Update.php Not Functioning Properly

[jump_ace]

Hey all,

 

I've kind of taken over a project from a friend.  It's a leaderboard for posting splits for drivers.  The splits get posted to a leaderboard.xsl (which is working fine).  The update.php page is designed to update a leaderboard.xml file, this way anyone can login and update new splits for each weeks race; many hands make little work, right?

 

Anyway, the update.php page isn't getting displayed properly.  It should load just the login form when the page initially loads up, like the screenshot shown here (the following two screenshots are from a live, working, older version):

 

 

Then once you login successfully, it should take you to this page, where you can edit the leaderboard.xml file directly (update button then saves the xml file) as shown here:

 

 

But instead what is going on when I load the same update.php file is, I can't login (same username/password as the live site) and it's showing the text field box with a single line of code in it, rather than showing the leaderboard.xml text, as shown here:

 

 

I have a general knowledge of html, but php I'm a rookie.  Can anyone lend a hand on what may be causing this to happen on the updated site I'm building?  Here is my update.php code:

 

<?
session_start ();
header("Cache-control: private");

if (isSet ($_REQUEST['logout'])) {
	$_SESSION['authenticated'] = false;
} else if (isSet ($_REQUEST['username']) && isSet ($_REQUEST['password']) && $_SESSION['authenticated'] != true) {
	if ($_REQUEST['username'] == "update" && $_REQUEST['password'] == "mrblue") {
		$_SESSION['authenticated'] = true;
	} else {
		$_SESSION['authenticated'] = false;
	}
}

if ($_REQUEST['update'] == "Update") {
	$handle = fopen ("/leaderboard.xml.php", "w");
	fwrite ($handle, stripslashes ($_REQUEST['leaderboard']));
	fclose ($handle);
	$_REQUEST["update"] = "done";
	header ("Location: /update.php");
}
header ("content-type: text/html;charset=utf-8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>ForzaPlanet.net » Forza Leaderboard » Update</title>
	<style type="text/css">@import "leaderboard.css";</style>
	<script type="text/javascript" src="leaderboard.js"></script>
</head>
<body>
	<h2>ForzaPlanet.net » Forza Race Series Leaderboard » Update</h2>
	<h1>Update</h1>

	<? if ($_SESSION['authenticated'] == true) { ?>

		<form id="update" action="<? echo $PHP_SELF; ?>" method="post">
			<fieldset>
			<textarea id="leaderboard" name="leaderboard">
<? echo file_get_contents ("leaderboard.xml"); ?>
			</textarea>
			</fieldset>

			<fieldset>
			<input type="submit" name="update" value="Update" />
			</fieldset>

			<a href="<? echo $PHP_SELF; ?>?logout=true">logout</a> | <a href="leaderboard.xml">view leaderboard</a>
		</form>

	<? } else { ?>

		<? if (isSet ($_REQUEST['username']) && isSet ($_REQUEST['password']) && $_SESSION['authenticated'] != true) { ?>
			<span class="error">Incorrect username or password.</span>
		<? } ?>

		<form id="login" action="<? echo $PHP_SELF; ?>" method="post">
			<fieldset>
				<label for="username">Username:</label><input type="text" id="username" name="username" /><br />
				<label for="password">Password</label><input type="password" id="password" name="password" /><br />
			</fieldset>
			<fieldset>
				<input id="login-submit" type="submit" value="Login" />
			</fieldset>
		</form>

	<? } ?>

</body>
</html>

 

 

Thanks in advance,

 

 

Jerome

[KevinM1]

Have you tried replacing the short tags (<? ?>), which aren't always supported, with proper PHP tags (<?php ?>)?

[Psycho]

EDIT: Kevin beat me to it, but I'm posting this anyway since I provided some additional info as well.

 

Several problems there:

 

1. Do not use short tags (e.g. <? ?>), instead use the full php tags <?php ?>. I suspect this is your problem based upon your results

 

2. Do not use the $_REQUEST global variable. Use the appropriate $_POST or $_GET

 

You should also consider separating the logic from the presentation. I think there are some unhandled scenarios, but it is difficult to determine in that code. It would also be good practice to modularize your scripts. For example, I would do something like this

if(!$logged_in)
{
    if(!isset($_POST['username']) || !isset($_POST['password']))
    {
        header('Redirect: login_page.php');
    }
    else
    {
        include('authentication_script.php');
    }
}
else
{
    if($mode == 'edit')
    {
        include('edit_script.php')
    }
    else
    {
        include('display_script.php')
    }
}

[jump_ace]

Thank you for the quick reply guys!  That fixed a lot of what was going on.  I get the login screen now and can login successfully and then there is the leaderboard.xml text, yes!

 

However, when I click the update button, it doesn't save any of the changes I made.  Any idea why that would be? 

 

I also found a small bug in the leaderboard.xml file that I can't wrap my head around, can I post that question in this same thread or should I make a new one for it?  Many thanks again guys

 

Jerome

[Psycho]

Your logic is currently looking for $_REQUEST['update'], but you have no field called that in the form. Look for $_POST['leaderboard'].

[jump_ace]

I got it to work, woot!  on this line of code, there was a "/"

 

$handle = fopen ("leaderboard.xml", "w");

 

I removed it and it updated successfully.

 

I did find a bug like I mentioned before, but it's a bigger file/code so I will start a new thread with some screenshots of what is going on.

 

Thanks again so much for your fast help with me guys.

 

Jerome