issue like this just by looking at the code.

Broc

Thank you xxdalexx

I am trying to figure out if the alert message that I'm getting 'Error. Classified ID or Password Invalid" was caused because of the above part of the script was missing something or was the actual update action causing the error..

Because here's the thing... when a user places an ad, they get an automated email welcoming them and also containing 3 links, an approve link, an edit link and a remove link, so 2 of the 3 functions are working giving me an indication that the ad ID and password vars are being set.... it's just on the edit page I have the problem, when the edit page is called it populates all the fields, just when the update button is clicked on I get the error message 'Error. Classified ID or Password Invalid"

So I'm just trying to locate and rule out a few things... which is even harder when I'm not a PHP developer.

xxdalexx

Can you post the html code for the form where you enter the id and password?
-Dale

xxdalexx

Also the php code to one of the pages that works to compare it.
-Dale

Broc

Hi Dale

Here is the rest of the code within the body of the edit.php page.

The other pages I was referring to were different functions, an approve script and a remove script, but here is the rest of the edit page, along with the code of my first posting, I don't know if this is going to help but if I could just get an idea as to why I'm getting the error (

Error: Classified ID or Password Invalid! Redirecting)

<?PHP
$back = "<a href='sell.php'>Click Here To Go Back And Try Again</a>";
if(isset($GET['upload']) && $FILES['userfile']['size'] > 0)
{
$title = $GET['title'];
$description = $GET['description'];
$category = $GET['category'];
$price = $GET['price'];
$name = $GET['name'];
$number = $GET['number'];
$email = $GET['email'];
$password = $GET['password'];
$id = $_GET['id'];

// PICTURE UPLOAD SYSTEM
$imagename = basename($_FILES['userfile']['name']);
//echo $imagename;
if(empty($imagename)) {
$error = 1;
echo"<h2 class='error'>The name of the image was not found.</h2>".$back; }

if($error != 1 && $noimg != 1)
{

	$filename = stripslashes($_FILES['userfile']['name']);
	$extension = substr(strrchr($filename, '.'), 1);
	$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
//otherwise we will do more tests
}

if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
//print error message
echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>'.$back.'';
$errors=1;
}
else
{

$time = time();
$newimage = "photos/" . $time . $imagename;
//echo $newimage;
$result = @move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
if(empty($result)) {
$error = 1;
echo "<h2 class='error'>There was an error moving the uploaded file.</h2><br/>".$back."";
}

$date = date("Y-m-d");
$id = $_GET['id'];
$query = "UPDATE classifieds set title = '$title', description = '$description', cat = '$category', price = '$price', name = '$name', number = '$number', email = '$email', password = '$password', picture = '$newimage', date = '$date' WHERE adid = '$id'";
mysql_query($query) or die(mysql_error());

echo "<div align='justify'><h2 class='success'>Your ad '".$name."' Has Been Updated Successfully!</h2><br/></div>";

}
} elseif(isset($GET['upload'])) {
// No Image SQL for users not posting an image with the Ad.
$title = $GET['title'];
$description = $GET['description'];
$category = $GET['category'];
$price = $GET['price'];
$name = $GET['name'];
$number = $GET['number'];
$email = $GET['email'];
$password = $GET['password'];
$date = date("Y-m-d");
$id = $GET['id'];
$query = "UPDATE classifieds set title = '$title', description = '$description', cat = '$category', price = '$price', name = '$name', number = '$number', email = '$email', password = '$password', picture = 'images/noimage.jpg', date = '$date' WHERE adid = '$id'";
mysql_query($query) or die(mysql_error());

echo "<div align='justify'><h2 class='success'>Your ad '".$title."' Has Been Updated Successfully!</h2><br/></div>";

} else {
$i = $_GET['id'];
if(isset($i)){
$back = "SELECT * FROM classifieds WHERE adid = '$i' limit 1";
$query2 = mysql_query($back) or die (mysql_error());
while($row = mysql_fetch_array($query2, MYSQL_ASSOC)){
$newid = $row['adid'];
$title = $row['title'];
$description = $row['description'];
$category = $row['cat'];
$price = $row['price'];
$name = $row['name'];
$number = $row['number'];
$email = $row['email'];
$password = $row['password'];
$picture = $row['picture'];
$date = date("Y-m-d");
}

				  ?>

				  <form action="edit.php" onsubmit="return validate_form();" method="get" name="sell" enctype="multipart/form-data">
                  <input type="hidden" name"pass" value="<?PHP echo $_GET['pass']; ?>"/>
                  <input type="hidden" name="id" value="<?PHP echo $newid; ?>" /><table width="100%" border="0" cellspacing="5" cellpadding="0">
                      <tr>
                        <td colspan="2"><span class="style68">Classified Information </span></td>
                        </tr>
                      <tr>
                        <td width="31%"><span class="style64">Title</span></td>
                        <td width="69%"><input type="text" name="title" class="input" value="<?PHP echo $title; ?>"/></td>
                      </tr>
                      <tr>
                        <td class="style64">Description</td>
                        <td><textarea name="description" rows="5" class="input"><?PHP echo $description; ?></textarea></td>
                      </tr>
                      <tr>
                        <td class="style64">Classified Category </td>
                        <td><select name="category" class="input">
                          <option value="default" selected="selected" style='background-color:#f1f5fa;'>Select A Category</option>
						<?PHP 
						$catquery3  = mysql_query("SELECT * FROM categories");

while($row = mysql_fetch_array($catquery3, MYSQL_ASSOC))
{
echo "<option value='".$row['id']."' style='background-color:#f1f5fa;'>".$row['name']."</option>";
}
?>
</select></td>
</tr>
<tr>
<td class="style64">Price</td>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="34%"><table width="91%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="14%" valign="middle"><div align="left"><span class="style62">$</span></div></td>
<td width="38%"><input name="price" type="text" value="<?PHP echo $price; ?>" size="5" maxlength="5" style="background:url(images/pricebg-small.gif); background-position:center; background-repeat:no-repeat;height:45px;width:55px;text-align:center;font-size:28px;font-weight:bold;color:#fff;font-family:Geneva, Arial, Helvetica, sans-serif;border:1px solid #E2ECF5;"/></td>
<td width="48%" valign="middle"><div align="left"><span class="style62">.00</span></div></td>
</tr>
</table> </td>
<td width="21%"><img src="images/arrow-left.png" width="77" height="45" /></td>
<td width="45%"><span class="style60"><strong>Enter Your Price In White </strong><br />
<span class="style57">(Just the dollar value, ex. enter "10" for $10.00, no $ or .00)</span></span></td>
</tr>
</table></td>
</tr>
<tr>
<td height="34" colspan="2" valign="bottom"><span class="style68">Contact Information </span></td>
</tr>
<tr>
<td class="style64">Contact Name </td>
<td><input type="text" name="name" class="input" value="<?PHP echo $name; ?>" /></td>
</tr>
<tr>
<td class="style64">Contact Number </td>
<td><input type="text" name="number" class="input" value="<?PHP echo $number; ?>" /></td>
</tr>
<tr>
<td class="style64">Contact Email </td>
<td><input type="text" name="email" class="input" value="<?PHP echo $email; ?>" /></td>
</tr>
<tr>
<td class="style64">Classified Image<br />
<span class="style57">(Jpg, Gif or Png Formats)</span> </td>
<td><input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" class="input" id="userfile"> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td class="style64">Listing Password<br />
<span class="style57">(Used To Delete Ad or Mark as Sold)</span> </td>
<td><input type="text" name="password" class="input" value="<?PHP echo $password; ?>" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td height="30"> </td>
<td valign="bottom"><input type="submit" name="upload" value="Continue" /></td>
</tr>
</table>
</form><?PHP } } } } ?>

Broc

Hi Dale

Here is the code for the edit/update page edit.php

<body>

				  <?PHP 
				  $back = "<a href='sell.php'>Click Here To Go Back And Try Again</a>";

if(isset($GET['upload']) && $FILES['userfile']['size'] > 0)
{
$title = $GET['title'];
$description = $GET['description'];
$category = $GET['category'];
$price = $GET['price'];
$name = $GET['name'];
$number = $GET['number'];
$email = $GET['email'];
$password = $GET['password'];
$id = $_GET['id'];

if($error != 1 && $noimg != 1)
{

	$filename = stripslashes($_FILES['userfile']['name']);
	$extension = substr(strrchr($filename, '.'), 1);
	$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
//otherwise we will do more tests
}

echo "<div align='justify'><h2 class='success'>Your ad '".$name."' Has Been Updated Successfully!</h2><br/></div>";

echo "<div align='justify'><h2 class='success'>Your ad '".$title."' Has Been Updated Successfully!</h2><br/></div>";

				  ?>

				  <form action="edit.php" onsubmit="return validate_form();" method="get" name="sell" enctype="multipart/form-data">
                  <input type="hidden" name"pass" value="<?PHP echo $_GET['pass']; ?>"/>
                  <input type="hidden" name="id" value="<?PHP echo $id; ?>" /><table width="100%" border="0" cellspacing="5" cellpadding="0">
                      <tr>
                        <td colspan="2"><span class="style68">Classified Information </span></td>
                        </tr>
                      <tr>
                        <td width="31%"><span class="style64">Title</span></td>
                        <td width="69%"><input type="text" name="title" class="input" value="<?PHP echo $title; ?>"/></td>
                      </tr>
                      <tr>
                        <td class="style64">Description</td>
                        <td><textarea name="description" rows="5" class="input"><?PHP echo $description; ?></textarea></td>
                      </tr>
                      <tr>
                        <td class="style64">Classified Category </td>
                        <td><select name="category" class="input">
                          <option value="default" selected="selected" style='background-color:#f1f5fa;'>Select A Category</option>
						<?PHP 
						$catquery3  = mysql_query("SELECT * FROM categories");

xxdalexx

Ok, out of those last two posts, look at the first one. Right around the middle of the post is the html form:

3rd line of this has: value="<?PHP echo $_GET['pass']; ?>"
Try changing that to: value="<?php echo($password); ?>"

Let me if this works out or not.
-Dale

NogDog

As a side note, you can help those you want to help you by making use of this forum's bbcode tags and wrapping your PHP code listings in [noparse]

...

[/noparse] tags.

Broc

Hi Dale

I tried replacing this <?PHP echo $_GET['pass']; ?>
with this <?php echo($password); ?>

and still getting the same error

Error: Classified ID or Password Invalid! Redirecting

xxdalexx

Ok, when your using your site, when you get to the edit page, go up to the url bar and copy and past it here. After the edit.php there will be a ? followed by a bunch of this=that&something=somethingelse. This is where all the $_GET variables come from.

This problem is hard to diagnose with out actually being able to tweak things and retest it, but I'm doing my best by looking at the code.

-Dale

xxdalexx

Ok, try this, up at the top of the code try changing

$password = $_GET['password'];
$id = $_GET['id'];

To:

$password = mysql_escape_string($_GET['password']);
$id = mysql_escape_string($_GET['id']);

Broc

Still no luck ...

When a user places a classified ad they get an email sent to them which contains an edit link..

User email edit link: http://whateverdomain.net/irclass/Files/edit.php?id=182&pass=red2016

this takes them to the edit page http://whateverdomain.net/irclass/Files/edit.php?id=182&pass=red2016

This pulls the user data and populates the edit form, but when I click on the submit button I get the error (Error: Classified ID or Password Invalid! Redirecting ) and direct me to the index page.

When I changed the code at the top of the page I got redirected immediately without even seeing the edit form.....

Thank you Dale for the time you have given me.... thus far... much appreciated! I know what I have given you so far is little to go on, either way, I appreciate the help... thank you!

xxdalexx

Ok, I'm starting to confuse myself now. You posted 2 pages of code, which are we working on here?

Broc

The one that I posted today at 03:32 PM is the full code to the edit.php file.

Sorry about that

xxdalexx

Ok, change the things back to original for now. Lets play with this for now.

<?PHP
include("inc/header.php");
$id = $_GET['id'];
$pass = $_GET['pass'];
if(!isset($id)){
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
} else {
if(!isset($pass)){
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
}
$querya = "SELECT * FROM classifieds WHERE adid = '".$id."' AND password = '".$pass."'";
$a = mysql_query($querya) or die(mysql_error());
$num = mysql_num_rows($a);
if($num < 1){
echo "<script type='text/javascript'>alert('Error. Classified ID or Password Invalid! Redirecting...');</script>";
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
} else {
?>

Were going to work backwards. The end is that your getting an error as a result of $num equaling less than 1, so basicly it equals zero or its not set. So to start the troubleshooting were going to start with figuring out what the values are of the variables. To start we want to temporarily remove the line:

echo "<meta http-equiv='refresh' content='0;url=index.php'>";

so we can leave the page open. Next we want to see how the variables are set. Above the line "if($num < 1){" we want to insert

 echo "ID: $id<br>Pass: $pass<br>Num: $num<br>";

This will tell you what the 3 variables have assigned to them. So after you do this come back and post what it brings up on the page.

Broc

Ok, I took this part of the script

<?PHP 
include("inc/header.php"); 
$id = $_GET['id']; 
$pass = $_GET['pass']; 
if(!isset($id)){ 
echo "<meta http-equiv='refresh' content='0;url=index.php'>"; 
} else { 
if(!isset($pass)){ 
echo "<meta http-equiv='refresh' content='0;url=index.php'>"; 
} 
$querya = "SELECT * FROM classifieds WHERE adid = '".$id."' AND password = '".$pass."'"; 
$a = mysql_query($querya) or die(mysql_error()); 
$num = mysql_num_rows($a); 
if($num < 1){ 
echo "<script type='text/javascript'>alert('Error. Classified ID or Password Invalid! Redirecting...');</script>"; 
echo "<meta http-equiv='refresh' content='0;url=index.php'>"; 
} else { 
?>

And modified it to look like this, inserting the code into three places

<?PHP
include("inc/header.php");
$id = $_GET['id'];
$pass = $_GET['pass'];
if(!isset($id)){
echo "ID: $id<br>Pass: $pass<br>Num: $num<br>"; 
} else {
if(!isset($pass)){
echo "ID: $id<br>Pass: $pass<br>Num: $num<br>"; 
}
$querya = "SELECT * FROM classifieds WHERE adid = '$id' && password = '$pass'";
$a = mysql_query($querya) or die(mysql_error());
$num = mysql_num_rows($a);
if($num < 1){
echo "<script type='text/javascript'>alert('Error. Classified ID or Password Invalid! Redirecting...');</script>";
echo "ID: $id<br>Pass: $pass<br>Num: $num<br>"; 
} else {
?>

When I ran the script and got output

ID: 182
Pass: 
Num: 
ID: 182
Pass: 
Num: 0

xxdalexx

Ok, we have where the problem is. I need you to copy the the url again from the bar while your looking at the

ID: 182
Pass:
Num:
ID: 182
Pass:
Num: 0

Broc

http://whateverdomainnet/irclass/Files/edit.php?id=182&title=3+Bedroom+House+With+Granny+Flat&description=this+is+a+great+house&category=2&price=210000&name=Joe&number=0868243570&email=Call+me%21&MAX_FILE_SIZE=2000000&userfile=&password=red2016&upload=Continue

xxdalexx

Line 4 change

$pass = $_GET['pass'];

$pass = $_GET['password'];

-Dale