Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

New page in admin panel


ediesel

Recommended Posts

Hey guys, i'm trying to create a new page under the modules section of my admin panel in osCommerce. I copied the header and everything from the admin/includes/administrators.php file, and everything look like its supposed to. The only issue I have is that everytime I try to submit one of the forms on the page, I have to log back in. But once I'm logged back in, the forms post to the database successfully. The page seems to be passing on an AdminID, so I don't understand why it would log me out: http://www.website.com/osc/admin/dropship.php?osCAdminID=091115fa2d9c938783221af0f7da0af8

 

Here is the file:

 

<?php
/*
 $Id: dropship.php 1739 2007-12-20 00:52:16Z hpdl $
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2007 osCommerce
 Released under the GNU General Public License
*/
 require('includes/application_top.php');
 $adminid = $_GET['osCAdminID'];
 $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');
 if (tep_not_null($action)) {
   switch ($action) {
  case 'insert':
    require('includes/functions/password_funcs.php');
    $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "' limit 1");
    if (tep_db_num_rows($check_query) < 1) {
	  tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')");
    } else {
	  $messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error');
    }
    tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
    break;
  case 'save':
    require('includes/functions/password_funcs.php');
    $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
    $check = tep_db_fetch_array($check_query);
    if ($admin['id'] == $check['id']) {
	  $admin['username'] = $username;
    }
    tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");
    if (tep_not_null($password)) {
	  tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");
    }
    tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int)$HTTP_GET_VARS['aID']));
    break;
  case 'deleteconfirm':
    $id = tep_db_prepare_input($HTTP_GET_VARS['aID']);
    $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
    $check = tep_db_fetch_array($check_query);
    if ($id == $check['id']) {
	  tep_session_unregister('admin');
    }
    tep_db_query("delete from " . TABLE_ADMINISTRATORS . " where id = '" . (int)$id . "'");
    tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
    break;
   }
 }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<?php
$dropShipName = $_GET['dropShipName'];
$dropShipEmail = $_GET['dropShipEmail'];
$selectedOption = $_GET['selectedOption'];
$dbh = mysql_connect ("sql.website.com", "osc", "password") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("oscommerce");
$sqldel = "DELETE FROM drop_shippers WHERE id=$selectedOption";

if(isset($_GET['selectedOption'])){
$runquery = mysql_query( $sqldel, $dbh );
 if(! $runquery ) {
  echo "query ran!";
 }

}
$sqladd = "INSERT INTO drop_shippers ".
   "(name, email) ".
   "VALUES('" . $dropShipName . "', '" . $dropShipEmail . "')";

if(isset($_GET['dropShipName'])){
$runquery = mysql_query( $sqladd, $dbh );
 if(! $runquery ) {
  echo "query ran!";
 }

}
?>
<!-- body //-->

<table border="0" width="100%" cellspacing="2" cellpadding="2">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr>
    <td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40">
	  <tr>
	    <td class="pageHeading"><?php echo "Add/Remove Drop Shippers"; ?></td>
	    <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onchange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td>
	  </tr>
    </table></td>
  </tr>
  <tr>
    <td><table border="0" width="75%" cellspacing="0" cellpadding="2" bgcolor="#EEEEEE" style="padding-top: 20px; padding-bottom: 20px;">
<tr>
 <td valign="top" style="">
<div style="width: 200px; position: relative; top: 0px; left: 50%; margin-left: -75px;">
<form action="dropship.php?selected_box=modules&osCAdminID=<? echo $adminid; ?>">
<label style="font-size: 12px;">Drop Ship Name:</label><br>
<input type="textbox" name="dropShipName" style="width: 200px;"><br>
<label style="font-size: 12px; display: inline-block; margin-top: 15px;">Drop Ship Email:</label><br>
<input type="textbox" name="dropShipEmail" style="width: 200px;"><br>
<input type="submit" value="Submit" style="float: right; margin-top: 10px;">
</form>
</div>
 </td>

 <td valign="top">
<div style="width: 200px; margin-left: 80px;">
<form action="dropship.php?selected_box=modules&osCAdminID=<? echo $adminid; ?>">
<?php
$result = mysql_query("SELECT id, name FROM drop_shippers WHERE id > 0");
echo '<label style="font-size: 12px;">Current Drop Shippers:</label>';
echo '<select name="selectedOption" style="width: 200px; font-size: 14px;" size=5 multiple>';
while($row=mysql_fetch_array($result))
{
   echo '<option value="' . htmlspecialchars($row['id']) . '">'
    . htmlspecialchars($row['name'])
    . '</option>';
}
echo '</select>';
?>
<br>
<input type="submit" value="Remove" style="float: right; margin-top: 10px;">
</form>
</div>
 </td>
</tr>
</table>
<?
mysql_close();
?>
    </td>
  </tr>
   </table></td>
 </tr>
</table>

<!-- body_eof //-->
<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Does anyone know why my session ID isn't being passed on? Do I need to add this file to an access list of some sort? Any help is greatly appreciated!

Link to comment
Share on other sites

The modules section of the admin uses modules.php to install new modules, so you probably should be linking your new file from somewhere else to avoid conflicts. If you're actually trying to add a new group of modules you're doing it the wrong way. It would probably help to know what you're trying to do here.

 

As to losing the session, it looks like you are starting a form without using tep_href_link(), and you need to do that to pass session.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...