osCommerce管理面板中的新页面

时间:2013-08-28 00:25:47

标签: php oscommerce

我正在尝试在osCommerce中的管理面板的模块部分下创建一个新页面。我从admin / includes / administrators.php文件中复制了标题和所有内容,所有内容都应该是它应该的样子。我唯一的问题是,每当我尝试在页面上提交其中一个表单时,我都必须重新登录。但是一旦我重新登录,表单就会成功发布到数据库。该页面似乎传递了一个AdminID,所以我不明白为什么它会让我退出: http://www.website.com/osc/admin/dropship.php?osCAdminID=091115fa2d9c938783221af0f7da0af8 

<?php
/*
  $Id: dropship.php 1739 2007-12-20 00:52:16Z hpdl $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');

  $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

  if (tep_not_null($action)) {
    switch ($action) {
      case 'insert':
        require('includes/functions/password_funcs.php');

        $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

        $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "' limit 1");

        if (tep_db_num_rows($check_query) < 1) {
          tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')");
        } else {
          $messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error');
        }

        tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
        break;
      case 'save':
        require('includes/functions/password_funcs.php');

        $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

        $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
        $check = tep_db_fetch_array($check_query);

        if ($admin['id'] == $check['id']) {
          $admin['username'] = $username;
        }

        tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");

        if (tep_not_null($password)) {
          tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");
        }

        tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int)$HTTP_GET_VARS['aID']));
        break;
      case 'deleteconfirm':
        $id = tep_db_prepare_input($HTTP_GET_VARS['aID']);

        $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
        $check = tep_db_fetch_array($check_query);

        if ($id == $check['id']) {
          tep_session_unregister('admin');
        }

        tep_db_query("delete from " . TABLE_ADMINISTRATORS . " where id = '" . (int)$id . "'");

        tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
        break;
    }
  }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onLoad="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<?php
$dropShipName = $_GET['dropShipName'];
$dropShipEmail = $_GET['dropShipEmail'];
$selectedOption = $_GET['selectedOption'];

$dbh = mysql_connect ("sql.website.com", "osc", "oscpassword") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("oscommerce");

$sqldel = "DELETE FROM drop_shippers WHERE id=$selectedOption";


if(isset($_GET['selectedOption'])){
    $runquery = mysql_query( $sqldel, $dbh );
        if(! $runquery ) {
            echo "query ran!";
        }

}

$sqladd = "INSERT INTO drop_shippers ".
       "(name, email) ".
       "VALUES('" . $dropShipName . "', '" . $dropShipEmail . "')";


if(isset($_GET['dropShipName'])){
    $runquery = mysql_query( $sqladd, $dbh );
        if(! $runquery ) {
            echo "query ran!";
        }

}
?>

<!-- body //-->


<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
    <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
    </table></td>
<!-- body_text //-->
    <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40">
          <tr>
            <td class="pageHeading"><?php echo "Add/Remove Drop Shippers"; ?></td>
            <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2">

    <tr>
        <td>
<div style="width: 200px; position: relative; top: 0px; left: 50%; margin-left: -100px;">
<form action="dropship.php" style="">
<label style="font-size: 12px;">Drop Ship Name:</label><br>
<input type="textbox" name="dropShipName" style="width: 200px;"><br>
<label style="font-size: 12px; display: inline-block; margin-top: 15px;">Drop Ship Email:</label><br>
<input type="textbox" name="dropShipEmail" style="width: 200px;"><br>
<input type="submit" value="Submit" style="float: right; margin-top: 10px;">
</form>
</div>
        </td>



        <td valign="top">
<div style="width: 200px; margin-left: 80px;">
<form action="dropship.php">

<?php
$result = mysql_query("SELECT id, name FROM drop_shippers");
echo '<label style="font-size: 12px;">Current Drop Shippers:</label><br>';
echo '<select name="selectedOption" style="width: 200px; font-size: 14px;" size=5 multiple>';
while($row=mysql_fetch_array($result))
{
    echo '<option value="' . htmlspecialchars($row['id']) . '">' 
        . htmlspecialchars($row['name']) 
        . '</option>';
}
echo '</select>';
?>
<br>
<input type="submit" value="Remove" style="float: right; margin-top: 10px;">
</form>
</div>
        </td>
    </tr>
</table>

<?
mysql_close();
?>

        </td>
      </tr>
    </table></td>
  </tr>
</table>


<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

对不起所有代码。有谁知道是什么原因引起的?我是否必须将文件名添加到某个位置以使其可以访问AdminID?任何帮助表示赞赏!

0 个答案:

没有答案
相关问题
最新问题