Announcement

**mlseim** · Sep 9, 2011, 08:24 AM

Show us the update script.

.

**Chrustopher** · Sep 9, 2011, 08:59 AM

PHP Code:



case 'editnews':
$newsid = $_GET['id'];
$sql = mysql_query("SELECT * FROM `news` WHERE `id` = '$newsid'");
$gotnews = mysql_fetch_array($sql);
$article = stripslashes($gotnews['article']);
?>
    <div id="content"><div class="header">Update Article - <?php echo "$gotnews[title]"; ?></div>
<form action="?p=updatenews" method="post">
<div class="big">Title</div><input type="text" name="title" value="<?php echo "$gotnews[title]"; ?>" class="text"><br><br>

<div class="big">Article</div>
<textarea cols="70" rows="10" name="article" class="text"><?php echo "$article"; ?></textarea>
<input type="hidden" value="<?php echo "$newsid"; ?>" name="id">
<input type="submit" value="Update Article" class="button">
</form>
</div>

<?php
break;


case 'updatenews':
$id = $_POST['id'];
$title = $_POST['title'];
$article = addslashes($_POST['article']);

$sql = mysql_query("UPDATE `news` SET `title` = '$title', `article` = '$article' WHERE `id` = '$id'");
?>
    <div id="content"><div class="header">Update Article</div>
Article updated!<br><a href="?page=viewnews">Go back?</a>
</div>
<?php
break;

**Inigoesdr** · Sep 9, 2011, 11:03 AM

I don't see anything destroying the session(unless config.php is doing so) with a quick glance. Are you sure they get logged out or they just don't have any links visible to return to the articles?

You really need to be sanitizing your inputs by casting them to an int(for IDs) or using mysql_real_escape_string(). You are open to SQL injection with the code you have now.

**mlseim** · Sep 9, 2011, 01:01 PM

Because you're including config.php, if that already has a session_start(),
I don't think you need another one. At least removing it from your delete
script would be something to try.

.

**tangoforce** · Sep 9, 2011, 01:52 PM

Originally posted by Chrustopher View Post

(Cut out the code not related)

And thats probably the very issue.

Show all the code please because the code you've shown us does not interact with your session at all. There must be something causing this and if its not in the code you've shown it must be somewhere else.

Also show the config file code too

**mlseim** · Sep 9, 2011, 03:33 PM

If config.php contains any usernames or passwords ... XXXXX them out before posting.

.

**Chrustopher** · Sep 10, 2011, 04:22 AM

Config.php
(Connects to database and collects session information)

PHP Code:


<? 
session_start();

$conn = mysql_connect("localhost","XXXX","XXXX"); 
mysql_select_db(staffpanel) or die(mysql_error());  

$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'"); 
$logged = mysql_fetch_array($logged); 

$host = $_SERVER['HTTP_HOST'];
$self = $_SERVER['PHP_SELF'];
?>

index.php
(Controls basically everything using a switch function to change pages)

PHP Code:


<?php
include "config.php"; 
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>XXXXXXX.NET Administration Panel</title>
</head>
<body>

    <center>

<?php

if($logged[id]) {

if($logged[warnings] != "0"){
?>

    <div id="content">
    Hello <?php echo $logged[username]; ?>! You currently have a total of <?php echo $logged[warnings]; ?> out of 3 warnings.
    </div><br>

<?php
}
switch($_GET[page])
{
default:
?>


    <div id="content"><div class="header">Welcome to the Staff Panel</div>

Hello <b><?php echo $logged[username]; ?></b> and welcome to the XXXXXXX.NET Staff Panel!<br><br>

    </div>



<?php
break;

case 'viewnews':
$sqln="SELECT * FROM news";
$resultn=mysql_query($sqln);

$countn=mysql_num_rows($resultn);
if($logged[rank] == 11 || $logged[rank] == 15){
?>

    <div id="content"><div class="header">View XXXXXXX Articles</div>
<form name="form1" method="post" action="?page=deletenews">
<input name="delete" id="delete" type="submit" class="button" value="Delete Selected">
<table cellpadding="10" cellspacing="5" border="0">

<tr>
<th width="20" style="background-color:#EEE;padding:10px;">#</th>
<th width="50" style="background-color:#EEE;padding:10px;">ID</th>
<th width="430" style="background-color:#EEE;padding:10px;">Article Title</th>
<th width="100" style="background-color:#EEE;padding:10px;">Author</th>
<th width="50" style="background-color:#EEE;padding:10px;">Actions</th>
</tr>
<?php
$gathernews = mysql_query("SELECT * FROM `news` WHERE `active` = '1' ORDER BY `id` DESC");
while($listnews = mysql_fetch_array($gathernews)){
?>
<tr>
<td valign="top" style="background-color:#EEE;padding:10px;"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $listnews[id]; ?>"></td>
<td valign="top" style="background-color:#EEE;padding:10px;"><?php echo $listnews[id]; ?></td>
<td valign="top" style="background-color:#EEE;padding:10px;"><?php echo $listnews[title]; ?></td>
<td valign="top" style="background-color:#EEE;padding:10px;"><?php echo $listnews[author]; ?></td>
<td valign="top" style="background-color:#EEE;padding:10px;">
<a href="?page=editnews&id=<?php echo $listnews[id]; ?>">Edit</a>
</td>
</tr>
<?php
}
?>
</table>
<input name="delete" id="delete" type="submit" class="button" value="Delete Selected">
</form>
    </div>

<?php
}
break;

case 'deletenews':
$sqln="SELECT * FROM news";
$resultn=mysql_query($sqln);

$countn=mysql_num_rows($resultn);
// Check if delete button active, start this
for($i=0;$i<$countn;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM news WHERE id='$del_id'";
$result = mysql_query($sql);}

// if successful redirect to delete_multiple.php
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?page=viewnews\">";
}
break;

case 'writenews':
if($logged[newsaccess] == 1 || $logged[rank] == 15){
?>

    <div id="content"><div class="header">Write new Article</div>
<form action="process.php?p=addnews" method="post">
<div class="big">Title:</div><input type="text" name="title" class="text"><br><br>
<div class="big">Category:</div>
<select name="category" class="style">
<option value="Site">Site News</option>
<option value="Real Life">Real Life</option>
</select><br><br>

<div class="big">Article:</div>
<textarea cols="70" rows="10" name="article" style="text-align: left;" class="text"></textarea><br>
<input type="submit" value="Post Article" class="button">
</form>

    </div>

<?php
}
break;


case 'editnews':
if($logged[rank] == 11 || $logged[rank] == 15){
$newsid = $_GET['id'];
$sql = mysql_query("SELECT * FROM `news` WHERE `id` = '$newsid'");
$gotnews = mysql_fetch_array($sql);
$article = stripslashes($gotnews['article']);
?>
    <div id="content"><div class="header">Update Article - <?php echo "$gotnews[title]"; ?></div>
<form action="process.php?p=updatenews" method="post">
<div class="big">Title</div><input type="text" name="title" value="<?php echo "$gotnews[title]"; ?>" class="text"><br><br>
<div class="big">Category</div><select name="category" class="style">
<option value="Site" <?php if($gotnews['category'] == "Site"){ echo "selected"; } ?>>Site News</option>
<option value="Real Life" <?php if($gotnews['category'] == "Real Life"){ echo "selected"; } ?>>Real Life</option>
</select><br><br>

<div class="big">Article</div>
<textarea cols="70" rows="10" name="article" class="text"><?php echo "$article"; ?></textarea>
<input type="hidden" value="<?php echo "$newsid"; ?>" name="id">
<input type="submit" value="Update Article" class="button">
</form>
</div>

<?php
}
break;

}
}else
if(isset($_GET['login'])) {
$username= htmlspecialchars(addslashes($_POST[username])); 
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); 
$checkuser = mysql_num_rows($uinfo);
if($checkuser == '0')
{
echo "Username not found";
}else{
$udata = mysql_fetch_array($uinfo);
if($udata[userlevel] == 1) { 
echo "This account had not been verified.";
}
else
if($udata[password] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); 
$user = mysql_fetch_array($query);
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";

echo "<meta http-equiv='Refresh' content='2; URL=index.php'/>";
}
else{
echo "Incorrect username or password!"; 
}
}
}else{ 
?>

<form action="index.php?login" method="post">
<input type="text" id="username" name="username" size="30" maxlength="25" value=""><br>
<input type="password" id="password" name="password" size="30" maxlength="25" value=""><br>
<input type="submit" value="Click here to log in">

</form>

<?php
}
?>
    </center>
</body>
</html>

process.php
(Most forms are submitted to this page)

PHP Code:


<?php
session_start(); //allows session
include "config.php";
?>
<head>
<title>XXXXXXX.NET Administration Panel</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body><center>


<?php
if($logged[id]){
switch($_GET['p']){

case 'addnews':
if($logged[newsaccess] == 1 || $logged[rank] == 15){
$title = $_POST['title'];
$author = $logged['habbo'];
$category = $_POST['category'];
$article = addslashes($_POST['article']);
$d = date('jS');
$M = date('M');

$addingnewssql = mysql_query("INSERT INTO `news` (title, author, category, article, d, M) VALUES ('$title', '$author', '$category', 
'$article', '$d', '$M')");
?>
    <div id="content"><div class="header">Article Posted</div>
<?php
echo "Article Posted!<br><a href='index.php'>Go Back?</a>";
?>
</div>
<?php
}
break;

case 'updatenews':
if($logged[rank] == 11 || $logged[rank] == 15){ 
$id = $_POST['id'];
$title = $_POST['title'];
$category = $_POST['category'];
$article = addslashes($_POST['article']);

$sql = mysql_query("UPDATE `news` SET `title` = '$title', `category` = '$category', `article` = '$article' WHERE `id` = '$id'");
?>
    <div id="content"><div class="header">Update Article</div>
Article updated!<br><a href="index.php?page=viewnews">Go back?</a>
</div>
<?php
}
break;

}
}
?>
</center>
</body>
</html>

For privacy reasons I've removed the website's name, staff members' names and the SQL details.

That's the full script and yes I'm aware it's probably not very secure at all yet, but as only a few of us know where it is at the moment, security will be a last thing I focus on once everything is up and working.

And Update to original thread:
All updates and deletes are now causing logging out issues and sends them back to the login page after running the sql.

The only working delete script is one I got off another website which is a checkbox multiple delete script:

PHP Code:


$sqln="SELECT * FROM news";
$resultn=mysql_query($sqln);

$countn=mysql_num_rows($resultn);
// Check if delete button active, start this
for($i=0;$i<$countn;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM news WHERE id='$del_id'";
$result = mysql_query($sql);}

// if successful redirect to delete_multiple.php
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=index.php?page=viewnews\">";
}

**tangoforce** · Sep 10, 2011, 07:13 AM

Originally posted by Chrustopher View Post

Config.php
(Connects to database and collects session information)

PHP Code:


<? 
session_start();

$conn = mysql_connect("localhost","XXXX","XXXX"); 
mysql_select_db(staffpanel) or die(mysql_error());  

$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'"); 
$logged = mysql_fetch_array($logged); 

$host = $_SERVER['HTTP_HOST'];
$self = $_SERVER['PHP_SELF'];
?>

You see.. this is why I said you should include all this extra stuff. Your logged variable is being pulled froim the DB and its that variable you're checking against to determine if the user is logged in or not.

Clearly something is amiss with the $logged variable when deleting or updating. You need to start debugging - printing variable values in pieces of code that are suspect so that you can see whats going on. Start by printing the SQL in config.php to the screen so that you can see if the $_SESSION[id] is valid in it.

Announcement

PHP Session Error

PHP Session Error

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment