Topic: PHP Page submitting POST to itself

[mrcopper]

Hello,
        I'm looking to create a PHP page through the simpleportal interface that will accept data into a form and then POST to itself, use the data to call a fucntion included through @require_once. I've done a bit of development already but am still a bit new.

This is what I have for the page code so far:

Code: [Select]

//@require_once($boarddir .  '/Webhooks/countryassoc.php');
if(isset($_POST['submit']))
{
    $countrynum = $_POST['num'];
    assoc_country($countrynum);
}
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
         Country Number :<input type="text" name="num"><br>
         <input type="submit" name="submit" value="Change Country Number"><br>
         </form>';
The @require is commented because I'm still fighting with it right now. Here is the content of countryassoc.php

Code: [Select]

<?php
function assoc_country($countrynum)
{
global $user_info;
$query = $smcFunc['db_insert']('','earth.usertocountry',
array(
'id_member' => 'int', 'countrynum' => 'int'),
array(
$user_info['id'], $countrynum),
array(
'id_member','countrynum')
);
echo "Country Number Changed!";
return 0;
}


?>


Thanks in advance for any information you can offer

[Underdog]

mrcopper,

  At the onset of your block, prior to your require command you neglected to call the $boarddir global.

Code: [Select]

global $boarddir;
@require_once($boarddir .  '/Webhooks/countryassoc.php');
if(!empty($_REQUEST['num']) && isset($_REQUEST['save']))
{
    $countrynum = $_REQUEST['num'];
    assoc_country($countrynum);
}
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
         Country Number :<input type="text" name="num" /><br />
         <input type="submit" name="submit" value="Change Country Number" /><br />
         </form>';


[mrcopper]

Underdog,
     Thanks, that seems to have cleared up part of the issue. However, after the submit I am still having problems which I believe reside in the included php file

Code: [Select]

<?php
function assoc_country($countrynum)
{
global $user_info;
$smcFunc['db_insert']('','earth.usertocountry',
array(
'id_member' => 'int', 'countrynum' => 'int'),
array(
$user_info['id'], $countrynum),
array(
'id_member')
); 
echo "Country Number Changed!";
}


?>

This is my first time attempting to use smfFunc['db_insert'] so I'm not sure if I'm using it correctly.

[Underdog]

mrcopper,

  You are not informing us of the error you are receiving from it but I will hazard a guess to say the table does not exist as you did not initially create it and also you forgot the $smcFunc global. Also you can set the necessary variable(s) within the brackets which will only take affect if they were initially undefined.

For this setup, I suggest not using a period in your table name.. try underscore. Also you need a key column in your table set to auto increment (set this up when creating your table).

Below I put some logic to also ensure the value of $countrynum is not below the integer of 1 where I assume you are not using that value for a country id #... change the logic to less than 0 if you are.

There is an extra query below to check if the table exists.. once it is created you could remove the code but I wouldn't bother.. just leave it.

Code: [Select]

<?php
if (!defined('SMF'))
die('Hacking attempt...');

/* Main function */
function assoc_country($countrynum = 0)
{
global $user_info, $smcFunc;

if ((int)$countrynum < 1 || (int)$user_info['id'] < 1)
return false;

if (!check_table_exists_mycountry('earth_usertocountry', false))
{
$smcFunc['db_query']('', "CREATE TABLE {db_prefix}earth_usertocountry
(
`reference` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`id_member` mediumint(8) unsigned NOT NULL default 0,
`countrynum` int(10) unsigned NOT NULL default 0,
PRIMARY KEY (`reference`))"
);
}

$smcFunc['db_query']('', "INSERT INTO {db_prefix}earth_usertocountry (`id_member`, `countrynum`) VALUES ({int:member}, {int:country})", array(member => (int)$user_info['id'], country => (int)$countrynum));

echo "Country Number Changed!";
}

/* Check if table exists */
function check_table_exists_mycountry($table, $checkval = false)
{
global $smcFunc;
$check = $smcFunc['db_query']('', "SHOW TABLES LIKE {db_prefix}{string:mytable}", array(mytable => $table));
$checkval = $smcFunc['db_num_rows']($check);
$smcFunc['db_free_result']($check);
if ((int)$checkval > 0)
return true;

return false;
}
?>
 

[mrcopper]

So I have attempted to implement some of the advice you gave me. I was using earth.usertocountry because I was storing stuff for my changes to another database on the same server. It worked properly for a select statement so I figure it shouldn't be an issue for insert/update.

Also, the table was infact created but I was not using an auto-incrementing primary key. I recreated the table to look like the one in your version of the script. Here is what I have now below. Still getting problems. I'm not getting an error, after I submit the number to be changed I'm getting a blank page and nothing is inserted into the database, no error though.

Code: [Select]

<?php
if (!defined('SMF'))
die('Hacking attempt...');
function assoc_country($countrynum = 0)
{
global $user_info;
global $smcFunc;
echo "got this far";
if ((int)$countrynum < 1 || (int)$user_info['id'] < 1)
return false;

$query = $smcFunc['db_query']('',"SELECT * FROM earth.usertocountry WHERE id_member={int:user_id}",array('user_id' => $user_info['id']));
// Check to see if the user already has a country number assigned
if ($smcFunc['db_fetch_assoc']($query) == 0 || $smcFunc['db_fetch_assoc']($query) == nil) {
$query2 = $smcFunc['db_query']('',"INSERT INTO earth.usertocountry (`id_member`, `countrynum`) VALUES ({int:member}, {int:country})",array('member' => (int)$user_info['id'], 'country' => (int)$countrynum));
} else {
$query2 = $smcFunc['db_query']('',"UPDATE earth.usertocountry SET 'countrynum'={int:country} WHERE 'id_member'={int:member}", array('country' => (int)$countrynum , 'member' => (int)$user_info['id']));
}

}


?>

[mrcopper]

So I've left this problem behind and moved on to others. The main error I always seem to get is this blank page. Is there anyway to get a more detailed error than a blank page out of this?

[Underdog]

mrcopper,

  Atm I do not know why but the arrays were not working within $smcFunc.. probably something I'm not noticing that I put in err.

  Anyhow, I rewrote & tested the code below which functions as you wish:

php file (folder & file are lower case) ~ file is attached:
webhooks/countryassoc.php

Code: [Select]

<?php
if (!defined('SMF'))
die('Hacking attempt...');

/* Main function */
function assoc_country($countrynum = 0)
{
global $user_info, $smcFunc;

if ((int)$countrynum < 1 || (int)$user_info['id'] < 1)
return false;

$memberid = (int)$user_info['id'];

if (!check_table_exists_mycountry('earth_usertocountry', false))
{
$smcFunc['db_query']('', "CREATE TABLE {db_prefix}earth_usertocountry
(
`reference` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`id_member` mediumint(8) unsigned NOT NULL default 0,
`countrynum` int(10) unsigned NOT NULL default 0,
PRIMARY KEY (`reference`))"
);
}

if (!check_user())
{
$smcFunc['db_query']('', "INSERT INTO {db_prefix}earth_usertocountry (`id_member`, `countrynum`) VALUES ({$memberid}, {$countrynum})");
$message = "Country Number Added!";
}
else
{
$smcFunc['db_query']('', "UPDATE {db_prefix}earth_usertocountry SET countrynum = {$countrynum} WHERE id_member = {$memberid}");
$message = "Country Number Changed!";
}

return $message;
}

/* Check if table exists */
function check_table_exists_mycountry($table, $checkval = false)
{
global $db_prefix, $smcFunc;
$check = $smcFunc['db_query']('', "SHOW TABLES LIKE '{$db_prefix}$table'");
$checkval = $smcFunc['db_num_rows']($check);
$smcFunc['db_free_result']($check);
if ((int)$checkval > 0)
return true;

return false;
}

function check_user()
{
global $smcFunc, $user_info;

if ((int)$user_info['id'] < 1)
return false;

$userid = (int)$user_info['id'];

$result = $smcFunc['db_query']('', "SELECT id_member FROM {db_prefix}earth_usertocountry WHERE id_member = {$userid} LIMIT 1");
$check = $smcFunc['db_num_rows']($result);
$smcFunc['db_free_result']($result);
if ((int)$check > 0) 
return true;

return false;
}

function currentPage($pageURL = 'http://') 
{         
if (!empty($_SERVER["HTTPS"]))
$pageURL = "https://";

if ((!empty($_SERVER["SERVER_PORT"])) && $_SERVER["SERVER_PORT"] != "80") 
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
else 
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; 

return $pageURL;
}  
?>

Custom php block:

Code: [Select]

global $boarddir, $context;
@require_once($boarddir .  '/webhooks/countryassoc.php');
if(!empty($_REQUEST['num']) && isset($_REQUEST['submit']))
{
    $countrynum = (int)$_REQUEST['num'];
    $context['countryNumber'] = assoc_country($countrynum);     
}

$message = !empty($context['countryNumber']) ? $context['countryNumber'] : false;

echo '
<form action="' . currentPage() . '" method="post">
<span style="text-align:left;">Country Number :<input type="text" name="num" maxlength="4" style="width:40px;" /></span><br />
<span style="text-align:left;"><input type="submit" name="submit" value="Change Country Number" /></span><br />
</form>
<span style="color:red;text-align:left;">', $message, '</span>';

  I put some span tags with style attributes just so you get the concept of having it display as you wish.
Look up some css references at w3schools or similar to adjust those to your liking.
text-align:left; is actually default & is not necessary but I put it in as an example.

  This will add a new table if it does not exist, add a new entry if one does not exist for the user or update/edit an existing entry for the user id.

  Also put the attached index.php file in your webhooks folder & please notice that the folder & file names are lower case in this example. The index file will help protect the directory by not allowing access to view its contents.