Forum Moderators: coopster
<?php
{
print "<script src=\"/jscripts/scriptaculous/prototype.js\" type=\"text/javascript\"></script>\n";
print "<script src=\"/jscripts/scriptaculous/scriptaculous.js\" type=\"text/javascript\"></script>\n";
print "<script type=\"text/javascript\" src=\"./jscripts/ajax.js\"></script>\n";
}
?>
<?php
$option = $_GET['option'];
if ($option == 0 )
{
print '<h1 class=backstage>Allies Management</h1><br />';
print '<h2 class=backstage>Jeff Davidson Allies</h2><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 1:</td>';
print '<td class=row3><select name=1 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why1" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 2:</td>';
print '<td class=row3><select name=2 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why2" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 3:</td>';
print '<td class=row3><select name=3 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why3" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 4:</td>';
print '<td class=row3><select name=4 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why4" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 5:</td>';
print '<td class=row3><select name=5 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why5" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 6:</td>';
print '<td class=row3><select name=6 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why6" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Ally 7:</td>';
print '<td class=row3><select name=7 class=dropdown><option value=0>- None -</ooption>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why7" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<input type=submit value="Update" class=button></form><br /><br />';
returnmain();
} elseif ( $option == 1)
{
include('../backstageconfig.php');
include('../backstagefunctions.php');
print '<h1 class=backstage>Rivals Management</h1><br />';
print '<h2 class=backstage>Jeff Davidson Rivals</h2><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 1:</td>';
print '<td class=row3><select name=1 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why1" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 2:</td>';
print '<td class=row3><select name=2 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why2" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 3:</td>';
print '<td class=row3><select name=3 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why3" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 4:</td>';
print '<td class=row3><select name=4 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why4" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 5:</td>';
print '<td class=row3><select name=5 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why5" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 6:</td>';
print '<td class=row3><select name=6 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why6" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Rival 7:</td>';
print '<td class=row3><select name=7 class=dropdown><option value=0>- None -</option>';
$query = "SELECT * FROM efed_bio";
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) )
{
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
}
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Why?</td><td class=row3><textarea name="why7" class="textarea490x100"></textarea></td>';
print '</table><br />';
print '<input type=submit value="Update" class=button></form><br /><br />';
returnmain();
}
?>
print "<div id=container2>\n";
print "<div id=nav>";
print "<form method=POST name=mainmenu>\n";
print "<input type=hidden name=action value=0>\n";
print "<input type=hidden name=option value=0>\n";
print "</form>\n";
print "<script type=\"text/javascript\" language=\"javascript\">\n";
print "function executeform(action,option) {\n";
print "document.mainmenu.action.value = action;\n";
print "document.mainmenu.option.value = option;\n";
print "document.mainmenu.submit();\n";
print "}\n";
print "</script>\n";
if ((isset($userid)) && ($userid > "0") && ($defaultcharacterid > "0"))
{
print "<h1>Character</h1>\n";
print "<ul>\n";
print "<li";
if (($action == "character") && ((isset($option)) && ($option == "2"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('character','2');\">Bio</a></li>\n";
print "<li";
if (($action == "alliesrivals") && ((isset($option)) && ($option == "0"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('alliesrivals','0');\">Allies</a></li>\n";
print "<li";
if (($action == "alliesrivals") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('alliesrivals','1');\">Rivals</a></li>\n";
print "<li";
if ($action == "quotes") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('quotes','0');\">Quotes</a></li>\n";
print "</ul>\n";
print "<h1>Submit</h1>\n";
print "<ul>\n";
print "<li";
if ($action == "roleplay") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('roleplay','0');\">Roleplay</a></li>\n";
print "<li";
if ($action == "news") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('news','0');\">News</a></li>\n";
print "<li";
if ($action == "submitmatch") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('submitmatch','0');\">Match</a></li>\n";
print "<li";
if ($action == "submitseg") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('submitseg','0');\">Seg</a></li>\n";
print "</ul>\n";
}
if ((isset($isadmin)) && ($isadmin == "1"))
{
print "<h1>Fed Head</h1>\n";
print "<ul>\n";
print "<li";
if ($action == "directory") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('directory','0');\">Directory</a></li>\n";
}
if ((isset($isadmin)) && ($isadmin == "1"))
{
print "<h1>Booking</h1>\n";
print "<ul>\n";
print "<li";
if ($action == "champions") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('champions','0');\">Champions</a></li>\n";
print "<li";
if ($action == "eventbooker") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('eventbooker','0');\">Booker</a></li>\n";
print "<li";
if (($action == "resultscompilation") && ((isset($option)) && ($option == "0"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('resultscompilation','0');\">Compiler</a></li>\n";
print "<li";
if (($action == "resultscompilation") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('resultscompilation','1');\">Archives</a></li>\n";
print "</ul>\n";
print "<h1>Fed Admin</h1>\n";
print "<ul>\n";
print "<li";
if ($action == "handler") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('handler','0');\">Handlers</a></li>\n";
print "<li";
if (($action == "character") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('character','1');\">Characters</a></li>\n";
print "<li";
if ($action == "manageapplications") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('manageapplications','0');\">Applications</a></li>\n";
print "<li";
if ($action == "eventname") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('eventname','0');\">Event Names</a></li>\n";
print "<li";
if ($action == "title") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('title','0');\">Title Names</a></li>\n";
print "<li";
if ($action == "division") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('division','0');\">Divisions</a></li>\n";
print "<li";
if ($action == "matchtypes") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('matchtypes','0');\">Match Types</a></li>\n";
print "<li";
if ($action == "arenas") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('arenas','0');\">Arenas</a></li>\n";
print "</ul>\n";
print "<h1>Site Admin</h1>\n";
print "<ul>\n";
print "<li";
if ($action == "template") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('template','0');\">Templates</a></li>\n";
print "<li";
if ($action == "content") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('content','0');\">Content</a></li>\n";
print "<li";
if ($action == "biolayout") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('biolayout','0');\">Bio Configuration</a></li>\n";
print "<li";
if ($action == "newscategory") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('newscategory','0');\">News Categories</a></li>\n";
print "<li";
if ($action == "menustructures") { print " class=active"; }
print "><a href=\"#\" onClick=\"executeform('menustructures','0');\">Menus</a></li>\n";
print "</ul>\n";
}
print "</div>\n";
The one thing I see right off is a lack of error checking, which will help in exactly these situations. Here's a good place to start, stripping down your logic to it's minimum, but with a couple error checks. First I make SURE $option is a number one digit long.
<?php
if (preg_match('/^\d$/',$_GET['option'])) {
$option = $_GET['option'];
if ($option == 0){
print "OPTION is zero";
}
else if $option == 1) {
print 'Option is one';
}
else { print 'Invalid option value: ' . $option; }
}
else { print 'No value in option!'; exit; }
?>
A side benefit is a contribution to security: I can't possibly inject "and 1=1" into 'option'.
You can see the framework of your code in the if/else block. Get this working. It may reveal that $option is just not what you think it should be (don't know!)
If that works, start slowly re-adding the code from the live script until you figure out what it's doing.
Another to throw in as you go, always check your queries:
$result = mysql_query($query);
if (!$result) { die("No result returned at THIS point"); }
. . . would reveal a problem if you expect results when there are none. Don't use the same die statement in all your checks, the idea is if there's a problem you want to be able to go right to it instead of spending hours figuring out which one it's dying on.
Now we can return to your code and look at what we find. It's easy with a simple error trap!
<select name=2 class=dropdown><option value=0>- None -</option>';
....
print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
Three important things here, a fourth not as important but should be addressed.
Note the select name. "2". So if this "worked," you should be looking for $_GET['2']. The option value will be whatever is selected.
Second, you should never use numbers as the first character of a named form element. You might get it to work, but this will create all sorts of issues if you try to use a variable variable, or access it with Javascript, numbers are not allowed as the first character in a variable name - this is because there are special meanings for numbered variables.
Third, I'm a bit concerned about this:
$row['charactername']
If "charactername" is what it says it is, a name in text, it will not be a 1 or a 0, it will always be a zero (I think, or -1) because it's not a number. You need a different value in option value, like
$result = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $result ) ){
print "<option value=\"".$row['record_id']."\">".$row['charactername']."</option>\r";
But I don't know that this logic will work, as it's not likely to be a "1". Maybe you need to just change the "receiving" logic to
else if (isset($_GET['charactername']) and ($_GET['charactername'] > 0)) {
}
The previous example assumes that the option list does this, change it around as you need to.
<select name="charactername" class="dropdown">
Last, browsers will sometimes do strange things if the attributes are not quoted:
not
<select name=some-name>...
do
<select name="some-name">...
If you validate your script output (which you should, for cross browser support via standards compliance mode) this will be required.
I think points 1 and 2 will lead you to a solution.
<script type=\"text/javascript\">\n"; // lang. deprecated
print "function executeform(action,option) {\n";
print "document.mainmenu.action = action;\n";
print "document.mainmenu.option.value = option;\n";
print "alert(' action: '+ document.mainmenu.action + ' option value: ' + document.mainmenu.option.value)\n";
//print "document.mainmenu.submit();\n";
print "}\n";
print "</script>\n";
Note the bolded. The first, you set an action by just setting the action, it's not a value. Also, since you don't have an attribute for it, it may not accept it, add a blank one:
print "<form method=\"POST\" action=\"\" name=\"mainmenu\">\n";
Also, do you have server side handlers for the url's /template, /biolayout, etc? This is what it will try to submit it to.
The second bolded part is to just let you see what JS is receiving in a standard alert, uncomment it after making sure the values are being set right.
