Problem with Staff Application
Asked Modified Viewed 1,975 times
asked
Please a little help for your addon Staff Application the addon is for join users to team is not a recommendation is correct?
Why when a user clicks to join the team and complete the form shows that there is error in ID field.
Everything is filled correctly.
I tried to enter another name with another ID and everything was fine. I think leaks occur in the code but I'm not sure. I did anywhere not see the code checking possible ID. What is the reason it and how to fix this? Thanks
[syntaxhighlighter brush=php,first-line=1,highlight=0,collapse=false,html-script=false]<?php
/*-------------------------------------------------------+
| PHPFusion Content Management System
| Copyright (C) 2002 - 2011 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: staff_application.php
| Author: Philip Daly (HobbyMan)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../../maincore.php";
require_once THEMES."templates/header.php";
include INFUSIONS."staff_application/infusion_db.php";
if (file_exists(INFUSIONS."staff_application/locale/".$settings['locale'].".php")) {
include INFUSIONS."staff_application/locale/".$settings['locale'].".php";
} else {
include INFUSIONS."staff_application/locale/English.php";
}
add_to_title(" | ".$locale['stf_002']);
$error = "";
if (iMEMBER) {
if (isset($_POST['staff_app'])) {
$stf_real_name = stripinput($_POST['stf_real_name']);
$stf_main_name = stripinput($_POST['stf_main_name']);
$stf_main_name_id = stripinput($_POST['stf_main_name_id']);
$stf_type = stripinput($_POST['stf_type']);
$stf_text = stripinput($_POST['stf_text']);
$post_description = "";
if ($stf_real_name == "") { $error .= $locale['stf_012']."<br />\n"; }
if ($stf_main_name == "") { $error .= $locale['stf_051']."<br />\n"; }
if ($stf_main_name_id == $userdata['user_id']) { $error .= $locale['stf_052']."<br />\n"; }
if ($stf_main_name_id == "") { $error .= $locale['stf_044']."<br />\n"; }
if ($stf_type == '0') { $error .= $locale['stf_055']."<br />\n"; }
if ($stf_text == "") {
$error .= $locale['stf_075']."<br />\n";
}
if ($error) {
opentable($locale['stf_012']);
echo "<div style='text-align:center'><br />\n".$locale['stf_029']."<br /><br />\n$error<br /><br /><a href='".FUSION_SELF."'>".$locale['stf_054']."</a></div><br />\n";
closetable();
} else {
$result = dbquery("INSERT INTO ".DB_STF_APPLICATIONS." (stf_id, stf_user_id, stf_real_name, stf_main_name, stf_main_name_id, stf_email, stf_type, stf_ip, stf_status, stf_admin, stf_text, stf_datestamp, stf_approver_comment)
VALUES ('', '".$userdata['user_id']."', '".$stf_real_name."', '".$stf_main_name."', '".$stf_main_name_id."', '".$userdata['user_email']."', '".$stf_type."', '".USER_IP."', '', '', '".$stf_text."', '".time()."', '')");
$dummy_user = "11";
if ($stf_type == '4') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
elseif ($stf_type == '7') { $forum_id = "60"; $thread_subject = $locale['stf_080']; $line = $locale['stf_081'];}
elseif ($stf_type == '8') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
elseif ($stf_type == '9') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
else { $forum_id = "60"; $thread_subject = $locale['stf_080']; $line = $locale['stf_081'];}
$get_user = dbarray(dbquery("SELECT user_name, user_posts, user_joined FROM ".DB_USERS." WHERE user_id = '".$userdata['user_id']."'"));
$get_group = dbarray(dbquery("SELECT group_name FROM ".DB_USER_GROUPS." WHERE group_id = '".$stf_type."'"));
$post_description = $locale['stf_074']."."]".$get_user['user_name']."".$line;
$post_description .= "<br /><br />";
$post_description .= $locale['stf_082']."".$stf_main_name."";
$post_description .= "<br /><br />";
$post_description .= $get_user['user_name'].$locale['stf_083']."".$get_group['group_name']."";
$post_description .= "<br /><br />";
$post_description .= $locale['stf_088'].$stf_real_name;
$post_description .= "<br /><br />";
$post_description .= $stf_text;
$post_description .= "<br /><br />";
$post_description .= $locale['stf_053']." ".$get_user['user_posts'];
$post_description .= "<br />";
$post_description .= $locale['stf_043']." ".showdate("shortdate", $get_user['user_joined']);
$result = dbquery("INSERT INTO ".DB_THREADS." (forum_id, thread_subject, thread_author, thread_views, thread_lastpost, thread_lastpostid, thread_lastuser, thread_postcount)
VALUES('".$forum_id."', '".$thread_subject.$stf_real_name."', '".$dummy_user."', '0', '".time()."', '0', '".$dummy_user."', '1')");
$thread_id = mysql_insert_id();
$result = dbquery("INSERT INTO ".DB_POSTS." (forum_id, thread_id, post_message, post_showsig, post_author, post_datestamp, post_ip, post_edituser, post_edittime)
VALUES ('".$forum_id."', '$thread_id', '".$post_description."', '0', '".$dummy_user."', '".time()."', '".USER_IP."', '0', '0')");
$post_id = mysql_insert_id();
$result = dbquery("UPDATE ".DB_FORUMS." SET forum_lastpost='".time()."', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastuser='1' WHERE forum_id='".$forum_id."'");
$result = dbquery("UPDATE ".DB_THREADS." SET thread_lastpostid='".$post_id."' WHERE thread_id='".$thread_id."'");
$result = dbquery("UPDATE ".DB_USERS." SET user_posts=user_posts+1, user_lastvisit='".time()."' WHERE user_id='".$dummy_user."'");
opentable($locale['stf_031']);
echo "<div style='text-align:center'><br />\n".$locale['stf_030'].$stf_real_name."<br />\n".$locale['stf_025']."</div><br />\n";
closetable();
}
} else {
opentable($locale['stf_100']);
echo "<div><br />\n".$locale['stf_101']."<br /><br /></div>\n";
closetable();
opentable($locale['stf_036']);
echo "<form id='staff_app' name='staff_app' method='post' action='".FUSION_SELF."'>\n";
echo "<table class='center' align='center' width='80%'>\n<tr>\n";
echo "<th valign='top' colspan='2' class='tbl'>".$locale['stf_002']."</th>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl' align='right'>".$locale['stf_003'].":</td>\n";
echo "<td class='tbl'><input type='text' name='stf_real_name' maxlength='30' class='textbox' style='width:300px;' /></td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl' align='right'>".$locale['stf_017'].":</td>\n";
echo "<td class='tbl'><input type='text' name='stf_main_name' maxlength='30' class='textbox' style='width:210px;' /> <input type='text' name='stf_main_name_id' maxlength='30' class='textbox' style='width:80px;' /></td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1' align='right'>".$locale['stf_059']."</td>\n";
echo "<td class='tbl1' nowrap valign='top'>";
$resulta= dbquery("SELECT
group_id,
group_name
FROM ".DB_USER_GROUPS."
WHERE group_id ='4' OR group_id ='1' OR group_id ='2' OR group_id = '3'
ORDER BY
group_id ASC
");
if (dbrows($resulta)) {
echo "<select name='stf_type' class='textbox' style='width:300px;'>\n";
echo "<option value='0'>".$locale['stf_016']."</option>\n";
while ($datab = dbarray($resulta)) {
if (!in_array($datab['group_id'], explode(".", $userdata['user_groups']))) {
echo "<option value='".$datab['group_id']."'>".$datab['group_name']."</option>\n";
}
}
} else { echo "<div align='center'><br />".$locale['stf_063']."</div>\n";
}
echo "</select>\n</td>\n";
echo "</tr>\n<tr>\n";
echo "<td valign='top' class='tbl' align='right'>".$locale['stf_006'].":</td>\n";
echo "<td class='tbl'><textarea name='stf_text' class='textbox' cols='60' rows='5' style='width:300px'></textarea>\n</td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1' colspan='2' align='center'><input type='submit' name='staff_app' value='".$locale['stf_056']."' class='button' />\n";
echo "</tr>\n</table>\n";
echo "</form>\n";
closetable();
}
} else {
opentable($locale['stf_057']);
echo "<div style='text-align:center'><br /><br />\n".$locale['stf_073']."<br /><br /><img src='".IMAGES."smiley/wink.gif' alt='Smile' /><br /><br /></div>\n";
closetable();
}
require_once THEMES."templates/footer.php";
?>[/syntaxhighlighter]
Why when a user clicks to join the team and complete the form shows that there is error in ID field.
Code Download source
You have entered your user ID for this site!<br />Please enter your user ID number from this siteEverything is filled correctly.
I tried to enter another name with another ID and everything was fine. I think leaks occur in the code but I'm not sure. I did anywhere not see the code checking possible ID. What is the reason it and how to fix this? Thanks
[syntaxhighlighter brush=php,first-line=1,highlight=0,collapse=false,html-script=false]<?php
/*-------------------------------------------------------+
| PHPFusion Content Management System
| Copyright (C) 2002 - 2011 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: staff_application.php
| Author: Philip Daly (HobbyMan)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../../maincore.php";
require_once THEMES."templates/header.php";
include INFUSIONS."staff_application/infusion_db.php";
if (file_exists(INFUSIONS."staff_application/locale/".$settings['locale'].".php")) {
include INFUSIONS."staff_application/locale/".$settings['locale'].".php";
} else {
include INFUSIONS."staff_application/locale/English.php";
}
add_to_title(" | ".$locale['stf_002']);
$error = "";
if (iMEMBER) {
if (isset($_POST['staff_app'])) {
$stf_real_name = stripinput($_POST['stf_real_name']);
$stf_main_name = stripinput($_POST['stf_main_name']);
$stf_main_name_id = stripinput($_POST['stf_main_name_id']);
$stf_type = stripinput($_POST['stf_type']);
$stf_text = stripinput($_POST['stf_text']);
$post_description = "";
if ($stf_real_name == "") { $error .= $locale['stf_012']."<br />\n"; }
if ($stf_main_name == "") { $error .= $locale['stf_051']."<br />\n"; }
if ($stf_main_name_id == $userdata['user_id']) { $error .= $locale['stf_052']."<br />\n"; }
if ($stf_main_name_id == "") { $error .= $locale['stf_044']."<br />\n"; }
if ($stf_type == '0') { $error .= $locale['stf_055']."<br />\n"; }
if ($stf_text == "") {
$error .= $locale['stf_075']."<br />\n";
}
if ($error) {
opentable($locale['stf_012']);
echo "<div style='text-align:center'><br />\n".$locale['stf_029']."<br /><br />\n$error<br /><br /><a href='".FUSION_SELF."'>".$locale['stf_054']."</a></div><br />\n";
closetable();
} else {
$result = dbquery("INSERT INTO ".DB_STF_APPLICATIONS." (stf_id, stf_user_id, stf_real_name, stf_main_name, stf_main_name_id, stf_email, stf_type, stf_ip, stf_status, stf_admin, stf_text, stf_datestamp, stf_approver_comment)
VALUES ('', '".$userdata['user_id']."', '".$stf_real_name."', '".$stf_main_name."', '".$stf_main_name_id."', '".$userdata['user_email']."', '".$stf_type."', '".USER_IP."', '', '', '".$stf_text."', '".time()."', '')");
$dummy_user = "11";
if ($stf_type == '4') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
elseif ($stf_type == '7') { $forum_id = "60"; $thread_subject = $locale['stf_080']; $line = $locale['stf_081'];}
elseif ($stf_type == '8') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
elseif ($stf_type == '9') {$forum_id = "76"; $thread_subject = $locale['stf_089']; $line = $locale['stf_090'];}
else { $forum_id = "60"; $thread_subject = $locale['stf_080']; $line = $locale['stf_081'];}
$get_user = dbarray(dbquery("SELECT user_name, user_posts, user_joined FROM ".DB_USERS." WHERE user_id = '".$userdata['user_id']."'"));
$get_group = dbarray(dbquery("SELECT group_name FROM ".DB_USER_GROUPS." WHERE group_id = '".$stf_type."'"));
$post_description = $locale['stf_074']."."]".$get_user['user_name']."".$line;
$post_description .= "<br /><br />";
$post_description .= $locale['stf_082']."".$stf_main_name."";
$post_description .= "<br /><br />";
$post_description .= $get_user['user_name'].$locale['stf_083']."".$get_group['group_name']."";
$post_description .= "<br /><br />";
$post_description .= $locale['stf_088'].$stf_real_name;
$post_description .= "<br /><br />";
$post_description .= $stf_text;
$post_description .= "<br /><br />";
$post_description .= $locale['stf_053']." ".$get_user['user_posts'];
$post_description .= "<br />";
$post_description .= $locale['stf_043']." ".showdate("shortdate", $get_user['user_joined']);
$result = dbquery("INSERT INTO ".DB_THREADS." (forum_id, thread_subject, thread_author, thread_views, thread_lastpost, thread_lastpostid, thread_lastuser, thread_postcount)
VALUES('".$forum_id."', '".$thread_subject.$stf_real_name."', '".$dummy_user."', '0', '".time()."', '0', '".$dummy_user."', '1')");
$thread_id = mysql_insert_id();
$result = dbquery("INSERT INTO ".DB_POSTS." (forum_id, thread_id, post_message, post_showsig, post_author, post_datestamp, post_ip, post_edituser, post_edittime)
VALUES ('".$forum_id."', '$thread_id', '".$post_description."', '0', '".$dummy_user."', '".time()."', '".USER_IP."', '0', '0')");
$post_id = mysql_insert_id();
$result = dbquery("UPDATE ".DB_FORUMS." SET forum_lastpost='".time()."', forum_postcount=forum_postcount+1, forum_threadcount=forum_threadcount+1, forum_lastuser='1' WHERE forum_id='".$forum_id."'");
$result = dbquery("UPDATE ".DB_THREADS." SET thread_lastpostid='".$post_id."' WHERE thread_id='".$thread_id."'");
$result = dbquery("UPDATE ".DB_USERS." SET user_posts=user_posts+1, user_lastvisit='".time()."' WHERE user_id='".$dummy_user."'");
opentable($locale['stf_031']);
echo "<div style='text-align:center'><br />\n".$locale['stf_030'].$stf_real_name."<br />\n".$locale['stf_025']."</div><br />\n";
closetable();
}
} else {
opentable($locale['stf_100']);
echo "<div><br />\n".$locale['stf_101']."<br /><br /></div>\n";
closetable();
opentable($locale['stf_036']);
echo "<form id='staff_app' name='staff_app' method='post' action='".FUSION_SELF."'>\n";
echo "<table class='center' align='center' width='80%'>\n<tr>\n";
echo "<th valign='top' colspan='2' class='tbl'>".$locale['stf_002']."</th>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl' align='right'>".$locale['stf_003'].":</td>\n";
echo "<td class='tbl'><input type='text' name='stf_real_name' maxlength='30' class='textbox' style='width:300px;' /></td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl' align='right'>".$locale['stf_017'].":</td>\n";
echo "<td class='tbl'><input type='text' name='stf_main_name' maxlength='30' class='textbox' style='width:210px;' /> <input type='text' name='stf_main_name_id' maxlength='30' class='textbox' style='width:80px;' /></td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1' align='right'>".$locale['stf_059']."</td>\n";
echo "<td class='tbl1' nowrap valign='top'>";
$resulta= dbquery("SELECT
group_id,
group_name
FROM ".DB_USER_GROUPS."
WHERE group_id ='4' OR group_id ='1' OR group_id ='2' OR group_id = '3'
ORDER BY
group_id ASC
");
if (dbrows($resulta)) {
echo "<select name='stf_type' class='textbox' style='width:300px;'>\n";
echo "<option value='0'>".$locale['stf_016']."</option>\n";
while ($datab = dbarray($resulta)) {
if (!in_array($datab['group_id'], explode(".", $userdata['user_groups']))) {
echo "<option value='".$datab['group_id']."'>".$datab['group_name']."</option>\n";
}
}
} else { echo "<div align='center'><br />".$locale['stf_063']."</div>\n";
}
echo "</select>\n</td>\n";
echo "</tr>\n<tr>\n";
echo "<td valign='top' class='tbl' align='right'>".$locale['stf_006'].":</td>\n";
echo "<td class='tbl'><textarea name='stf_text' class='textbox' cols='60' rows='5' style='width:300px'></textarea>\n</td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1' colspan='2' align='center'><input type='submit' name='staff_app' value='".$locale['stf_056']."' class='button' />\n";
echo "</tr>\n</table>\n";
echo "</form>\n";
closetable();
}
} else {
opentable($locale['stf_057']);
echo "<div style='text-align:center'><br /><br />\n".$locale['stf_073']."<br /><br /><img src='".IMAGES."smiley/wink.gif' alt='Smile' /><br /><br /></div>\n";
closetable();
}
require_once THEMES."templates/footer.php";
?>[/syntaxhighlighter]
most of the attractive designs, cute dressescute dresses . sexy prom dressessexy prom dresses a single of which will be the Marc by March Jacobs Classic Q Petite Drawstring Leather Tote, . black lace dressblack lace dress . it has the double shoulder strap, with an additional removable shoulder strap. It has enough space to put all your accessories. Bridesmaid jewelry is a traditional gift from the bride. This does not mean that it has to be given as a gift from the bride. In the event you would rather give another gift to your bridal party, do so and let the bridesmaids coordinate their jewelry, you'll be able to choose may be the hand bags or some other factors as gifts to them for your wedding. Are you looking for gorgeous black bridesmaid dresses, please visit discountdress discount wedding dressesdiscount wedding dresses , one of top wedding dress online seller, also supplies evening dresses and short prom dresses. sexy prom dressessexy prom dresses lace dresseslace dresses . The central bank finally the second cut reserve: the Beats By Dr Dre bank of China
Category Forum
Panels and InfusionsLabels
None yet
Statistics
- Views 0 views
- Posts 1 post
- Votes 0 votes
- Topic users 1 member
1 participant
byv79 10
- Junior Member, joined since
- Contributed 22 posts on the community forums.
- Started 9 threads in the forums
- Started this discussions
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions