Samurai Legend Posted August 5, 2022 Share Posted August 5, 2022 (edited) Hello, so no errors come up and every other part of the report system works. When I am on the editing page of the player reports it only shows the <h3> title. function pr_report_edit() { global $db, $ir, $c, $h, $userid; $_POST['ID'] = (isset($_POST['ID']) && is_numeric($_POST['ID'])) ? abs(intval($_POST['ID'])) : 0; if(isset($_POST['ID'], $_POST['status'])) { $max = $db->query( "SELECT `prID`, `prREPORTED` FROM `preports` WHERE `prID`= " . $_POST['ID'] . " LIMIT 1"); if(!ctype_digit($_POST['ID']) || !$db->num_rows($max)) { ?>Invalid ID.<?php exit($h->endpage()); } if(!in_array($_POST['status'], array(1, 2, 3, 4, 5))) { ?>Invalid Status.<?php exit($h->endpage()); } if(!$_POST['message']) { ?>You need to enter a message to send to the reporter. Please go back and try again.<?php exit($h->endpage()); } $db->query( "UPDATE `preports` SET `prSTATUS` = '". $_POST['status']. "' WHERE `prID` = '". $_POST['ID'] . "'"); $it = $db->query( "SELECT * FROM `preports` WHERE `prID` = {$_POST['ID']}"); $er = $db->fetch_row($it); $subj = $db->escape("Player report against " . username($er['prREPORTED'])); $msg = $db->escape($_POST['message']); $statnamearray = array( 1 => 'Pending Investigation', 2 => 'Investigation In Progress', 3 => 'Investigation Complete', 4 => 'Awaiting Reply From Reporter', 5 => 'Awaiting Reply From Reported' ); $status = $statnamearray[$er['prSTATUS']]; stafflog_add("Edited Player Report #" . $_POST['ID'] . " status"); $db->query( "INSERT INTO `mail` VALUES ('', 0, 0, " . $userid . ", " . $er['prREPORTER'] . ", " . time() . ", '" . $subj . "', '" . $msg . "')"); $db->query(" UPDATE `users` SET `new_mail` = `new_mail` + 1 WHERE `userid` = {$er['prREPORTER']}"); event_add($er['prREPORTER'], "Your player report against ". username($er['prREPORTED'], TRUE)." has been reviewed by staff member " . username($ir['userid'])." and has set this reports status to: ".$status); ?><span style="color: green;">The report has been edited!<? exit($h->endpage()); } else { $statnamearray = array( 1 => 'Pending Investigation', 2 => 'Investigation In Progress', 3 => 'Investigation Complete', 4 => 'Awaiting Reply From Reporter', 5 => 'Awaiting Reply From Reported' ); ?><form action="staff_reports.php?action=predit" method="post"> <table width='90%' cellpadding='1' class='table'> <tr> <th colspan='2'><strong>Process Report</strong></th> </tr> <tr> <td>Report ID:</td> <td align="left"><input type="text" name="ID" value="<?php echo $_GET['ID']; ?>" /> <font color='red'>*</font> [Report ID]</td> </tr> <tr> <td>New Status:</td> <td align="left"><select name="status" type="dropdown"><?php foreach($statnamearray as $values => $display) echo '<option value="',$values,'">',$display,'</option>'; ?></select><font color='red'>*</font> [Investigation Complete]</td> </tr> <tr> <td>Message:</td> <td align="left"><font color='red'>*</font> [Explain what has or is going to be done]<br /> <textarea rows='10' cols='75' name='message'></textarea></td> </tr> <tr> <td><input type="submit" value="Submit" /></td> <td align="left"><font color='red'>*</font> [Revise all information before clicking submit]</td> </tr> </table> </form><?php } } What could be the issue? Edited August 5, 2022 by Samurai Legend Quote Link to comment Share on other sites More sharing options...
Inveteratus Posted August 5, 2022 Share Posted August 5, 2022 The handling of the $_POST array is very strange, especially the ID element, Initially you check if it is number then take the absolute value. abs() returns an int or a float. Later on you check to see if is a string made up of digits. - ctype_digit() expects a string. It may be wise to extract the variables from the $_POST array early on; for example: $report_id = array_key_exists('ID', $_POST) && ctype_digit($POST['ID']) ? (int)$_POST['ID'] : 0; $status = array_key_exists('status', $_POST) && ctype_digit($_POST['status']) ? (int)$_POST['status'] : 0; $message = array_key_exists('message', $_POST) && is_string($_POST['message']) ? trim($_POST['message']) : ''; Now, both $report_id and $status are positive integers, while $message is a string. I'd probably start the ball rolling with `if ($report_id > 0)`, then check to see if status is within the range 1-5, check to see of your message is not empty, then finally check to see if a report actually exists with the given $report_id. Quote Link to comment Share on other sites More sharing options...
Samurai Legend Posted August 5, 2022 Author Share Posted August 5, 2022 @Lacunathank you; I've done what you have told me. It still didn't work. Then I realised I used <? instead of <?php which was breaking the script. And everything started to work along with your new code. Quote Link to comment Share on other sites More sharing options...
Inveteratus Posted August 5, 2022 Share Posted August 5, 2022 Ah short tags. Yes, they are often used in legacy code. Good spot. Always worth running your files through PHP's own syntax checker -- `php -l filename.php` if you suspect anything odd. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.