Author Topic: if (!$zu_games_id) doesn't work. Any help please?  (Read 16906 times)

0 Members and 1 Guest are viewing this topic.

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
if (!$zu_games_id) doesn't work. Any help please?
« on: November 28, 2009, 04:50:51 PM »
Hello,

On every 4images gallery, you can create an images_id, cat_id or user_id. Om my gallery I can create also games_id.
My question is:

On the page games.php I want to use this following code, but it doesn't word:
Code: [Select]
if (!$zu_games_id) {
    redirect("index.php");
}

That means if the user try to open a page which doesn't exist, he will be redirect to the homepage.
For example:

My last games_id on my gallery is 10 (games_id = 10). So if the user want to reach this following page, he will be send to the homepage:
www.mywebsite.com/games.php?games_id = 5000

The script does not understand what !$zu_games_id means.het is still giving a page without any infomation from the database.

Any help will be appreciated,

Cruxy

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #1 on: November 28, 2009, 09:18:15 PM »
The question is, where and how your $zu_games_id variable defined/populated?
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #2 on: November 28, 2009, 09:21:32 PM »
Hi V@no. I am using the TODO plugin:
http://www.4homepages.de/forum/index.php?topic=19443.0

Is that what you mean?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #3 on: November 28, 2009, 09:29:34 PM »
mmm not quiet sure what that plugin has anything to do with this..anyways, no I meant since you are trying use $zu_games_id variable it first must be defined somewhere, otherwise you are checking for none-existing variable and it always will be false.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #4 on: November 28, 2009, 09:32:42 PM »
Ok. I am defined hem in constants.php:
Code: [Select]
// URL Parameters
define('URL_IMAGE_ID', 'image_id');
define('URL_ZU_GAMES_ID', 'zu_games_id');

Is it ok?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #5 on: November 28, 2009, 09:47:41 PM »
no, that is constant you are defining, I'm interested in how your $zu_games_id variable is defined.

Ok, let me try explain it.

the url is blah/games.php?games_id=123
in games.php you can't just use $games_id unless it was defined and populated with data. PHP does not transfer all url queries into variables, unless register_globals is turned on (then it become a security risk). So, you'll need transfer data from games_id url query into a variable. For that you'll need use something like this:
if (isset($HTTP_GET_VARS[URL_ZU_GAMES_ID]) || isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) {
  
$zu_games_id = (isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) ? intval($HTTP_POST_VARS[URL_ZU_GAMES_ID]) : intval($HTTP_GET_VARS[URL_ZU_GAMES_ID]);
}
else {
  
$zu_games_id 0;
}

That when $zu_games_id is defined.

Then, once you have the game_id in your $zu_games_id variable, you need make sure the id is valid, for that you'll need to query the database. That database query should already be in your games.php.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #6 on: November 28, 2009, 09:56:01 PM »
Thank you for your explination.

I already use your code in the global.php. Check this:

Code: [Select]
if (isset($HTTP_GET_VARS[URL_CAT_ID]) || isset($HTTP_POST_VARS[URL_CAT_ID])) {
  $cat_id = (isset($HTTP_POST_VARS[URL_CAT_ID])) ? intval($HTTP_POST_VARS[URL_CAT_ID]) : intval($HTTP_GET_VARS[URL_CAT_ID]);
}
else {
  $cat_id = 0;
}

if (isset($HTTP_GET_VARS[URL_IMAGE_ID]) || isset($HTTP_POST_VARS[URL_IMAGE_ID])) {
  $image_id = (isset($HTTP_POST_VARS[URL_IMAGE_ID])) ? intval($HTTP_POST_VARS[URL_IMAGE_ID]) : intval($HTTP_GET_VARS[URL_IMAGE_ID]);
}
else {
  $image_id = 0;
}

if (isset($HTTP_GET_VARS[URL_ZU_GAMES_ID]) || isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) {

  $zu_games_id = (isset($HTTP_POST_VARS[URL_ZU_GAMES_ID])) ? intval($HTTP_POST_VARS[URL_ZU_GAMES_ID]) : intval($HTTP_GET_VARS[URL_ZU_GAMES_ID]);
 
}
else {
  $zu_games_id = 0;
}

I really don't know what I have to do. I tried everything, but no luck.


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #7 on: November 28, 2009, 10:09:09 PM »
well, I have no idea what your games.php, I can't really tell you how to do it.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #8 on: November 29, 2009, 12:33:39 PM »
Hi V@no. Here you have the games.php. (I am using here the todo.php file. It is the same, so zu_games_id is todo_id)


You can look at it when you have time:

Code: [Select]
<?php // PLUGIN_TITLE: TODO List
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: todo.php                                             *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 0.23b                                                *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
 *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
 *    ---------------------------------------------------------------     *
 *    This script is NOT freeware! Please read the Copyright Notice       *
 *    (Licence.txt) for further information.                              *
 *                                                                        *
 *************************************************************************/

error_reporting(E_ALL);
$nozip 1;
define('IN_CP'1);
define('ROOT_PATH''./../../');
require(
ROOT_PATH.'admin/admin_global.php');
$textarea_size_todo "120";
$limitshow 10;
define('TODO_VERSION''0.23b');


if (
$action == "") {
  
$action "home";
}

function 
delete_todo($todo_ids) {
  global 
$site_db$lang;
  if (empty(
$todo_ids)) {
    echo 
$lang['no_search_results'];
    return 
false;
  }
  
$error_log = array();
  echo 
"<br />";
  
$sql "SELECT todo_id, todo_name
          FROM "
.TODO_TABLE."
          WHERE todo_id IN (
$todo_ids)";
  
$todo_result $site_db->query($sql);
  while (
$todo_row $site_db->fetch_array($todo_result)) {
    
$sql "DELETE FROM ".TODO_TABLE."
          WHERE todo_id = "
.$todo_row['todo_id'];
    
$del_todo $site_db->query($sql);

    if (
$del_todo) {
      echo 
"<b>".$lang['todo_delete_success'].":</b> ".format_text($todo_row['todo_name'], 2)."<br />\n";
    }
    else {
      
$error_log[] = "<b>".$lang['todo_delete_error'].":</b> ".format_text($todo_row['todo_name'], 2)."";
    }
    echo 
"<br />\n";
  }
  return 
$error_log;
}

show_admin_header();

if (
$action == "deletetodo") {
  
$deletetodo = (isset($HTTP_POST_VARS['deletetodo'])) ? $HTTP_POST_VARS['deletetodo'] : array();
  
$todo_ids "";
  if (!empty(
$deletetodo)) {
    foreach (
$deletetodo as $val) {
      
$todo_ids .= (($todo_ids != "") ? ", " "").$val;
    }
  }
  
$lang_key = (sizeof($deletetodo) > 1) ? 'todo' 'todo';
  
show_table_header($lang['delete'].": ".$lang[$lang_key], 1);
  echo 
"<tr><td class=\"tablerow\">\n";
  echo 
"<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td>&nbsp;</td><td>\n";
  
$error_log delete_todo($todo_ids);
  echo 
"</td></tr></table>\n";
  echo 
"</td></tr>\n";
  
show_table_footer();
  if (!empty(
$error_log)) {
    
show_table_header("Error Log:"1);
    echo 
"<tr><td class=\"tablerow\">\n";
    echo 
"<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td>&nbsp;</td><td>\n";
    echo 
"<b>".$lang['error_log_desc']."</b>\n<ul>\n";
    foreach (
$error_log as $val) {
      
printf("<li>%s</li>\n"$val);
    }
    echo 
"</ul>\n</td></tr></table>\n";
    echo 
"</td></tr>\n";
    
show_table_footer();
  }
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "removetodo") {
  
$todo_ids = array();
  if (isset(
$HTTP_GET_VARS['todo_id']) || isset($HTTP_POST_VARS['todo_id'])) {
    
$todo_id = (isset($HTTP_GET_VARS['todo_id'])) ? intval($HTTP_GET_VARS['todo_id']) : intval($HTTP_POST_VARS['todo_id']);
    
$todo_ids[] = $todo_id;
  }
  elseif (isset(
$HTTP_POST_VARS['deletetodo'])) {
    
$todo_ids $HTTP_POST_VARS['deletetodo'];
  }
  else {
   
$todo_ids[] = 0;
  }

  
show_form_header("todo.php""deletetodo");
  foreach (
$todo_ids as $val) {
    
show_hidden_input("deletetodo[]"$val);
  }
  
$lang_key = (sizeof($todo_ids) > 1) ? 'todo' 'todo';
  
show_table_header($lang['delete'].": ".$lang[$lang_key], 2);
  
show_description_row($lang['delete_todo_confirm']);
  
show_form_footer($lang['yes'], ""2$lang['no']);
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "updatetodo") {
  
$error = array();

  
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);
  
$todo_name trim($HTTP_POST_VARS['todo_name']);
  
$todo_description trim($HTTP_POST_VARS['todo_description']);
  
$todo_should_date = (trim($HTTP_POST_VARS['todo_should_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_should_date'])."')" 0;
  
$todo_done_date = (trim($HTTP_POST_VARS['todo_done_date']) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_done_date'])."')" 0;

  
$todo_done trim($HTTP_POST_VARS['todo_done']);

  if (
$todo_name == "") {
    
$error['todo_name'] = 1;
  }
  if (empty(
$error)) {
    
$sql "UPDATE ".TODO_TABLE."
            SET todo_name = '
$todo_name', todo_description = '$todo_description', todo_done = '$todo_done', todo_should_date = $todo_should_date, todo_done_date = $todo_done_date
            WHERE todo_id = 
$todo_id";
    
$result $site_db->query($sql);

    
$msg = ($result) ? $lang['todo_edit_success'] : $lang['comment_edit_error'];
  }
  else {
    
$msg sprintf("<span class=\"marktext\">%s</span>"$lang['lostfield_error']);
  }
  
$action "edittodo";
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "edittodo") {
  if (
$msg != "") {
    
printf("<b>%s</b>\n"$msg);
  }
  
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);

  
$sql "SELECT *, FROM_UNIXTIME(todo_should_date) AS todo_should_date, FROM_UNIXTIME(todo_done_date) AS todo_done_date
          FROM "
.TODO_TABLE."
          WHERE todo_id = 
$todo_id";
  
$todo $site_db->query_firstrow($sql);

  
show_form_header("todo.php""updatetodo""form"1);
  
show_hidden_input("todo_id"$todo_id);
  
show_table_header($lang['nav_todo_edit'].": ".format_text($todo['todo_name'], 2), 2);
  
show_input_row($lang['field_todo_name'], "todo_name"$todo['todo_name'], $textinput_size);
  
show_textarea_row($lang['field_todo_description'], "todo_description"$todo['todo_description'], $textarea_size_todo);
  
show_date_input_row($lang['field_should_date'].$lang['date_format'], "todo_should_date"$todo['todo_should_date'], $textinput_size);
  
show_radio_row($lang['field_todo_done'], "todo_done"$todo['todo_done']);
  
show_date_input_row($lang['field_done_date'].$lang['date_format'], "todo_done_date"$todo['todo_done_date'], $textinput_size);

  
show_form_footer($lang['save_changes'], $lang['reset'], 2);
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "modifytodo") {
  if (
$msg != "") {
    
printf("<b>%s</b>\n"$msg);
  }

  
show_form_header("todo.php""findtodo""form");
  
show_table_header($lang['nav_todo_search'], 2);
  
show_input_row($lang['field_todo_id_contains'], "todo_id"""$textinput_size);
  
show_input_row($lang['field_todo_name_contains'], "todo_name"""$textinput_size);
  
show_input_row($lang['field_todo_description_contains'], "todo_description"""$textinput_size);
  
show_date_input_row($lang['field_create_date_before'].$lang['date_format'], "todo_create_date_before"""$textinput_size);
  
show_date_input_row($lang['field_create_date_after'].$lang['date_format'], "todo_create_date_after"""$textinput_size);
  
show_date_input_row($lang['field_should_date_before'].$lang['date_format'], "todo_should_date_before"""$textinput_size);
  
show_date_input_row($lang['field_should_date_after'].$lang['date_format'], "todo_should_date_after"""$textinput_size);
  
show_date_input_row($lang['field_done_date_before'].$lang['date_format'], "todo_done_date_before"""$textinput_size);
  
show_date_input_row($lang['field_done_date_after'].$lang['date_format'], "todo_done_date_after"""$textinput_size);
  
?>

  <tr class="tablerow2"><td><b><?php echo $lang['field_todo_done_contains'?></b></td><td>
  <select name="todo_done">
  <option value="1"><?php echo $lang['yes'?></option>
  <option value="0" selected><?php echo $lang['no'?></option>
  </select>
  </td></tr>
  <?php
  show_table_separator
($lang['sort_options'], 2);
  
?>

  <tr class="<?php echo get_row_bg(); ?>"><td><p><b><?php echo $lang['order_by'?></b></p></td><td><p>
  <select name="orderby">
  <option value="todo_name"><?php echo $lang['field_todo_name'?></option>
  <option value="todo_id" selected><?php echo $lang['todo'?> ID</option>
  </select>
  <select name="direction">
  <option selected value="ASC"><?php echo $lang['asc'?></option>
  <option value="DESC"><?php echo $lang['desc'?></option>
  </select>
  </p></td></tr>
  <?php
  show_input_row
($lang['results_per_page'], "limitnumber"50);
  
show_form_footer($lang['search'], $lang['reset'], 2);
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "findtodo") {

  
$condition "1=1";

  
$todo_name trim($HTTP_POST_VARS['todo_name']);
  if (
$todo_name != "") {
    
$condition .= " AND INSTR(LCASE(todo_name),'".strtolower($todo_name)."')>0";
  }
  
$todo_done intval($HTTP_POST_VARS['todo_done']);
    
$condition .= " AND INSTR(LCASE(todo_done),'".strtolower($todo_done)."')>0";

  
$todo_id intval($HTTP_POST_VARS['todo_id']);
  if (
$todo_id != 0) {
    
$condition .= " AND INSTR(LCASE(todo_id),'".strtolower($todo_id)."')>0";
  }
  
$todo_description trim($HTTP_POST_VARS['todo_description']);
  if (
$todo_description != "") {
    
$condition .= " AND INSTR(LCASE(todo_description),'".strtolower($todo_description)."')>0";
  }
  
$todo_create_date_before trim($HTTP_POST_VARS['todo_create_date_before']);
  if (
$todo_create_date_before != "") {
    
$condition .= " AND todo_create_date < UNIX_TIMESTAMP('$todo_create_date_before')";
  }
  
$todo_create_date_after trim($HTTP_POST_VARS['todo_create_date_after']);
  if (
$todo_create_date_after != "") {
    
$condition .= " AND todo_create_date > UNIX_TIMESTAMP('$todo_create_date_after')";
  }
  
$todo_should_date_before trim($HTTP_POST_VARS['todo_should_date_before']);
  if (
$todo_should_date_before != "") {
    
$condition .= " AND todo_should_date < UNIX_TIMESTAMP('$todo_should_date_before')";
  }
  
$todo_should_date_after trim($HTTP_POST_VARS['todo_should_date_after']);
  if (
$todo_should_date_after != "") {
    
$condition .= " AND todo_should_date > UNIX_TIMESTAMP('$todo_should_date_after')";
  }

  
$todo_done_date_before trim($HTTP_POST_VARS['todo_done_date_before']);
  if (
$todo_done_date_before != "") {
    
$condition .= " AND todo_done_date < UNIX_TIMESTAMP('$todo_done_date_before')";
  }
  
$todo_done_date_after trim($HTTP_POST_VARS['todo_done_date_after']);
  if (
$todo_done_date_after != "") {
    
$condition .= " AND todo_done_date > UNIX_TIMESTAMP('$todo_done_date_after')";
  }

  
$orderby trim($HTTP_POST_VARS['orderby']);
  if (
$orderby == "") {
    
$orderby "todo_name";
  }
  
$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
  if (
$limitstart == "") {
    
$limitstart 0;
  }
  else {
    
$limitstart--;
  }
  
$limitnumber trim($HTTP_POST_VARS['limitnumber']);
  if (
$limitnumber == "") {
    
$limitnumber 5000;
  }

  if (isset(
$HTTP_GET_VARS['direction']) || isset($HTTP_POST_VARS['direction'])) {
    
$direction = (isset($HTTP_GET_VARS['direction'])) ? trim($HTTP_GET_VARS['direction']) : trim($HTTP_POST_VARS['direction']);
  }
  else {
    
$direction "ASC";
  }

  
$sql "SELECT COUNT(*) AS todo
          FROM "
.TODO_TABLE."
          WHERE 
$condition";
  
$counttodo $site_db->query_firstrow($sql);

  
$limitfinish $limitstart $limitnumber;

  
$start 0;
  if (
$counttodo['todo'] > 0) {
    
$start $limitstart 1;
  }

  echo 
$lang['found']." <b>".$counttodo['todo']."</b> ".$lang['showing']." <b>$start</b>-";
  if (
$limitfinish $counttodo['todo'] == 0) {
    echo 
"<b>$limitfinish</b>.";
  }
  else {
    echo 
"<b>".$counttodo['todo']."</b>.";
  }

  
show_form_header("todo.php""removetodo""form");
  echo 
"<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
  if (
$counttodo['todo'] > 0) {
    
$sql "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
            FROM "
.TODO_TABLE.
            WHERE 
$condition 
            ORDER BY 
$orderby $direction
            LIMIT 
$limitstart$limitnumber";
    
$result $site_db->query($sql);
    echo 
"<tr class=\"tableseparator\">\n";
    echo 
"<td class=\"tableseparator\"><input name=\"allbox\" type=\"checkbox\" onClick=\"CheckAll();\" /></td>\n";
    echo 
"<td class=\"tableseparator\">Nr.</td><td class=\"tableseparator\">ID</td><td class=\"tableseparator\">".$lang['todo']."</td>\n<td class=\"tableseparator\">".$lang['options']."</td>\n</tr>\n";
    
$i 1;
    while (
$todo_row $site_db->fetch_array($result)) {

         if (
$todo_row['todo_create_date'] != 0) {
            
$todo_create_date "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_create_date'])."]";
         } else {
            
$todo_create_date '';
         }

         if (
$todo_row['todo_should_date'] > 0) {
            
$todo_should_date " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_should_date'])."]";
         } else {
            
$todo_should_date '';
         }
         if (
$todo_row['todo_done_date'] != 0) {
            
$todo_done_date " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_done_date'])."]";
         } else {
            
$todo_done_date '';
         }

      echo 
"<tr class=\"".get_row_bg()."\">";
      echo 
"<td><input type=\"checkbox\" name=\"deletetodo[]\" value=\"".$todo_row['todo_id']."\" /></td>";
      echo 
"<td>".$i++."</td>\n";
      echo 
"<td>".$todo_row['todo_id']."</td>\n";
      
$show_todo "<b>".format_text($todo_row['todo_name'])."</b><br />";
      if (
strlen($todo_row['todo_description']) > 50) {
        
$todo_row['todo_description'] = substr($todo_row['todo_description'], 050)."...";
      }
      
$show_todo .= format_text($todo_row['todo_description']);
      echo 
"<td>".$show_todo."</td>\n";
      echo 
"<td><p>";
      
show_text_link($lang['todo_show'], "todo.php?action=showtodo&todo_id=".$todo_row['todo_id']);
      
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_row['todo_id']);
      
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_row['todo_id']);
      
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_row['todo_id']);
      echo 
"</p>".$todo_create_date."".$todo_should_date."".$todo_done_date."</td>\n";
      echo 
"</tr>\n";
    }

    echo 
"<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n&nbsp;";
    echo 
"<input type=\"submit\" value=\"  ".$lang['delete']."   \" class=\"button\">\n";
    echo 
"&nbsp;\n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n</form>\n";
  }
  else {
    
show_description_row($lang['no_search_results'], 6);
    
show_form_footer("""");
  }

  echo 
"<div align=\"right\">";
  echo 
"<form action=\"".$site_sess->url("todo.php")."\" name=\"form2\" method=\"post\">\n";

    
show_hidden_input("action""findtodo");
    
show_hidden_input("todo_id"$todo_id);
    
show_hidden_input("todo_name"$todo_name1);
    
show_hidden_input("todo_description"$todo_description1);
    
show_hidden_input("todo_done"$todo_done1);
    
show_hidden_input("todo_create_date_before"$todo_create_date_before1);
    
show_hidden_input("todo_create_date_after"$todo_create_date_after1);
    
show_hidden_input("todo_should_date_before"$todo_should_date_before1);
    
show_hidden_input("todo_should_date_before"$todo_should_date_before1);
    
show_hidden_input("todo_done_date_before"$todo_done_date_before1);
    
show_hidden_input("todo_done_date_before"$todo_done_date_before1);
    
show_hidden_input("orderby"$orderby1);
    
show_hidden_input("direction"$direction1);
    
show_hidden_input("limitstart"$limitstart $limitnumber 1);
    
show_hidden_input("limitnumber"$limitnumber);

  if (
$limitstart 0) {
    echo 
"<input type=\"button\" value=\"   ".$lang['back']."   \" onclick=\"limitstart.value=limitstart.value-limitnumber.value*2;submit();\" class=\"button\">\n";
  }

  if (
$limitnumber != 5000 && $limitfinish $counttodo['todo']) {
    echo 
"<input type=\"submit\" value=\"   ".$lang['search_next_page']."   \" class=\"button\">\n";
  }
  echo 
"</form>";
  echo 
"</div>";
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "savetodo") {
  
$error_msg "";
  
$num_todo $HTTP_POST_VARS['num_todo'];
  
  
$error = array();
  for (
$i 1$i <= $num_todo$i++) {
    
$todo_name un_htmlspecialchars(trim($HTTP_POST_VARS['todo_name_'.$i]));


    if (
$todo_name == "") {
      
$error['todo_name_'.$i] = 1;
    }  
  }
  if (empty(
$error)) {
    for (
$i 1$i <= $num_todo$i++) {
      
$log = array();
      
$uploaderror 0;
      
$todo_name un_htmlspecialchars(trim($HTTP_POST_VARS['todo_name_'.$i]));
      if (!
$uploaderror) {
        
$todo_description un_htmlspecialchars(trim($HTTP_POST_VARS['todo_description_'.$i]));
        
$todo_done trim($HTTP_POST_VARS['todo_done_'.$i]);
        
$todo_should_date = (trim($HTTP_POST_VARS['todo_should_date_'.$i]) != "") ? "UNIX_TIMESTAMP('".trim($HTTP_POST_VARS['todo_should_date_'.$i])."')" 0;
        
$todo_create_datestamp time();
        
$sql "INSERT INTO ".TODO_TABLE."
                (todo_name, todo_description, todo_done, todo_create_date, todo_done_date, todo_should_date)
                VALUES
                ('
$todo_name', '$todo_description', $todo_done$todo_create_datestamp, '', $todo_should_date)";
        
$result $site_db->query($sql);
        
$image_id $site_db->get_insert_id();

        if (
$result) {
          
$log[] = $lang['todo_add_success'].": <b>".format_text(stripslashes($todo_name), 2)."</b>";
        }
        else {
          
$log[] = $lang['todo_add_error'].": <b>".format_text(stripslashes($todo_name), 2)."</b>";
        }
      }
      else {
        
$log[] = $lang['no_db_entry'];
      }
      
show_table_header($lang['todo'].$i"1);
      echo 
"<tr><td class=\"tablerow\">\n";
      echo 
"<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td>&nbsp;</td><td>\n";
      foreach (
$log as $val) {
        echo 
$val."<br />";
      }
      echo 
"</td></tr></table>\n";
      echo 
"</td></tr>\n";
      
show_table_footer();
      echo 
"<br />";
    }
  }
  else {
    
$msg sprintf("<span class=\"marktext\">%s</span>"$lang['lostfield_error']);
    
$action "addtodo";
  }
  echo 
"<br /><br />";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
  echo 
"<br /><br />";
}
  
  

if (
$action == "addtodo") {
  if (isset(
$HTTP_GET_VARS['num_todo']) || isset($HTTP_POST_VARS['num_todo'])) {
    
$num_todo = (isset($HTTP_GET_VARS['num_todo'])) ? intval($HTTP_GET_VARS['num_todo']) : intval($HTTP_POST_VARS['num_todo']);
  }
  else {
    
$num_todo 1;
  }

  if (
$msg != "") {
    
printf("<b>%s</b>\n"$msg);
  }
  
show_form_header("todo.php""savetodo""form"1);
  
show_table_header($lang['nav_todo_add'], 2);
  
show_num_select_row("&nbsp;""num_todo"$lang['num_addnew_todo_desc']);

  for (
$i 1$i <= $num_todo$i++) {
    
show_table_separator($lang['todo_nr']." ".$i2);
    
show_input_row($lang['field_todo_name'], "todo_name_".$i""$textinput_size);
    
show_textarea_row($lang['field_todo_description'],"todo_description_".$i""$textarea_size_todo);
    
show_date_input_row($lang['field_should_date'].$lang['date_format'], "todo_should_date_".$i""$textinput_size);
    
show_radio_row($lang['field_todo_done'], "todo_done_".$i0);

  }
  
show_hidden_input("num_todo"$num_todo);
  
show_form_footer($lang['add'], $lang['reset'], 2"");
  echo 
"<p>";
  
show_text_link($lang['back_overview'], "todo.php?action=home");
}

if (
$action == "home") {
?>

<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td class="tableborder">
<table cellpadding="3" cellspacing="1" border="0" width="100%">
<tr></td></tr>
<tr class="tableheader"><td colspan="2"><a name=""><b><span class="tableheader"><?php echo $lang['todo'?></span></b></td></tr>
<tr><td bgcolor="#F5F5F5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';"  onclick="parent.frames['main'].location='todo.php?action=modifytodo'" onmouseout="this.style.backgroundColor='#F5F5F5'">1.) <a href="./todo.php?action=modifytodo" class="navlink"><?php echo $lang['nav_todo_search'?> / <?php echo $lang['nav_todo_edit'?></a></td></tr>
<tr><td bgcolor="#E5E5E5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';"  onclick="parent.frames['main'].location='todo.php?action=addtodo'" onmouseout="this.style.backgroundColor='#E5E5E5'">2.) <a href="./todo.php?action=addtodo" class="navlink"><?php echo $lang['nav_todo_add'?></a></td></tr>
<tr class="tablefooter"><td>&nbsp;</td></tr>
<tr><td bgcolor="#E5E5E5" valign=top onmouseover="this.style.backgroundColor='#FFE673';this.style.cursor='hand';" onmouseout="this.style.backgroundColor='#E5E5E5'">MOD: SIMPLE TODO LIST v<?php echo TODO_VERSION?> made by Nicky for user cruxy.<br />MOD Thread at 4homepages.de forum > <a href="http://www.4homepages.de/forum/index.php?topic=19443.0" target="_blank">http://www.4homepages.de/forum/index.php?topic=19443.0</a></td></tr>
<tr class="tablefooter"><td>&nbsp;</td></tr>
</table>
</td>
</tr>
</table>
<?php


  $sql 
"SELECT COUNT(*) AS todo
          FROM "
.TODO_TABLE."
          WHERE todo_done = 0"
;
  
$counttodo $site_db->query_firstrow($sql);
  echo 
"<p>".$lang['found']." <b>".$counttodo['todo']."</p>";

  echo 
"<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
  if (
$counttodo['todo'] > 0) {
    
$sql "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
            FROM "
.TODO_TABLE.
            WHERE todo_done = 0 
            ORDER BY todo_id 
            LIMIT 
$limitshow";
    
$result $site_db->query($sql);
      echo 
"<tr class=\"tableseparator\">\n";
      echo 
"<td class=\"tableseparator\">Nr.</td><td class=\"tableseparator\">ID</td><td class=\"tableseparator\">".$lang['todo']."</td>\n<td class=\"tableseparator\">".$lang['options']."</td>\n</tr>\n";
    
$i 1;
      while (
$todo_row $site_db->fetch_array($result)) {

         if (
$todo_row['todo_create_date'] != 0) {
            
$todo_create_date "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_create_date'])."]";
         } else {
            
$todo_create_date '';
         }

         if (
$todo_row['todo_should_date'] > 0) {
            
$todo_should_date " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_should_date'])."]";
         } else {
            
$todo_should_date '';
         }

         if (
$todo_row['todo_done_date'] != 0) {
            
$todo_done_date " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo_row['todo_done_date'])."]";
         } else {
            
$todo_done_date '';
         }

        echo 
"<tr class=\"".get_row_bg()."\">";
        
$show_todo "<b>".format_text($todo_row['todo_name'])."</b><br />";
        if (
strlen($todo_row['todo_description']) > 50) {
          
$todo_row['todo_description'] = substr($todo_row['todo_description'], 050)."...";
        }

        
$show_todo .= format_text($todo_row['todo_description']);
        echo 
"<td>".$i++."</td>\n";
        echo 
"<td>".$todo_row['todo_id']."</td>\n";
        echo 
"<td>".$show_todo."</td>\n";
        echo 
"<td><p>";
        
show_text_link($lang['todo_show'], "todo.php?action=showtodo&todo_id=".$todo_row['todo_id']);
        
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_row['todo_id']);
        
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_row['todo_id']);
        
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_row['todo_id']);
        echo 
"</p>".$todo_create_date."".$todo_should_date."".$todo_done_date."</td>\n";
        echo 
"</tr>\n";
      }



    echo 
"<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n&nbsp;";
    echo 
"&nbsp;\n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n";
  }
  else {
    
show_description_row($lang['no_search_results'], 6);
    
show_form_footer("""");
  }

  echo 
"</form>";
  echo 
"</div>";
}

if (
$action == "donetodo") {
  if (
$msg != "") {
    
printf("<b>%s</b>\n"$msg);
  }
  
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);

  
$todo_done_datestamp time();
  
$sql "UPDATE ".TODO_TABLE." SET todo_done = 1, todo_done_date = $todo_done_datestamp
          WHERE todo_id = 
$todo_id";
  
$todo $site_db->query($sql);
      
show_table_header($lang['todo']);
      echo 
"<tr><td class=\"tablerow\">\n";
      echo 
"<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\"><tr><td>".$lang['todo_done']."</td><td>\n";
      echo 
"</td></tr></table>\n";
      echo 
"</td></tr>\n";
      
show_table_footer();
      echo 
"<br />";

    
show_text_link($lang['back_overview'], "todo.php?action=home");
}



if (
$action == "showtodo") {
  if (
$msg != "") {
    
printf("<b>%s</b>\n"$msg);
  }
  
$todo_id = (isset($HTTP_POST_VARS['todo_id'])) ? intval($HTTP_POST_VARS['todo_id']) : intval($HTTP_GET_VARS['todo_id']);

  
$sql "SELECT todo_id, todo_name, todo_description, todo_done, todo_create_date, todo_should_date, todo_done_date
          FROM "
.TODO_TABLE."
          WHERE todo_id = 
$todo_id";
  
$todo $site_db->query_firstrow($sql);


    if (
$todo['todo_create_date'] != 0) {
       
$todo_create_date "[".$lang['field_create_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_create_date'])."]";
    } else {
       
$todo_create_date '';
    }

    if (
$todo['todo_should_date'] > 0) {
       
$todo_should_date " - [".$lang['field_should_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_should_date'])."]";
    } else {
       
$todo_should_date '';
    }

    if (
$todo['todo_done_date'] != 0) {
       
$todo_done_date " - [".$lang['field_done_date'].": ".format_date($config['date_format']." ".$config['time_format'],$todo['todo_done_date'])."]";
    } else {
       
$todo_done_date '';
    }

    
show_text_link($lang['back_overview'], "todo.php?action=home");
    echo 
"<br /><br />";
    
show_text_link($lang['edit'], "todo.php?action=edittodo&todo_id=".$todo_id);
    
show_text_link($lang['delete'], "todo.php?action=removetodo&todo_id=".$todo_id);
    
show_text_link($lang['field_todo_done'], "todo.php?action=donetodo&todo_id=".$todo_id);
    echo 
"<br /><br />";
    echo 
"<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
    echo 
"<tr class=\"tableseparator\">\n";
    echo 
"<td class=\"tableseparator\">".$lang['todo']." ID: ".$todo['todo_id']." - ".$lang['field_todo_name'].": ".format_text($todo['todo_name'])."</td>\n</tr>\n";
    echo 
"<tr class=\"".get_row_bg()."\">";
    echo 
"<td>".$todo_create_date."".$todo_should_date."".$todo_done_date."<br /><br /><b><u>".$lang['field_todo_description'].":</u></b><br /><br />".format_text($todo['todo_description'])."</td>\n";
    echo 
"</tr>\n";
    echo 
"<tr class=\"tablefooter\">\n<td colspan=\"6\" align=\"left\">\n&nbsp;";
    echo 
"&nbsp;\n</td>\n</tr>\n</table>\n</td>\n</tr>\n</table>\n";
    echo 
"<br />";
    echo 
"<br />";
    
show_text_link($lang['back_overview'], "todo.php?action=home");
}

show_admin_footer();
?>

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #9 on: November 29, 2009, 01:04:59 PM »
Well, I don't know what is a big deal about your games.php that you are so protecting and showing some other code instead...
Then I kind of doubt you can use this todo.php outside /admin/ directory (and you shouldn't), simply because it uses echo for output data.

From what I see when you access todo.php with or without todo_id in the url query, it wont make any difference.
Then you making me guess which part of the code you want add the id check. My guess would be the part of code starts at line 609
In that case you need replace
$todo $site_db->query_firstrow($sql);

with
if (!$todo $site_db->query_firstrow($sql)) {
    
redirect("index.php");
}


Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline Sun Zaza

  • Sr. Member
  • ****
  • Posts: 399
    • View Profile
Re: if (!$zu_games_id) doesn't work. Any help please?
« Reply #10 on: November 29, 2009, 01:09:51 PM »
Hi V@no. I am not protecting my zu_games.php, but because I am using a lot of dutch words in it. Almost all the variables has a dutch language. I was afraid it will be annoying for you. :wink:

I will test it right now and I will let you know.



After the test:

Nope. I can still access the zu_games.php with an unexisting id.

hmmm. There is sure a way to deny users.

 

Post your comments here