The Coder Posted July 19, 2012 Share Posted July 19, 2012 While playing around with my staff.php, I got myself into a serious dilemma, I get an error- Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/gothcent/public_html/staff.php on line 272 I'm not sure whats wrong with line 272? Or what is required to make this up and running again. :( Here is the code set for the page:- <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: staff.php * Signature: 740ee1855cec0570ee80fddac656162b * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('sglobals.php'); if (!isset($_GET['action'])) { $_GET['action'] = 'index'; } switch ($_GET['action']) { case 'basicset': basicsettings(); break; case 'announce': announcements(); break; case 'staffaps': staffaps(); break; case 'lstaffaps': lstaffaps(); break; default: index(); break; } function basicsettings() { global $db, $ir, $c, $h, $userid, $set; if ($ir['user_level'] != 2) { echo 'You cannot access this area.<br /> > <a href="staff.php">Go Back</a>'; die($h->endpage()); } $_POST['game_name'] = (isset($_POST['game_name']) && preg_match( "/^[a-z0-9_.]+([\\s]{1}[a-z0-9_.]|[a-z0-9_.])+$/i", $_POST['game_name'])) ? $db->escape( strip_tags(stripslashes($_POST['game_name']))) : ''; $_POST['game_owner'] = (isset($_POST['game_owner']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['game_owner'])) ? $db->escape( strip_tags(stripslashes($_POST['game_owner']))) : ''; $_POST['game_description'] = (isset($_POST['game_description'])) ? $db->escape( strip_tags( stripslashes($_POST['game_description']))) : ''; $_POST['paypal'] = (isset($_POST['paypal']) && filter_input(INPUT_POST, 'paypal', FILTER_VALIDATE_EMAIL)) ? $db->escape(stripslashes($_POST['paypal'])) : ''; $_POST['ct_refillprice'] = (isset($_POST['ct_refillprice']) && is_numeric($_POST['ct_refillprice'])) ? abs(intval($_POST['ct_refillprice'])) : ''; $_POST['ct_iqpercrys'] = (isset($_POST['ct_iqpercrys']) && is_numeric($_POST['ct_iqpercrys'])) ? abs(intval($_POST['ct_iqpercrys'])) : ''; $_POST['ct_moneypercrys'] = (isset($_POST['ct_moneypercrys']) && is_numeric($_POST['ct_moneypercrys'])) ? abs(intval($_POST['ct_moneypercrys'])) : ''; $_POST['willp_item'] = (isset($_POST['willp_item']) && is_numeric($_POST['willp_item'])) ? abs(intval($_POST['willp_item'])) : ''; $_POST['validate_on'] = (isset($_POST['validate_on']) && in_array($_POST['validate_on'], array('1', '0'), true)) ? $_POST['validate_on'] : FALSE; $_POST['validate_period'] = (isset($_POST['validate_period']) && in_array($_POST['validate_period'], array('5', '15', '60', 'login'), true)) ? $_POST['validate_period'] : FALSE; $_POST['regcap_on'] = (isset($_POST['regcap_on']) && in_array($_POST['regcap_on'], array('1', '0'), true)) ? $_POST['regcap_on'] : FALSE; $_POST['sendcrys_on'] = (isset($_POST['sendcrys_on']) && in_array($_POST['sendcrys_on'], array('1', '0'), true)) ? $_POST['sendcrys_on'] : FALSE; $_POST['sendbank_on'] = (isset($_POST['sendbank_on']) && in_array($_POST['sendbank_on'], array('1', '0'), true)) ? $_POST['sendbank_on'] : FALSE; if (empty($_POST['game_name']) || empty($_POST['game_owner']) || empty($_POST['game_description']) || empty($_POST['paypal']) || empty($_POST['ct_refillprice']) || empty($_POST['ct_iqpercrys']) || empty($_POST['ct_moneypercrys']) || is_bool($_POST['validate_on']) || is_bool($_POST['validate_period']) || is_bool($_POST['regcap_on']) || is_bool($_POST['sendcrys_on']) || is_bool($_POST['sendbank_on'])) { $csrf = request_csrf_html('staff_basicset'); echo " <h3>Basic Settings</h3> <hr /> <form action='staff.php?action=basicset' method='post'> Game Name: <input type='text' name='game_name' value='{$set['game_name']}' /><br /> Game Owner: <input type='text' name='game_owner' value='{$set['game_owner']}' /><br /> Game Description:<br /> <textarea rows='7' cols='50' name='game_description'>{$set['game_description']}</textarea><br /> Paypal Address: <input type='text' name='paypal' value='{$set['paypal']}' /><br /> Gym/Crimes Validation: <select name='validate_on' type='dropdown'> "; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['validate_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> <br /> Validation Period: <select name='validate_period' type='dropdown'>"; $opt = array("5" => "Every 5 Minutes", "15" => "Every 15 Minutes", "60" => "Every Hour", "login" => "Every Login"); foreach ($opt as $k => $v) { echo ($k == $set['validate_period']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> <br /> Registration CAPTCHA: <select name='regcap_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['regcap_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> <br /> Send Crystals: <select name='sendcrys_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['sendcrys_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> <br /> Bank Transfers: <select name='sendbank_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['sendbank_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> <br /> Energy Refill Price (crystals): <input type='text' name='ct_refillprice' value='{$set['ct_refillprice']}' /> <br /> IQ per crystal: <input type='text' name='ct_iqpercrys' value='{$set['ct_iqpercrys']}' /> <br /> Money per crystal: <input type='text' name='ct_moneypercrys' value='{$set['ct_moneypercrys']}' /> <br /> Will Potion Item: " . item_dropdown(NULL, "willp_item", $set['willp_item']) . "<br /> {$csrf} <input type='submit' value='Update Settings' /> </form> "; } else { staff_csrf_stdverify('staff_basicset', 'staff.php?action=basicset'); unset($_POST['verf']); if (!empty($_POST['willp_item'])) { $qi = $db->query( 'SELECT `itmid` FROM `items` WHERE `itmid` = ' . $_POST['willp_item']); if ($db->num_rows($qi) == 0) { echo ' The item you tried to input doesn\'t seem to be a real item.<br /> > <a href="staff.php?action=basicset">Go Back</a> '; die($h->endpage()); } } else { $_POST['willp_item'] = 0; echo 'Please remember to make a will potion item and set it<br />'; } foreach ($_POST as $k => $v) { $db->query( "UPDATE `settings` SET `conf_value` = '$v' WHERE `conf_name` = '$k'"); } echo ' Settings updated!<br /> > <a href="staff.php?action=basicset">Go Back</a> '; stafflog_add("Updated the basic game settings"); } } function announcements() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { echo '<font color="#FF0000>403 - Unauthorized Access</font>'; $h->endpage(); exit; } if($_POST['TITLE']) { if(strlen($_POST['TITLE']) < 5) { echo 'Sorry, the annoucement title is too short. <a href='staff_annouce.php?addannouce' >Go Home</a>"; $h->endpage(); exit; } $AddAnnouce = sprintf("INSERT INTO mod_announcements (`annouce_NAME`, `annouce_TEXT`, `annouce_TIME`, `annouce_URGENCY`, `annouce_TOPIC`, `annouce_POSTED`)VALUES ('{$_POST['TITLE']}', '{$_POST['TEXT']}', unix_timestamp(), '{$_POST['URGENCY']}', '{$_POST['TOPIC']}', '{$_POST['POSTED']}')"); $db->query ($AddAnnouce); $db->query("UPDATE users SET `new_announcements` = `new_announcements` + 1"); echo 'Announcement added! <a href='announcements.php' >Go Home</a>"; stafflog_add('Posted A New Annoucement'); $h->endpage(); exit; } else { echo '<hr width=70%>Adding an announcement...</hr> <hr width=70%>Please try to make sure the announcement is concise and covers everything you want it to. <form action="staff.php?action=announce" method="post"></hr> Announcement Title: <input type="text" name="TITLE"> <hr width=70%>Announcement Text:</hr> <center><hr width=70%><textarea name="TEXT" rows="10" cols="60"></textarea></hr></center> <hr width=70%>Announcement Urgency:</hr> <select name="URGENCY" type="dropdown"> <option value="No Urgency">No Urgency</option> <option value="Low">Low</option> <option value="Medium">Medium</option> <option value="High">High</option> <option value="Urgent">Urgent</option> </select> <hr width=70%>Announcement Topic:</hr> <select name="TOPIC" type="dropdown"> <option value="Updates">Updates</option> <option value="General News">General News</option> <option value="Fun">Fun</option> <option value="Warnings!">Warnings!</option> <option value="Design Info">Design Info</option> <option value="Edits">Edits</option> </select> <input type="hidden" name="POSTED" value="'.$ir['username'].'"> <hr width=70%><input type="submit" value="Add Announcement!" /></hr> </form>'; } } function lstaffaps() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['lock'] = abs((int) $_GET['lock']); if($_GET['lock'] == '1') { $db->query("UPDATE `settings` SET conf_value='Locked' WHERE conf_name='stafflock'"); stafflog_add("Locked Staff Applications."); echo "Staff applications are now locked. ><a href="http://staff.php" target="_blank">Go Back</a>"; $h->endpage(); exit; } else if($_GET['lock'] == '2') { $db->query("UPDATE `settings` SET conf_value='Unlocked' WHERE conf_name='stafflock'"); stafflog_add("Unlocked Staff Applications."); echo "Staff applications are now unlocked. ><a href="http://staff.php" target="_blank">Go Back</a>"; $h->endpage(); exit; } } function staffaps() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_POST['accept'] = abs((int) $_POST['accept']); $_POST['pos'] = abs((int) $_POST['pos']); $_POST['ID'] = abs((int) $_POST['ID']); if($_POST['accept'] == '1') { $sql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $_POST['ID']); $sql = $db->query($sql); $usr1 = $db->fetch_row($sql); if($_POST['pos'] == '2') { $pos="Admin"; } if($_POST['pos'] == '3') { $pos="Secretary"; } if($_POST['pos'] == '5') { $pos="Assistant"; } echo "{$usr1['username']} Applied for {$pos} You Accepted. <a href='staff.php' >Go Home</a>"; event_add($_POST['ID'],'Your staff application was accepted, Welcome to staff!', $c); stafflog_add("Accepted Staff Application from {$usr1['username']} for {$pos}"); $query = sprintf('UPDATE `users` SET user_level = %u WHERE userid = %u', $_POST['pos'], $_POST['ID']); $db->query($query); $query = sprintf('DELETE FROM `staffaps` WHERE ID = %u', $_POST['ID']); $db->query($query); $h->endpage(); exit; } if($_POST['accept'] == '2') { $sql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $_POST['ID']); $sql = $db->query($sql); $usr1 = $db->fetch_row($sql); if($_POST['pos'] == '2') { $pos="Admin"; } if($_POST['pos'] == '3') { $pos="Secretary"; } if($_POST['pos'] == '5') { $pos="Assistant"; } echo "{$usr1['username']} Applied for {$pos} You declined. <a href='staff.php' >Go Home</a>"; event_add($_POST['ID'],'Your staff application was declined.', $c); stafflog_add("Declined Staff Application from {$usr1['username']} for {$pos}"); $query = sprintf('DELETE FROM `staffaps` WHERE ID = %u', $_POST['ID']); $db->query($query); $h->endpage(); exit; } else { echo " <table width=100% border=1 class=h><tr><th>Position</th><th>Why</th><th>Experience</th><th>Applicant</th><th>Action</th></tr> "; $gasp = $db->query('SELECT `position`, `ID`, `about`, `exp` FROM `staffaps` WHERE ID > 0 ORDER BY ID DESC'); while($r = $db->fetch_row($gasp)) { if($r['position'] == '2') { $pos="Admin"; } if($r['position'] == '3') { $pos="Secretary"; } if($r['position'] == '5') { $pos="Assistant"; } $ql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $r['ID']); $ql = $db->query($ql); $usr=$db->fetch_row($ql); echo "<td align='center'><form action='?action=staffaps' method='post'><input type='hidden' name='pos' value='{$r['position']}'><input type='hidden' name='ID' value='{$r['ID']}'>{$pos}</td><td>{$r['about']}</td><td>{$r['exp']}</td><td><a href='viewuser.php?u={$r["' >Go Home</a>"; >{$usr['username']}</a></td><td>Accept: <input type='radio' name='accept' value='1'> Decline: <input type='radio' name='accept' value='2'> <input type='submit' value='submit'></form></td></tr>"; } echo "</table>"; } } function index() { global $db, $ir, $c, $h, $userid, $set, $_CONFIG; if ($ir['user_level'] == 2) { $versq = $db->query("SELECT VERSION()"); $mv = $db->fetch_single($versq); $db->free_result($versq); $versionno = intval('20503'); $version = '2.0.5b'; echo " <h3>System Info</h3> <hr /> <table width='75%' cellspacing='1' class='table'> <tr> <th>PHP Version:</th> <td>" . phpversion() . "</td> </tr> <tr> <th>MySQL Version:</th> <td>$mv</td> </tr> <tr> <th>MySQL Driver:</th> <td>" . $_CONFIG['driver'] . "</td> </tr> <tr> <th>Codes Version:</th> <td>$version (Build: $versionno)</td> </tr> <tr> <th>Update Status:</th> <td> <iframe src='http://www.mccodes.com/update_check.php?version={$versionno}' width='250' height='30'></iframe> </td> </tr> </table> <hr /> <h3>Last 20 Staff Actions</h3><hr /> <table width='100%' cellspacing='1' class='table'> <tr> <th>Staff</th> <th>Action</th> <th>Time</th> <th>IP</th> </tr> "; $q = $db->query( "SELECT `user`, `action`, `time`, `ip`, `username` FROM `stafflog` AS `s` INNER JOIN `users` AS `u` ON `s`.`user` = `u`.`userid` ORDER BY `s`.`time` DESC LIMIT 20"); while ($r = $db->fetch_row($q)) { echo " <tr> <td>{$r['username']} [{$r['user']}]</td> <td>{$r['action']}</td> <td>" . date('F j Y g:i:s a', $r['time']) . "</td> <td>{$r['ip']}</td> </tr> "; } $db->free_result($q); echo '</table>'; } echo '<h3><hr width=50%>Staff Notepad</h3></hr>'; if (isset($_POST['pad'])) { staff_csrf_stdverify('staff_notepad', 'staff.php'); $pad = $db->escape(stripslashes($_POST['pad'])); $db->query( "UPDATE `settings` SET `conf_value` = '{$pad}' WHERE `conf_name` = 'staff_pad'"); $set['staff_pad'] = stripslashes($_POST['pad']); echo '<b>Staff Notepad Updated!</b><hr />'; } $csrf = request_csrf_html('staff_notepad'); echo " <hr width=50%><form action='staff.php' method='post'></hr> <textarea rows='10' cols='60' name='pad'>" . htmlentities($set['staff_pad'], ENT_QUOTES, 'ISO-8859-1') . "</textarea> <br /> {$csrf} <input type='submit' value='Update Notepad' /> </form> "; } $h->endpage(); Any help please? :( Quote Link to comment Share on other sites More sharing options...
Octet Posted July 19, 2012 Share Posted July 19, 2012 It looks like you've opened and closed your echo in the same line without finishing it. Try echo "Sorry, the annoucement title is too short. <a href = 'staff_announce.php?addannouce' > Go Home</a>"; You ended the echo when you opened the anchor tag. Quote Link to comment Share on other sites More sharing options...
The Coder Posted July 20, 2012 Author Share Posted July 20, 2012 Same issue, thanks for trying however. :( Quote Link to comment Share on other sites More sharing options...
Cronic Posted July 20, 2012 Share Posted July 20, 2012 Try this please. <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: staff.php * Signature: 740ee1855cec0570ee80fddac656162b * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('sglobals.php'); if (!isset($_GET['action'])) { $_GET['action'] = 'index'; } switch ($_GET['action']) { case 'basicset': basicsettings(); break; case 'announce': announcements(); break; case 'staffaps': staffaps(); break; case 'lstaffaps': lstaffaps(); break; default: index(); break; } function basicsettings() { global $db, $ir, $c, $h, $userid, $set; if ($ir['user_level'] != 2) { echo 'You cannot access this area. > <a href="staff.php">Go Back</a>'; die($h->endpage()); } $_POST['game_name'] = (isset($_POST['game_name']) && preg_match( "/^[a-z0-9_.]+([\\s]{1}[a-z0-9_.]|[a-z0-9_.])+$/i", $_POST['game_name'])) ? $db->escape( strip_tags(stripslashes($_POST['game_name']))) : ''; $_POST['game_owner'] = (isset($_POST['game_owner']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['game_owner'])) ? $db->escape( strip_tags(stripslashes($_POST['game_owner']))) : ''; $_POST['game_description'] = (isset($_POST['game_description'])) ? $db->escape( strip_tags( stripslashes($_POST['game_description']))) : ''; $_POST['paypal'] = (isset($_POST['paypal']) && filter_input(INPUT_POST, 'paypal', FILTER_VALIDATE_EMAIL)) ? $db->escape(stripslashes($_POST['paypal'])) : ''; $_POST['ct_refillprice'] = (isset($_POST['ct_refillprice']) && is_numeric($_POST['ct_refillprice'])) ? abs(intval($_POST['ct_refillprice'])) : ''; $_POST['ct_iqpercrys'] = (isset($_POST['ct_iqpercrys']) && is_numeric($_POST['ct_iqpercrys'])) ? abs(intval($_POST['ct_iqpercrys'])) : ''; $_POST['ct_moneypercrys'] = (isset($_POST['ct_moneypercrys']) && is_numeric($_POST['ct_moneypercrys'])) ? abs(intval($_POST['ct_moneypercrys'])) : ''; $_POST['willp_item'] = (isset($_POST['willp_item']) && is_numeric($_POST['willp_item'])) ? abs(intval($_POST['willp_item'])) : ''; $_POST['validate_on'] = (isset($_POST['validate_on']) && in_array($_POST['validate_on'], array('1', '0'), true)) ? $_POST['validate_on'] : FALSE; $_POST['validate_period'] = (isset($_POST['validate_period']) && in_array($_POST['validate_period'], array('5', '15', '60', 'login'), true)) ? $_POST['validate_period'] : FALSE; $_POST['regcap_on'] = (isset($_POST['regcap_on']) && in_array($_POST['regcap_on'], array('1', '0'), true)) ? $_POST['regcap_on'] : FALSE; $_POST['sendcrys_on'] = (isset($_POST['sendcrys_on']) && in_array($_POST['sendcrys_on'], array('1', '0'), true)) ? $_POST['sendcrys_on'] : FALSE; $_POST['sendbank_on'] = (isset($_POST['sendbank_on']) && in_array($_POST['sendbank_on'], array('1', '0'), true)) ? $_POST['sendbank_on'] : FALSE; if (empty($_POST['game_name']) || empty($_POST['game_owner']) || empty($_POST['game_description']) || empty($_POST['paypal']) || empty($_POST['ct_refillprice']) || empty($_POST['ct_iqpercrys']) || empty($_POST['ct_moneypercrys']) || is_bool($_POST['validate_on']) || is_bool($_POST['validate_period']) || is_bool($_POST['regcap_on']) || is_bool($_POST['sendcrys_on']) || is_bool($_POST['sendbank_on'])) { $csrf = request_csrf_html('staff_basicset'); echo " <h3>Basic Settings</h3> <hr /> <form action='staff.php?action=basicset' method='post'> Game Name: <input type='text' name='game_name' value='{$set['game_name']}' /> Game Owner: <input type='text' name='game_owner' value='{$set['game_owner']}' /> Game Description: <textarea rows='7' cols='50' name='game_description'>{$set['game_description']}</textarea> Paypal Address: <input type='text' name='paypal' value='{$set['paypal']}' /> Gym/Crimes Validation: <select name='validate_on' type='dropdown'> "; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['validate_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> Validation Period: <select name='validate_period' type='dropdown'>"; $opt = array("5" => "Every 5 Minutes", "15" => "Every 15 Minutes", "60" => "Every Hour", "login" => "Every Login"); foreach ($opt as $k => $v) { echo ($k == $set['validate_period']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> Registration CAPTCHA: <select name='regcap_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['regcap_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> Send Crystals: <select name='sendcrys_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['sendcrys_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> Bank Transfers: <select name='sendbank_on' type='dropdown'>"; $opt = array("1" => "On", "0" => "Off"); foreach ($opt as $k => $v) { echo ($k == $set['sendbank_on']) ? '<option value="' . $k . '" selected="selected">' . $v . '</option>' : '<option value="' . $k . '">' . $v . '</option>'; } echo " </select> Energy Refill Price (crystals): <input type='text' name='ct_refillprice' value='{$set['ct_refillprice']}' /> IQ per crystal: <input type='text' name='ct_iqpercrys' value='{$set['ct_iqpercrys']}' /> Money per crystal: <input type='text' name='ct_moneypercrys' value='{$set['ct_moneypercrys']}' /> Will Potion Item: " . item_dropdown(NULL, "willp_item", $set['willp_item']) . " {$csrf} <input type='submit' value='Update Settings' /> </form> "; } else { staff_csrf_stdverify('staff_basicset', 'staff.php?action=basicset'); unset($_POST['verf']); if (!empty($_POST['willp_item'])) { $qi = $db->query( 'SELECT `itmid` FROM `items` WHERE `itmid` = ' . $_POST['willp_item']); if ($db->num_rows($qi) == 0) { echo ' The item you tried to input doesn\'t seem to be a real item. > <a href="staff.php?action=basicset">Go Back</a> '; die($h->endpage()); } } else { $_POST['willp_item'] = 0; echo 'Please remember to make a will potion item and set it'; } foreach ($_POST as $k => $v) { $db->query( "UPDATE `settings` SET `conf_value` = '$v' WHERE `conf_name` = '$k'"); } echo ' Settings updated! > <a href="staff.php?action=basicset">Go Back</a> '; stafflog_add("Updated the basic game settings"); } } function announcements() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { echo '<font color="#FF0000>403 - Unauthorized Access</font>'; $h->endpage(); exit; } if($_POST['TITLE']) { if(strlen($_POST['TITLE']) < 5) { echo 'Sorry, the annoucement title is too short. <a href="staff_annouce.php?addannouce">Go Home</a>"; $h->endpage(); exit;'; } $AddAnnouce = sprintf("INSERT INTO mod_announcements (`annouce_NAME`, `annouce_TEXT`, `annouce_TIME`, `annouce_URGENCY`, `annouce_TOPIC`, `annouce_POSTED`)VALUES ('{$_POST['TITLE']}', '{$_POST['TEXT']}', unix_timestamp(), '{$_POST['URGENCY']}', '{$_POST['TOPIC']}', '{$_POST['POSTED']}')"); $db->query ($AddAnnouce); $db->query("UPDATE users SET `new_announcements` = `new_announcements` + 1"); echo 'Announcement added! <a href="announcements.php">Go Home</a>"; stafflog_add("Posted A New Annoucement"); $h->endpage(); exit; } else { echo "<hr width=70%>Adding an announcement...</hr> <hr width=70%>Please try to make sure the announcement is concise and covers everything you want it to. <form action="staff.php?action=announce" method="post"></hr> Announcement Title: <input type="text" name="TITLE"> <hr width=70%>Announcement Text:</hr> <center><hr width=70%><textarea name="TEXT" rows="10" cols="60"></textarea></hr></center> <hr width=70%>Announcement Urgency:</hr> <select name="URGENCY" type="dropdown"> <option value="No Urgency">No Urgency</option> <option value="Low">Low</option> <option value="Medium">Medium</option> <option value="High">High</option> <option value="Urgent">Urgent</option> </select> <hr width=70%>Announcement Topic:</hr> <select name="TOPIC" type="dropdown"> <option value="Updates">Updates</option> <option value="General News">General News</option> <option value="Fun">Fun</option> <option value="Warnings!">Warnings!</option> <option value="Design Info">Design Info</option> <option value="Edits">Edits</option> </select> <input type="hidden" name="POSTED" value="'.$ir['username'].'"> <hr width=70%><input type="submit" value="Add Announcement!" /></hr> </form>'; } } function lstaffaps() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['lock'] = abs((int) $_GET['lock']); if($_GET['lock'] == '1') { $db->query("UPDATE `settings` SET conf_value='Locked' WHERE conf_name='stafflock'"); stafflog_add("Locked Staff Applications."); echo "Staff applications are now locked. ><a href='http://staff.php' target='_blank'>Go Back</a>"; $h->endpage(); exit; } else if($_GET['lock'] == '2') { $db->query("UPDATE `settings` SET conf_value='Unlocked' WHERE conf_name='stafflock'"); stafflog_add("Unlocked Staff Applications."); echo "Staff applications are now unlocked. ><a href='http://staff.php' target='_blank'>Go Back</a>"; $h->endpage(); exit; } } function staffaps() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_POST['accept'] = abs((int) $_POST['accept']); $_POST['pos'] = abs((int) $_POST['pos']); $_POST['ID'] = abs((int) $_POST['ID']); if($_POST['accept'] == '1') { $sql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $_POST['ID']); $sql = $db->query($sql); $usr1 = $db->fetch_row($sql); if($_POST['pos'] == '2') { $pos="Admin"; } if($_POST['pos'] == '3') { $pos="Secretary"; } if($_POST['pos'] == '5') { $pos="Assistant"; } echo "{$usr1['username']} Applied for {$pos} You Accepted. <a href='staff.php' >Go Home</a>"; event_add($_POST['ID'],'Your staff application was accepted, Welcome to staff!', $c); stafflog_add("Accepted Staff Application from {$usr1['username']} for {$pos}"); $query = sprintf('UPDATE `users` SET user_level = %u WHERE userid = %u', $_POST['pos'], $_POST['ID']); $db->query($query); $query = sprintf('DELETE FROM `staffaps` WHERE ID = %u', $_POST['ID']); $db->query($query); $h->endpage(); exit; } if($_POST['accept'] == '2') { $sql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $_POST['ID']); $sql = $db->query($sql); $usr1 = $db->fetch_row($sql); if($_POST['pos'] == '2') { $pos="Admin"; } if($_POST['pos'] == '3') { $pos="Secretary"; } if($_POST['pos'] == '5') { $pos="Assistant"; } echo "{$usr1['username']} Applied for {$pos} You declined. <a href='staff.php' >Go Home</a>"; event_add($_POST['ID'],'Your staff application was declined.', $c); stafflog_add("Declined Staff Application from {$usr1['username']} for {$pos}"); $query = sprintf('DELETE FROM `staffaps` WHERE ID = %u', $_POST['ID']); $db->query($query); $h->endpage(); exit; } else { echo " <table width=100% border=1 class=h><tr><th>Position</th><th>Why</th><th>Experience</th><th>Applicant</th><th>Action</th></tr> "; $gasp = $db->query('SELECT `position`, `ID`, `about`, `exp` FROM `staffaps` WHERE ID > 0 ORDER BY ID DESC'); while($r = $db->fetch_row($gasp)) { if($r['position'] == '2') { $pos="Admin"; } if($r['position'] == '3') { $pos="Secretary"; } if($r['position'] == '5') { $pos="Assistant"; } $ql = sprintf('SELECT `username` FROM `users` WHERE userid = %u', $r['ID']); $ql = $db->query($ql); $usr=$db->fetch_row($ql); echo '<td align="center"><form action="?action=staffaps" method="post"><input type="hidden" name="pos" value="{$r["position"]}"><input type="hidden" name="ID" value="{$r["ID"]}">{$pos}</td><td>{$r["about"]}</td><td>{$r["exp"]}</td><td><a href="viewuser.php?u={$r["" >Go Home</a>"; >{$usr["username"]}</a></td><td>Accept: <input type="radio" name="accept" value="1"> Decline: <input type="radio" name="accept" value="2"> <input type="submit" value="submit"></form></td></tr>'; } echo "</table>"; } } function index() { global $db, $ir, $c, $h, $userid, $set, $_CONFIG; if ($ir['user_level'] == 2) { $versq = $db->query("SELECT VERSION()"); $mv = $db->fetch_single($versq); $db->free_result($versq); $versionno = intval('20503'); $version = '2.0.5b'; echo " <h3>System Info</h3> <hr /> <table width='75%' cellspacing='1' class='table'> <tr> <th>PHP Version:</th> <td>" . phpversion() . "</td> </tr> <tr> <th>MySQL Version:</th> <td>$mv</td> </tr> <tr> <th>MySQL Driver:</th> <td>" . $_CONFIG['driver'] . "</td> </tr> <tr> <th>Codes Version:</th> <td>$version (Build: $versionno)</td> </tr> <tr> <th>Update Status:</th> <td> <iframe src='http://www.mccodes.com/update_check.php?version={$versionno}' width='250' height='30'></iframe> </td> </tr> </table> <hr /> <h3>Last 20 Staff Actions</h3><hr /> <table width='100%' cellspacing='1' class='table'> <tr> <th>Staff</th> <th>Action</th> <th>Time</th> <th>IP</th> </tr> "; $q = $db->query( "SELECT `user`, `action`, `time`, `ip`, `username` FROM `stafflog` AS `s` INNER JOIN `users` AS `u` ON `s`.`user` = `u`.`userid` ORDER BY `s`.`time` DESC LIMIT 20"); while ($r = $db->fetch_row($q)) { echo " <tr> <td>{$r['username']} [{$r['user']}]</td> <td>{$r['action']}</td> <td>" . date('F j Y g:i:s a', $r['time']) . "</td> <td>{$r['ip']}</td> </tr> "; } $db->free_result($q); echo '</table>'; } echo '<h3><hr width=50%>Staff Notepad</h3></hr>'; if (isset($_POST['pad'])) { staff_csrf_stdverify('staff_notepad', 'staff.php'); $pad = $db->escape(stripslashes($_POST['pad'])); $db->query( "UPDATE `settings` SET `conf_value` = '{$pad}' WHERE `conf_name` = 'staff_pad'"); $set['staff_pad'] = stripslashes($_POST['pad']); echo '<b>Staff Notepad Updated!</b><hr />'; } $csrf = request_csrf_html('staff_notepad'); echo " <hr width=50%><form action='staff.php' method='post'></hr> <textarea rows='10' cols='60' name='pad'>" . htmlentities($set['staff_pad'], ENT_QUOTES, 'ISO-8859-1') . "</textarea> {$csrf} <input type='submit' value='Update Notepad' /> </form> "; } $h->endpage(); Quote Link to comment Share on other sites More sharing options...
Uridium Posted July 20, 2012 Share Posted July 20, 2012 THE CODER we have been through this problem before we told you that using ' more than 2 times will cause errors as will using " PLEASE review your other problem regards this matter on another thread and read how helpers have shown you the correct procedure to rectify the problem Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted July 20, 2012 Share Posted July 20, 2012 From what I see there is a bunch wrong with that file try removing all the target=blank, also remove http:// those are not needed at all since you are making a link for your root, and when you echo or print your quotes for your urls CAN NOT be the same as what you are using for the echo or print statement without escaping them and I believe it was illusions who showed that in another today as a matter of fact echo " <a href='yourlink.php'>Link</a>"; Not echo "<a href="yourlink.php">Link</a>"; Here is the help from illusions; to solve your T_STRING error as mentioned by SEKER whos Edits were correct you can do this one of 2 ways to fix it... require "globals.php"; if($set['stafflock'] == 'Locked'){ echo "Staff Applications are locked at the moment, please try again later.><a href=\"index.php\" >Go Home</a>"; $h->endpage();exit;}echo "<h3>Staff Applications</h3>"; $_POST['ID'] = abs((int) $_POST['ID']); if($_POST['ID']) or require "globals.php"; if($set['stafflock'] == 'Locked'){ echo "Staff Applications are locked at the moment, please try again later.><a href='index.php' >Go Home</a>"; $h->endpage();exit;}echo "<h3>Staff Applications</h3>"; $_POST['ID'] = abs((int) $_POST['ID']); if($_POST['ID']) Remember at all times if your echo or print starts with a " or a ' when you end out your echo or print you need to use the same method as you did to start with. example THIS WILL CREATE AN ERROR print " how are you world '; echo " how are you world '; the reason for this is because you started both statements with a " and ended it with a ' However you can use more than 1 " in a statement but you need to block the next " so the script doesnt think its finished ecample echo "we are here <a href="index.php">HERE</a>"; <<<<< will cause an error cos you have 4 " statements and it thinks the second " is the closing out statement so to cure this you can simply do this echo "we are here <a href=\"index.php\">HERE</a>"; <<<< the use of the \ tells the script you havent quite finished yet so carry on... Quote Link to comment Share on other sites More sharing options...
Sam Fisher Posted July 20, 2012 Share Posted July 20, 2012 I saw your staff.php and i noticed that on line 273 you opened the echo tag using a single quote and closed it using double quote Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.