Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts

    Hidden value not passing value

    So I feel a little dumb here, but I can't figure out why my variable is throwing this error:

    PHP Notice: Undefined index: allianceid in /home1/newrodga/public_html/courtyard/alliances.php on line 386
    I already debugged and found the variable to be blank, so it's not retaining the value. The problem is "$aid2 = $_POST['allianceid'];"
    Thanks


    Part where you enter a password (it needs to retain the alliance id value)

    PHP Code:
      if ($arow['password'] != '') {

           echo 
    '<form action="alliances.php?rod=passverify" method="POST">';
           
    $aid2 "<input type=\"hidden\" name=\"allianceid\" value=\"$aid\">";
         echo 
    'Enter Password: <input type="text" name="thepassword" maxlength="30" value=""> <input type="submit" name="check" value="Join Alliance"></form>';
          }
          else {
           echo 
    "<form action=\"alliances.php?rod=joinalliance\" method=\"POST\"><a href=\"alliances.php?rod=joinalliance:$aid\"><input type=\"button\" value=\"Join\"></a> This Alliance</form>";
         } 
    This is the problem where it's not keeping the value

    PHP Code:
    function passverify()
    {

        global 
    $char$link;
        
        
    $aid2 $_POST['allianceid'];

        
    $joinquery mysqli_query($link"SELECT * FROM rod_alliances WHERE id='$aid2'");

        
    $joinrow mysqli_fetch_array($joinquery);


        if (isset(
    $_POST['check']))
        {

            
    $apass $_POST['thepassword'];


            if (
    $apass != $joinrow['password'])
            {

                echo 
    "The Password you entered is incorrect!";

                die();

            }
            else { 
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    Quote Originally Posted by myfayt View Post
    PHP Code:
    $aid2 "<input type=\"hidden\" name=\"allianceid\" value=\"$aid\">";

           echo 
    "<form action=\"alliances.php?rod=joinalliance\" method=\"POST\"><a href=\"alliances.php?rod=joinalliance:$aid\"><input type=\"button\" value=\"Join\"></a> This Alliance</form>"
    Where are you setting the value of $aid2?

    If it's in that function you posted, it will not be available to the code above as it is out of scope (unless you're returning it - but you've not shown the full function).
    I can't really think of anything to write here now...

  • #3
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    As shown in the first code, I am using a hidden value to pull the id from a query.
    In the second code I am setting $aid2 as the variable containing the value of $_POST['allianceid'] which is the hidden form value.

    So I should be able to use $aid2 to pull the id
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    Sorry my question should have been "Where are you setting the value of $aid" - not $aid2

    $aid is clearly not being printed into your form and thus when it is submitted, php sees a null / non existent value for allianceid in your $_POST array.

    You need to find out why $aid is not set.
    Last edited by tangoforce; 07-25-2014 at 02:54 AM.
    I can't really think of anything to write here now...

  • #5
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    Here is what I am getting $aid from

    PHP Code:
    function viewalliances2($aid)
    // Showing alliance page

        
    global $char$link;


            
    $aquery mysqli_query($link"SELECT * FROM rod_alliances WHERE id='$aid'");
            
    $arow mysqli_fetch_array($aquery); 
    and this is where the original comes from

    PHP Code:
    function viewalliances()
    // Viewing all alliances

        
    global $char$link;

            
    $aquery mysqli_query($link"SELECT * FROM rod_alliances WHERE id>'0'");


        echo 
    'Below are all the Alliances in the game. Click on the name to view more details.<br><br>';
            echo 
    '<table width="90%">';
            echo 
    '<tr><td><b>Alliance Name</b></td><td><b>Members</b></td><td><b>Founder</b></td><td><b>Description</b></td><td><b>Restricted</b></td></tr>';

            while (
    $arow mysqli_fetch_array($aquery)) {
              
    $description substr($arow['description'],0,35).'...';
              if (
    $arow['private'] == 1) {
                
    $private '<b><font color=red>Yes</font></b>';
              }
              else {
                
    $private '<b><font color=green>No</font></b>';
              }
              echo 
    "<tr><td><a href=\"alliances.php?rod=viewalliances2:".$arow['id']."\">".$arow['name']."</a></td><td>".$arow['membercount']."</td><td>".$arow['founder']."</td><td>$description</td><td>$private</td></tr>";
            }
            echo 
    '</table>';


    So first you view an alliance, then you see all the information about it, then you can join it.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #6
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,538
    Thanks
    8
    Thanked 1,093 Times in 1,084 Posts
    Two things ...

    1) This doesn't look right to me ...

    Code:
    $aid2 = "<input type=\"hidden\" name=\"allianceid\" value=\"$aid\">";
    
           echo "<form action=\"alliances.php?rod=joinalliance\" method=\"POST\"><a href=\"alliances.php?rod=joinalliance:$aid\"><input type=\"button\" value=\"Join\"></a> This Alliance</form>";
    I would expect it to be more like this ...
    with the <form> action, you won't be adding any variables to the URL.
    So you'll POST two hidden variables.

    Also, there should be no <a href> tags within the <form>

    Code:
    echo "<form action=\"alliances.php\" method=\"POST\">
    <input type=\"hidden\" name=\"allianceid\" value=\"$aid\">
    <input type=\"hidden\" name=\"rod\" value=\"joinalliance:$aid\">
    <input type=\"button\" value=\"Join\"></a> This Alliance
    </form>";

    2) Problem with using 'hidden' input type ...
    When someone views your HTML source, they'll see the values in your 'hidden' input type.
    Hopefully, those are not "secret" values ... because they will not be secret.


    EDIT:
    Have a form where they "log-in", verify that, and then set a SESSION. Now you have them logged-in and you can check the SESSION whenever you need to, verifying their login. The SESSION variable will contain their user ID or username only. Keep the "login" part separate from the "join an alliance" part.
    Last edited by mlseim; 07-25-2014 at 02:46 PM.

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    Quote Originally Posted by myfayt View Post
    Here is what I am getting $aid from

    PHP Code:
    function viewalliances2($aid)
    // Showing alliance page

        
    global $char$link;


            
    $aquery mysqli_query($link"SELECT * FROM rod_alliances WHERE id='$aid'");
            
    $arow mysqli_fetch_array($aquery); 
    and this is where the original comes from

    PHP Code:
    function viewalliances()
    // Viewing all alliances

        
    global $char$link;

            
    $aquery mysqli_query($link"SELECT * FROM rod_alliances WHERE id>'0'");


        echo 
    'Below are all the Alliances in the game. Click on the name to view more details.<br><br>';
            echo 
    '<table width="90%">';
            echo 
    '<tr><td><b>Alliance Name</b></td><td><b>Members</b></td><td><b>Founder</b></td><td><b>Description</b></td><td><b>Restricted</b></td></tr>';

            while (
    $arow mysqli_fetch_array($aquery)) {
              
    $description substr($arow['description'],0,35).'...';
              if (
    $arow['private'] == 1) {
                
    $private '<b><font color=red>Yes</font></b>';
              }
              else {
                
    $private '<b><font color=green>No</font></b>';
              }
              echo 
    "<tr><td><a href=\"alliances.php?rod=viewalliances2:".$arow['id']."\">".$arow['name']."</a></td><td>".$arow['membercount']."</td><td>".$arow['founder']."</td><td>$description</td><td>$private</td></tr>";
            }
            echo 
    '</table>';


    So first you view an alliance, then you see all the information about it, then you can join it.
    This post only partially makes sense - that or you've missed out bits of code. I see you are using the $arow['id'] in the url which I assume your alliances.php script is then taking and setting into a variable or passing to the function. The code that does this however, you have not shown and this is what I am asking for. Where is $aid set from the submitted form?
    I can't really think of anything to write here now...

  • #8
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,538
    Thanks
    8
    Thanked 1,093 Times in 1,084 Posts
    I agree something is missing ... not seeing all the code.

    But I also think he's making it harder than it needs to be.
    My problem is that I don't understand "online gaming" and how it's supposed to work.

  • #9
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    I am trying to only post coding that has to do with the problem. But okay I will post the entire thing. It's going to take an hour to read through.
    Last edited by myfayt; 07-27-2014 at 03:15 AM.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    This code:

    PHP Code:
    <?php
    include ('../header_common.php');

    include (
    '../includes/header.php');
    include (
    '../includes/content.php');
           
    ?>
           <div id="maintitle"><h2><?php echo "Alliance"?></h2>
           <?php


           
    if (isset($_GET['rod']))
    {
        
    $rod explode(':'$_GET['rod']);
    You need to var_dump() three things:
    $_GET, $_POST and $rod.

    You're setting your forms to use POST. You're also creating hyperlinks with the same $aid value. You're then trying to take rod from the $_GET array - even though it may have been posted. This alone will screw up your script.

    As you have hyperlinks AND forms posting the rod value, you would be better using $_REQUEST instead of $_POST or $_GET. $_REQUEST does come with security hazards but as you're not even protecting your database queries there is probably not much point worrying about it.
    I can't really think of anything to write here now...

  • #11
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    I haven't added any security yet, but I already have a file set up for it.
    Hmm it used to be a link and a button but then I changed it to a submit, however I overlooked removing the link part.

    Let me do some debugging.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #12
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    Quote Originally Posted by myfayt View Post
    I haven't added any security yet, but I already have a file set up for it.
    What does this file do or what is it intended to do? - Because from the way your current code works, it will need a complete rewrite - not one external magical file.

    What you have written is simply an excuse for not listening to previous advice.
    I can't really think of anything to write here now...

  • #13
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    You can accuse me all you want but you're wrong.
    This is one of the security parts I have. (Not that I need to prove it)

    PHP Code:
    <?php

    function arrayMapper(&$a$fp)
    {
        if (
    is_array($a))
        {
            foreach (
    $a AS $k => &$v)
            {
                if (
    is_array($v))
                {
                    
    arrayMapper($a$fp);
                }
                else
                {
                    
    $v $fp($v);
                }
            }
        }
    }


    if (
    function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
    {
        
    arrayMapper($_POST'stripslashes');

    }

    $data $_POST;

    arrayMapper($link$data'mysqli_real_escape_string');
    ?>
    So for all $_POST methods I just simply do $data['name'].
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #14
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    That arraymapper function does not do anything though. It just decides whether to recursively call itself or set the variable of $v to something. It does not even return a result!

    As for the two lines of code that call the function.. they are a bit screwed up too. One has two parameters, the other has three and both declare the name of the function you're presumably wanting to run as the last parameter... with an inconsistent parameter count!

    In principle though I will say that despite your rather unorthodox ways of working, it is in principle actually a smart idea.
    I can't really think of anything to write here now...

  • #15
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,555
    Thanks
    75
    Thanked 105 Times in 104 Posts
    I fixed it, I was on the right track, just had to slightly modify the hidden form value
    Been a sign maker for 7 years. My business:
    American Made Signs


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •