4images Forum & Community
General / Allgemeines => Programming => Topic started by: Sun Zaza on November 28, 2009, 04:50:51 PM
-
Hello,
On every 4images gallery, you can create an images_id, cat_id or user_id. Om my gallery I can create also games_id.
My question is:
On the page games.php I want to use this following code, but it doesn't word:
if (!$zu_games_id) {
redirect("index.php");
}
That means if the user try to open a page which doesn't exist, he will be redirect to the homepage.
For example:
My last games_id on my gallery is 10 (games_id = 10). So if the user want to reach this following page, he will be send to the homepage:
www.mywebsite.com/games.php?games_id = 5000
The script does not understand what !$zu_games_id means.het is still giving a page without any infomation from the database.
Any help will be appreciated,
Cruxy
-
The question is, where and how your $zu_games_id variable defined/populated?
-
Hi V@no. I am using the TODO plugin:
http://www.4homepages.de/forum/index.php?topic=19443.0 (http://www.4homepages.de/forum/index.php?topic=19443.0)
Is that what you mean?
-
mmm not quiet sure what that plugin has anything to do with this..anyways, no I meant since you are trying use $zu_games_id variable it first must be defined somewhere, otherwise you are checking for none-existing variable and it always will be false.
-
Ok. I am defined hem in constants.php:
// URL Parameters
define('URL_IMAGE_ID', 'image_id');
define('URL_ZU_GAMES_ID', 'zu_games_id');
Is it ok?
-
no, that is constant you are defining, I'm interested in how your $zu_games_id variable is defined.
Ok, let me try explain it.
the url is blah/games.php?games_id=123
in games.php you can't just use $games_id unless it was defined and populated with data. PHP does not transfer all url queries into variables, unless register_globals is turned on (then it become a security risk). So, you'll need transfer data from games_id url query into a variable. For that you'll need use something like this:
if (isset($HTTP_GET_VARS[URL_ZU_GAMES_ID]) || isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) {
$zu_games_id = (isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) ? intval($HTTP_POST_VARS[URL_ZU_GAMES_ID]) : intval($HTTP_GET_VARS[URL_ZU_GAMES_ID]);
}
else {
$zu_games_id = 0;
}
That when $zu_games_id is defined.
Then, once you have the game_id in your $zu_games_id variable, you need make sure the id is valid, for that you'll need to query the database. That database query should already be in your games.php.
-
Thank you for your explination.
I already use your code in the global.php. Check this:
if (isset($HTTP_GET_VARS[URL_CAT_ID]) || isset($HTTP_POST_VARS[URL_CAT_ID])) {
$cat_id = (isset($HTTP_POST_VARS[URL_CAT_ID])) ? intval($HTTP_POST_VARS[URL_CAT_ID]) : intval($HTTP_GET_VARS[URL_CAT_ID]);
}
else {
$cat_id = 0;
}
if (isset($HTTP_GET_VARS[URL_IMAGE_ID]) || isset($HTTP_POST_VARS[URL_IMAGE_ID])) {
$image_id = (isset($HTTP_POST_VARS[URL_IMAGE_ID])) ? intval($HTTP_POST_VARS[URL_IMAGE_ID]) : intval($HTTP_GET_VARS[URL_IMAGE_ID]);
}
else {
$image_id = 0;
}
if (isset($HTTP_GET_VARS[URL_ZU_GAMES_ID]) || isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) {
$zu_games_id = (isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) ? intval($HTTP_POST_VARS[URL_ZU_GAMES_ID]) : intval($HTTP_GET_VARS[URL_ZU_GAMES_ID]);
}
else {
$zu_games_id = 0;
}
I really don't know what I have to do. I tried everything, but no luck.
-
well, I have no idea what your games.php, I can't really tell you how to do it.
-
Hi V@no. Here you have the games.php. (I am using here the todo.php file. It is the same, so zu_games_id is todo_id)
You can look at it when you have time:
<?php // PLUGIN_TITLE: TODO List
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: todo.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 0.23b *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
error_reporting(E_ALL);
$nozip = 1;
define('IN_CP', 1);
define('ROOT_PATH', './../../');
require(ROOT_PATH.'admin/admin_global.php');
$textarea_size_todo = "120";
$limitshow = 10;
define('TODO_VERSION', '0.23b');
if ($action == "") {
$action = "home";
}
function delete_todo($todo_ids) {
global $site_db, $lang;
if (empty($todo_ids)) {
echo $lang['no_search_results'];
return false;
}
$error_log = array();
echo "<br />";
$sql = "SELECT todo_id, todo_name
FROM ".TODO_TABLE."
WHERE todo_id IN ($todo_ids)";
$todo_result = $site_db->query($sql);
while ($todo_row = $site_db->fetch_array($todo_result)) {
$sql = "DELETE FROM ".TODO_TABLE."
WHERE todo_id = ".$todo_row['todo_id'];
$del_todo = $site_db->query($sql);
if ($del_todo) {
echo "<b>".$lang['todo_delete_success'].":</b> ".format_text($todo_row['todo_name'], 2)."<br />\n";
}
else {
$error_log[] = "<b>".$lang['todo_delete_error'].":</b> ".format_text($todo_row['todo_name'], 2)."";
}
echo "<br />\n";
}
return $error_log;
}
show_admin_header();
if ($action == "deletetodo") {
$deletetodo = (isset($HTTP_POST_VARS['deletetodo'])) ? $HTTP_POST_VARS['deletetodo'] : array();
$todo_ids = "";
if (!empty($deletetodo)) {
foreach ($deletetodo as $val) {
$todo_ids .= (($todo_ids != "") ? ", " : "").$val;
}
}
$lang_key = (sizeof($deletetodo) > 1) ? 'todo' : 'todo';
show_table_header($lang['delete'].": ".$lang[$lang_key], 1);
echo "<tr><td class=\"tablerow\">\n";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td> </td><td>\n";
$error_log = delete_todo($todo_ids);
echo "</td></tr></table>\n";
echo "</td></tr>\n";
show_table_footer();
if (!empty($error_log)) {
show_table_header("Error Log:", 1);
echo "<tr><td class=\"tablerow\">\n";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td> </td><td>\n";
echo "<b>".$lang['error_log_desc']."</b>\n<ul>\n";
foreach ($error_log as $val) {
printf("<li>%s</li>\n", $val);
}
echo "</ul>\n</td></tr></table>\n";
echo "</td></tr>\n";
show_table_footer();
}
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "removetodo") {
$todo_ids = array();
if (isset($HTTP_GET_VARS['todo_id']) || isset($HTTP_POST_VARS['todo_id'])) {
$todo_id = (isset($HTTP_GET_VARS['todo_id'])) ? intval($HTTP_GET_VARS['todo_id']) : intval($HTTP_POST_VARS['todo_id']);
$todo_ids[] = $todo_id;
}
elseif (isset($HTTP_POST_VARS['deletetodo'])) {
$todo_ids = $HTTP_POST_VARS['deletetodo'];
}
else {
$todo_ids[] = 0;
}
show_form_header("todo.php", "deletetodo");
foreach ($todo_ids as $val) {
show_hidden_input("deletetodo[]", $val);
}
$lang_key = (sizeof($todo_ids) > 1) ? 'todo' : 'todo';
show_table_header($lang['delete'].": ".$lang[$lang_key], 2);
show_description_row($lang['delete_todo_confirm']);
show_form_footer($lang['yes'], "", 2, $lang['no']);
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "updatetodo") {
$error = array();
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);
$todo_name = trim($HTTP_POST_VARS['todo_name']);
$todo_description = trim($HTTP_POST_VARS['todo_description']);
$todo_should_date = (trim($HTTP_POST_VARS['todo_should_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_should_date'])."')" : 0;
$todo_done_date = (trim($HTTP_POST_VARS['todo_done_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_done_date'])."')" : 0;
$todo_done = trim($HTTP_POST_VARS['todo_done']);
if ($todo_name == "") {
$error['todo_name'] = 1;
}
if (empty($error)) {
$sql = "UPDATE ".TODO_TABLE."
SET todo_name = '$todo_name', todo_description = '$todo_description', todo_done = '$todo_done', todo_should_date = $todo_should_date, todo_done_date = $todo_done_date
WHERE todo_id = $todo_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['todo_edit_success'] : $lang['comment_edit_error'];
}
else {
$msg = sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
}
$action = "edittodo";
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "edittodo") {
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);
$sql = "SELECT *, FROM_UNIXTIME(todo_should_date) AS todo_should_date, FROM_UNIXTIME(todo_done_date) AS todo_done_date
FROM ".TODO_TABLE."
WHERE todo_id = $todo_id";
$todo = $site_db->query_firstrow($sql);
show_form_header("todo.php", "updatetodo", "form", 1);
show_hidden_input("todo_id", $todo_id);
show_table_header($lang['nav_todo_edit'].": ".format_text($todo['todo_name'], 2), 2);
show_input_row($lang['field_todo_name'], "todo_name", $todo['todo_name'], $textinput_size);
show_textarea_row($lang['field_todo_description'], "todo_description", $todo['todo_description'], $textarea_size_todo);
show_date_input_row($lang['field_should_date'].$lang['date_format'], "todo_should_date", $todo['todo_should_date'], $textinput_size);
show_radio_row($lang['field_todo_done'], "todo_done", $todo['todo_done']);
show_date_input_row($lang['field_done_date'].$lang['date_format'], "todo_done_date", $todo['todo_done_date'], $textinput_size);
show_form_footer($lang['save_changes'], $lang['reset'], 2);
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "modifytodo") {
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
show_form_header("todo.php", "findtodo", "form");
show_table_header($lang['nav_todo_search'], 2);
show_input_row($lang['field_todo_id_contains'], "todo_id", "", $textinput_size);
show_input_row($lang['field_todo_name_contains'], "todo_name", "", $textinput_size);
show_input_row($lang['field_todo_description_contains'], "todo_description", "", $textinput_size);
show_date_input_row($lang['field_create_date_before'].$lang['date_format'], "todo_create_date_before", "", $textinput_size);
show_date_input_row($lang['field_create_date_after'].$lang['date_format'], "todo_create_date_after", "", $textinput_size);
show_date_input_row($lang['field_should_date_before'].$lang['date_format'], "todo_should_date_before", "", $textinput_size);
show_date_input_row($lang['field_should_date_after'].$lang['date_format'], "todo_should_date_after", "", $textinput_size);
show_date_input_row($lang['field_done_date_before'].$lang['date_format'], "todo_done_date_before", "", $textinput_size);
show_date_input_row($lang['field_done_date_after'].$lang['date_format'], "todo_done_date_after", "", $textinput_size);
?>
<tr class="tablerow2"><td><b><?php echo $lang['field_todo_done_contains'] ?></b></td><td>
<select name="todo_done">
<option value="1"><?php echo $lang['yes'] ?></option>
<option value="0" selected><?php echo $lang['no'] ?></option>
</select>
</td></tr>
<?php
show_table_separator($lang['sort_options'], 2);
?>
<tr class="<?php echo get_row_bg(); ?>"><td><p><b><?php echo $lang['order_by'] ?></b></p></td><td><p>
<select name="orderby">
<option value="todo_name"><?php echo $lang['field_todo_name'] ?></option>
<option value="todo_id" selected><?php echo $lang['todo'] ?> ID</option>
</select>
<select name="direction">
<option selected value="ASC"><?php echo $lang['asc'] ?></option>
<option value="DESC"><?php echo $lang['desc'] ?></option>
</select>
</p></td></tr>
<?php
show_input_row($lang['results_per_page'], "limitnumber", 50);
show_form_footer($lang['search'], $lang['reset'], 2);
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "findtodo") {
$condition = "1=1";
$todo_name = trim($HTTP_POST_VARS['todo_name']);
if ($todo_name != "") {
$condition .= " AND INSTR(LCASE(todo_name),'".strtolower($todo_name)."')>0";
}
$todo_done = intval($HTTP_POST_VARS['todo_done']);
$condition .= " AND INSTR(LCASE(todo_done),'".strtolower($todo_done)."')>0";
$todo_id = intval($HTTP_POST_VARS['todo_id']);
if ($todo_id != 0) {
$condition .= " AND INSTR(LCASE(todo_id),'".strtolower($todo_id)."')>0";
}
$todo_description = trim($HTTP_POST_VARS['todo_description']);
if ($todo_description != "") {
$condition .= " AND INSTR(LCASE(todo_description),'".strtolower($todo_description)."')>0";
}
$todo_create_date_before = trim($HTTP_POST_VARS['todo_create_date_before']);
if ($todo_create_date_before != "") {
$condition .= " AND todo_create_date < UNIX_TIMESTAMP('$todo_create_date_before')";
}
$todo_create_date_after = trim($HTTP_POST_VARS['todo_create_date_after']);
if ($todo_create_date_after != "") {
$condition .= " AND todo_create_date > UNIX_TIMESTAMP('$todo_create_date_after')";
}
$todo_should_date_before = trim($HTTP_POST_VARS['todo_should_date_before']);
if ($todo_should_date_before != "") {
$condition .= " AND todo_should_date < UNIX_TIMESTAMP('$todo_should_date_before')";
}
$todo_should_date_after = trim($HTTP_POST_VARS['todo_should_date_after']);
if ($todo_should_date_after != "") {
$condition .= " AND todo_should_date > UNIX_TIMESTAMP('$todo_should_date_after')";
}
$todo_done_date_before = trim($HTTP_POST_VARS['todo_done_date_before']);
if ($todo_done_date_before != "") {
$condition .= " AND todo_done_date < UNIX_TIMESTAMP('$todo_done_date_before')";
}
$todo_done_date_after = trim($HTTP_POST_VARS['todo_done_date_after']);
if ($todo_done_date_after != "") {
$condition .= " AND todo_done_date > UNIX_TIMESTAMP('$todo_done_date_after')";
}
$orderby = trim($HTTP_POST_VARS['orderby']);
if ($orderby == "") {
$orderby = "todo_name";
}
$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
if ($limitstart == "") {
$limitstart = 0;
}
else {
$limitstart--;
}
$limitnumber = trim($HTTP_POST_VARS['limitnumber']);
if ($limitnumber == "") {
$limitnumber = 5000;
}
if (isset($HTTP_GET_VARS['direction']) || isset($HTTP_POST_VARS['direction'])) {
$direction = (isset($HTTP_GET_VARS['direction'])) ? trim($HTTP_GET_VARS['direction']) : trim($HTTP_POST_VARS['direction']);
}
else {
$direction = "ASC";
}
$sql = "SELECT COUNT(*) AS todo
FROM ".TODO_TABLE."
WHERE $condition";
$counttodo = $site_db->query_firstrow($sql);
$limitfinish = $limitstart + $limitnumber;
$start = 0;
if ($counttodo['todo'] > 0) {
$start = $limitstart + 1;
}
echo $lang['found']." <b>".$counttodo['todo']."</b> ".$lang['showing']." <b>$start</b>-";
if ($limitfinish > $counttodo['todo'] == 0) {
echo "<b>$limitfinish</b>.";
}
else {
echo "<b>".$counttodo['todo']."</b>.";
}
show_form_header("todo.php", "removetodo", "form");
echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
if ($counttodo['todo'] > 0) {
$sql = "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
FROM ".TODO_TABLE."
WHERE $condition
ORDER BY $orderby $direction
LIMIT $limitstart, $limitnumber";
$result = $site_db->query($sql);
echo "<tr class=\"tableseparator\">\n";
echo "<td class=\"tableseparator\"><input name=\"allbox\" type=\"checkbox\" onClick=\"CheckAll();\" /></td>\n";
echo "<td class=\"tableseparator\">Nr.</td><td class=\"tableseparator\">ID</td><td class=\"tableseparator\">".$lang['todo']."</td>\n<td class=\"tableseparator\">".$lang['options']."</td>\n</tr>\n";
$i = 1;
while ($todo_row = $site_db->fetch_array($result)) {
if ($todo_row['todo_create_date'] != 0) {
$todo_create_date = "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_create_date'])."]";
} else {
$todo_create_date = '';
}
if ($todo_row['todo_should_date'] > 0) {
$todo_should_date = " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_should_date'])."]";
} else {
$todo_should_date = '';
}
if ($todo_row['todo_done_date'] != 0) {
$todo_done_date = " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_done_date'])."]";
} else {
$todo_done_date = '';
}
echo "<tr class=\"".get_row_bg()."\">";
echo "<td><input type=\"checkbox\" name=\"deletetodo[]\" value=\"".$todo_row['todo_id']."\" /></td>";
echo "<td>".$i++."</td>\n";
echo "<td>".$todo_row['todo_id']."</td>\n";
$show_todo = "<b>".format_text($todo_row['todo_name'])."</b><br />";
if (strlen($todo_row['todo_description']) > 50) {
$todo_row['todo_description'] = substr($todo_row['todo_description'], 0, 50)."...";
}
$show_todo .= format_text($todo_row['todo_description']);
echo "<td>".$show_todo."</td>\n";
echo "<td><p>";
show_text_link($lang['todo_show'], "todo.php?action=showtodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_row['todo_id']);
echo "</p>".$todo_create_date."".$todo_should_date."".$todo_done_date."</td>\n";
echo "</tr>\n";
}
echo "<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n ";
echo "<input type=\"submit\" value=\" ".$lang['delete']." \" class=\"button\">\n";
echo " \n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n</form>\n";
}
else {
show_description_row($lang['no_search_results'], 6);
show_form_footer("", "");
}
echo "<div align=\"right\">";
echo "<form action=\"".$site_sess->url("todo.php")."\" name=\"form2\" method=\"post\">\n";
show_hidden_input("action", "findtodo");
show_hidden_input("todo_id", $todo_id);
show_hidden_input("todo_name", $todo_name, 1);
show_hidden_input("todo_description", $todo_description, 1);
show_hidden_input("todo_done", $todo_done, 1);
show_hidden_input("todo_create_date_before", $todo_create_date_before, 1);
show_hidden_input("todo_create_date_after", $todo_create_date_after, 1);
show_hidden_input("todo_should_date_before", $todo_should_date_before, 1);
show_hidden_input("todo_should_date_before", $todo_should_date_before, 1);
show_hidden_input("todo_done_date_before", $todo_done_date_before, 1);
show_hidden_input("todo_done_date_before", $todo_done_date_before, 1);
show_hidden_input("orderby", $orderby, 1);
show_hidden_input("direction", $direction, 1);
show_hidden_input("limitstart", $limitstart + $limitnumber + 1);
show_hidden_input("limitnumber", $limitnumber);
if ($limitstart > 0) {
echo "<input type=\"button\" value=\" ".$lang['back']." \" onclick=\"limitstart.value=limitstart.value-limitnumber.value*2;submit();\" class=\"button\">\n";
}
if ($limitnumber != 5000 && $limitfinish < $counttodo['todo']) {
echo "<input type=\"submit\" value=\" ".$lang['search_next_page']." \" class=\"button\">\n";
}
echo "</form>";
echo "</div>";
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "savetodo") {
$error_msg = "";
$num_todo = $HTTP_POST_VARS['num_todo'];
$error = array();
for ($i = 1; $i <= $num_todo; $i++) {
$todo_name = un_htmlspecialchars(trim($HTTP_POST_VARS['todo_name_'.$i]));
if ($todo_name == "") {
$error['todo_name_'.$i] = 1;
}
}
if (empty($error)) {
for ($i = 1; $i <= $num_todo; $i++) {
$log = array();
$uploaderror = 0;
$todo_name = un_htmlspecialchars(trim($HTTP_POST_VARS['todo_name_'.$i]));
if (!$uploaderror) {
$todo_description = un_htmlspecialchars(trim($HTTP_POST_VARS['todo_description_'.$i]));
$todo_done = trim($HTTP_POST_VARS['todo_done_'.$i]);
$todo_should_date = (trim($HTTP_POST_VARS['todo_should_date_'.$i]) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_should_date_'.$i])."')" : 0;
$todo_create_datestamp = time();
$sql = "INSERT INTO ".TODO_TABLE."
(todo_name, todo_description, todo_done, todo_create_date, todo_done_date, todo_should_date)
VALUES
('$todo_name', '$todo_description', $todo_done, $todo_create_datestamp, '', $todo_should_date)";
$result = $site_db->query($sql);
$image_id = $site_db->get_insert_id();
if ($result) {
$log[] = $lang['todo_add_success'].": <b>".format_text(stripslashes($todo_name), 2)."</b>";
}
else {
$log[] = $lang['todo_add_error'].": <b>".format_text(stripslashes($todo_name), 2)."</b>";
}
}
else {
$log[] = $lang['no_db_entry'];
}
show_table_header($lang['todo']." $i", 1);
echo "<tr><td class=\"tablerow\">\n";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td> </td><td>\n";
foreach ($log as $val) {
echo $val."<br />";
}
echo "</td></tr></table>\n";
echo "</td></tr>\n";
show_table_footer();
echo "<br />";
}
}
else {
$msg = sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "addtodo";
}
echo "<br /><br />";
show_text_link($lang['back_overview'], "todo.php?action=home");
echo "<br /><br />";
}
if ($action == "addtodo") {
if (isset($HTTP_GET_VARS['num_todo']) || isset($HTTP_POST_VARS['num_todo'])) {
$num_todo = (isset($HTTP_GET_VARS['num_todo'])) ? intval($HTTP_GET_VARS['num_todo']) : intval($HTTP_POST_VARS['num_todo']);
}
else {
$num_todo = 1;
}
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
show_form_header("todo.php", "savetodo", "form", 1);
show_table_header($lang['nav_todo_add'], 2);
show_num_select_row(" ", "num_todo", $lang['num_addnew_todo_desc']);
for ($i = 1; $i <= $num_todo; $i++) {
show_table_separator($lang['todo_nr']." ".$i, 2);
show_input_row($lang['field_todo_name'], "todo_name_".$i, "", $textinput_size);
show_textarea_row($lang['field_todo_description'],"todo_description_".$i, "", $textarea_size_todo);
show_date_input_row($lang['field_should_date'].$lang['date_format'], "todo_should_date_".$i, "", $textinput_size);
show_radio_row($lang['field_todo_done'], "todo_done_".$i, 0);
}
show_hidden_input("num_todo", $num_todo);
show_form_footer($lang['add'], $lang['reset'], 2, "");
echo "<p>";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "home") {
?>
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td class="tableborder">
<table cellpadding="3" cellspacing="1" border="0" width="100%">
<tr></td></tr>
<tr class="tableheader"><td colspan="2"><a name=""><b><span class="tableheader"><?php echo $lang['todo'] ?></span></b></td></tr>
<tr><td bgcolor="#F5F5F5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';" onclick="parent.frames['main'].location='todo.php?action=modifytodo'" onmouseout="this.style.backgroundColor='#F5F5F5'">1.) <a href="./todo.php?action=modifytodo" class="navlink"><?php echo $lang['nav_todo_search'] ?> / <?php echo $lang['nav_todo_edit'] ?></a></td></tr>
<tr><td bgcolor="#E5E5E5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';" onclick="parent.frames['main'].location='todo.php?action=addtodo'" onmouseout="this.style.backgroundColor='#E5E5E5'">2.) <a href="./todo.php?action=addtodo" class="navlink"><?php echo $lang['nav_todo_add'] ?></a></td></tr>
<tr class="tablefooter"><td> </td></tr>
<tr><td bgcolor="#E5E5E5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';" onmouseout="this.style.backgroundColor='#E5E5E5'">MOD: SIMPLE TODO LIST v<?php echo TODO_VERSION; ?> made by Nicky for user cruxy.<br />MOD Thread at 4homepages.de forum > <a href="http://www.4homepages.de/forum/index.php?topic=19443.0" target="_blank">http://www.4homepages.de/forum/index.php?topic=19443.0</a></td></tr>
<tr class="tablefooter"><td> </td></tr>
</table>
</td>
</tr>
</table>
<?php
$sql = "SELECT COUNT(*) AS todo
FROM ".TODO_TABLE."
WHERE todo_done = 0";
$counttodo = $site_db->query_firstrow($sql);
echo "<p>".$lang['found']." <b>".$counttodo['todo']."</p>";
echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
if ($counttodo['todo'] > 0) {
$sql = "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
FROM ".TODO_TABLE."
WHERE todo_done = 0
ORDER BY todo_id
LIMIT $limitshow";
$result = $site_db->query($sql);
echo "<tr class=\"tableseparator\">\n";
echo "<td class=\"tableseparator\">Nr.</td><td class=\"tableseparator\">ID</td><td class=\"tableseparator\">".$lang['todo']."</td>\n<td class=\"tableseparator\">".$lang['options']."</td>\n</tr>\n";
$i = 1;
while ($todo_row = $site_db->fetch_array($result)) {
if ($todo_row['todo_create_date'] != 0) {
$todo_create_date = "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_create_date'])."]";
} else {
$todo_create_date = '';
}
if ($todo_row['todo_should_date'] > 0) {
$todo_should_date = " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_should_date'])."]";
} else {
$todo_should_date = '';
}
if ($todo_row['todo_done_date'] != 0) {
$todo_done_date = " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_done_date'])."]";
} else {
$todo_done_date = '';
}
echo "<tr class=\"".get_row_bg()."\">";
$show_todo = "<b>".format_text($todo_row['todo_name'])."</b><br />";
if (strlen($todo_row['todo_description']) > 50) {
$todo_row['todo_description'] = substr($todo_row['todo_description'], 0, 50)."...";
}
$show_todo .= format_text($todo_row['todo_description']);
echo "<td>".$i++."</td>\n";
echo "<td>".$todo_row['todo_id']."</td>\n";
echo "<td>".$show_todo."</td>\n";
echo "<td><p>";
show_text_link($lang['todo_show'], "todo.php?action=showtodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_row['todo_id']);
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_row['todo_id']);
echo "</p>".$todo_create_date."".$todo_should_date."".$todo_done_date."</td>\n";
echo "</tr>\n";
}
echo "<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n ";
echo " \n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n";
}
else {
show_description_row($lang['no_search_results'], 6);
show_form_footer("", "");
}
echo "</form>";
echo "</div>";
}
if ($action == "donetodo") {
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);
$todo_done_datestamp = time();
$sql = "UPDATE ".TODO_TABLE." SET todo_done = 1, todo_done_date = $todo_done_datestamp
WHERE todo_id = $todo_id";
$todo = $site_db->query($sql);
show_table_header($lang['todo']);
echo "<tr><td class=\"tablerow\">\n";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td>".$lang['todo_done']."</td><td>\n";
echo "</td></tr></table>\n";
echo "</td></tr>\n";
show_table_footer();
echo "<br />";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
if ($action == "showtodo") {
if ($msg != "") {
printf("<b>%s</b>\n", $msg);
}
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);
$sql = "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
FROM ".TODO_TABLE."
WHERE todo_id = $todo_id";
$todo = $site_db->query_firstrow($sql);
if ($todo['todo_create_date'] != 0) {
$todo_create_date = "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_create_date'])."]";
} else {
$todo_create_date = '';
}
if ($todo['todo_should_date'] > 0) {
$todo_should_date = " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_should_date'])."]";
} else {
$todo_should_date = '';
}
if ($todo['todo_done_date'] != 0) {
$todo_done_date = " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_done_date'])."]";
} else {
$todo_done_date = '';
}
show_text_link($lang['back_overview'], "todo.php?action=home");
echo "<br /><br />";
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_id);
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_id);
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_id);
echo "<br /><br />";
echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
echo "<tr class=\"tableseparator\">\n";
echo "<td class=\"tableseparator\">".$lang['todo']." ID: ".$todo['todo_id']." - ".$lang['field_todo_name'].": ".format_text($todo['todo_name'])."</td>\n</tr>\n";
echo "<tr class=\"".get_row_bg()."\">";
echo "<td>".$todo_create_date."".$todo_should_date."".$todo_done_date."<br /><br /><b><u>".$lang['field_todo_description'].":</u></b><br /><br />".format_text($todo['todo_description'])."</td>\n";
echo "</tr>\n";
echo "<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n ";
echo " \n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n";
echo "<br />";
echo "<br />";
show_text_link($lang['back_overview'], "todo.php?action=home");
}
show_admin_footer();
?>
-
Well, I don't know what is a big deal about your games.php that you are so protecting and showing some other code instead...
Then I kind of doubt you can use this todo.php outside /admin/ directory (and you shouldn't), simply because it uses echo for output data.
From what I see when you access todo.php with or without todo_id in the url query, it wont make any difference.
Then you making me guess which part of the code you want add the id check. My guess would be the part of code starts at line 609
In that case you need replace
$todo = $site_db->query_firstrow($sql);
with
if (!$todo = $site_db->query_firstrow($sql)) {
redirect("index.php");
}
-
Hi V@no. I am not protecting my zu_games.php, but because I am using a lot of dutch words in it. Almost all the variables has a dutch language. I was afraid it will be annoying for you. :wink:
I will test it right now and I will let you know.
After the test:
Nope. I can still access the zu_games.php with an unexisting id.
hmmm. There is sure a way to deny users.