Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Admin Edit Script Not Working

Hey guys. This is so incredibly frustrating. In my Bday Panel/Event Calendar infusion I have an 'edit_event.php' script that will not work in v8.00.19 ... it worked perfectly fine in v7.02.07. The event is not updated and all I really get is an undefined index error for 'event_id' ... Here is the script code. Please help:
CodeDownload  
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) PHP-Fusion Inc
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: edit_event.php
| Author: Terry Broullette(Grimloch)
| Copyright © 2018 Terry Broullette(Grimloch)
| Web: https://www.whisperwillow.com
| Email: webmaster@whisperwillow.com
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../../../maincore.php";
require_once THEMES."templates/admin_header.php";
include INFUSIONS."bday_panel/infusion_db.php";
if (file_exists(INFUSIONS."bday_panel/locale/".$settings['locale'].".php")) {
   include INFUSIONS."bday_panel/locale/".$settings['locale'].".php";
} else {
   include INFUSIONS."bday_panel/locale/English.php";
}
if (!checkrights("BDC") || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect(BASEDIR."index.php"); }
add_to_head("<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js'></script>");
add_to_head("<script type='text/javascript' src='".INFUSIONS."bday_panel/include/date.js'></script>");
add_to_head("<script type='text/javascript' src='".INFUSIONS."bday_panel/include/jquery.datePicker.js'></script>");
add_to_head("<link rel='stylesheet' href='".INFUSIONS."bday_panel/css/datePicker.css' type='text/css' />");
add_to_head("<link rel='stylesheet' href='".INFUSIONS."bday_panel/css/calendar.css' type='text/css' />");
add_to_head("<script type='text/javascript' charset='utf-8'>
Date.firstDayOfWeek = 0;
Date.format = 'yyyy-mm-dd';
 $(function()
 {
            $('.date-pick').datePicker({startDate:'1996-01-01'});
 });
</script>");
if (isset($_GET['event_id'])) {
$event_id = ($_GET['event_id']);
}
if (isset($_POST['edit_event'])) {
   if (isset($_POST['event_title'])) {
      $event_title = stripinput($_POST['event_title']);
   }
   if (isset($_POST['event_desc'])) {
      $event_desc = addslash($_POST['event_desc']);
   }
   if (isset($_POST['link_url'])) {
      $link_url = stripinput($_POST['link_url']);
   }
   if (isset($_POST['link_name'])) {
      $link_name = stripinput($_POST['link_name']);
   }
   if (isset($_POST['startdate'])) {
      $event_start = stripinput($_POST['startdate']);
   }
   if (isset($_POST['enddate'])) {
      $event_end = stripinput($_POST['enddate']);
   }
   if (isset($_POST['stime'])) {
      $start_time = stripinput($_POST['stime']);
   }
   if (isset($_POST['etime'])) {
      $end_time = stripinput($_POST['etime']);
   }
   if (isset($_POST['all_day'])) {
      $all_day = stripinput($_POST['all_day']);
   }
$var = ""; $mon = ""; $mon_name = ""; $month_name = ""; $event_day = "";
$part = $event_start;
$var = substr($part, 5, 2);
   if ($var == '01') { $mon = "1";
} elseif ($var == '02') { $mon = "2";
} elseif ($var == '03') { $mon = "3";
} elseif ($var == '04') { $mon = "4";
} elseif ($var == '05') { $mon = "5";
} elseif ($var == '06') { $mon = "6";
} elseif ($var == '07') { $mon = "7";
} elseif ($var == '08') { $mon = "8";
} elseif ($var == '09') { $mon = "9";
} else { $mon = $var; }
   $event_month = $mon;
   if ($mon == '1') { $mon_name = $locale['bp_900'];
} elseif ($mon == '2') { $mon_name = $locale['bp_901'];
} elseif ($mon == '3') { $mon_name = $locale['bp_902'];
} elseif ($mon == '4') { $mon_name = $locale['bp_903'];
} elseif ($mon == '5') { $mon_name = $locale['bp_904'];
} elseif ($mon == '6') { $mon_name = $locale['bp_905'];
} elseif ($mon == '7') { $mon_name = $locale['bp_906'];
} elseif ($mon == '8') { $mon_name = $locale['bp_907'];
} elseif ($mon == '9') { $mon_name = $locale['bp_908'];
} elseif ($mon == '10') { $mon_name = $locale['bp_909'];
} elseif ($mon == '11') { $mon_name = $locale['bp_910'];
} else { $mon_name = $locale['bp_911']; }
   $month_name = $mon_name;
$event_day = substr($part, 8, 2);
$result = dbquery("UPDATE ".DB_BDAY_EVENTS." SET event_title='$event_title', event_desc='$event_desc', link_url='$link_url', link_name='$link_name', event_start='$event_start', event_end='$event_end', event_month='$event_month', month_name='$month_name', start_time='$start_time', end_time='$end_time', all_day='$all_day', event_day='$event_day' WHERE event_id='$event_id'");
   redirect(BASEDIR."index.php");
}

$events = dbquery("SELECT * FROM ".DB_BDAY_EVENTS." WHERE event_id='$event_id'");
   while ($data = dbarray($events)) {
      $event_id = $data['event_id'];
      $evtitle = $data['event_title'];
      $evdesc = $data['event_desc'];
      $evurl = $data['link_url'];
      $evname = $data['link_name'];
      $evstart = $data['event_start'];
      $evend = $data['event_end'];
      $stime = $data['start_time'];
      $etime = $data['end_time'];
      $all_day = $data['all_day'];
      $evday = $data['event_day'];
   if ($all_day == '1') {
      $tspan = " All Day";
      } else {
      $tspan = "";
      }
   if ($stime) {
      $time_span = $stime." to ".$etime.$tspan;
      } else {
      $time_span = $tspan;
      }
}
opentable($locale['bp_300']);
require_once INCLUDES."bbcode_include.php";
echo "<form name='editform' method='post' action='".FUSION_SELF.$aidlink."'>\n";
echo "<table width='60%' border='0' cellpadding='0' cellspacing='0' align='center' class='tbl-brdr2'><tr>\n";
echo "<td align='center' width='100%'>\n";
echo "<table width='100%' border='0' cellpadding='5' cellspacing='5' align='center' class='tbl-brdr0'><tr>\n";
echo "<td class='title0' align='center' colspan='2'>".$locale['bp_314']."</td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_301']."*</td><td><input type='text' name='event_title' value='$evtitle' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_302']."</td><td><textarea name='event_desc' cols='58' rows='8' class='textbox' style='width:98%'>".parseubb(parsesmileys($evdesc))."</textarea></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_312']."</td><td>".display_bbcodes("98%", "event_desc", "editform")."</td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_303']."<br />&nbsp;".$locale['bp_304']."</td><td><input type='text' name='link_url' value='$evurl' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_305']."<br />&nbsp;".$locale['bp_306']."</td><td><input type='text' name='link_name' value='$evname' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
/* start New datePicker coding */
echo "<td valign='middle'>&nbsp;".$locale['bp_307']."</td><td valign='middle'><input class='date-pick' name='startdate' id='date-pick' value='$evstart'></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_308']."</td><td valign='middle'><input class='date-pick' name='enddate' id='date-pick' value='$evend'></td>\n";
echo "</tr><tr>\n";
/* end New datePicker coding */
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_317']."<br />&nbsp;".$locale['bp_318']."</td><td><input type='time' name='stime' value='$stime'>".$locale['bp_319']."<input type='time' name='etime' value='$etime'>".$locale['bp_320']."";
if ($all_day == "yes") { echo "<input type='radio' name='all_day' value='yes' checked />".$locale['bp_322']."&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' />".$locale['bp_321']."</td>\n";
} else { echo "<input type='radio' name='all_day' value='yes' />".$locale['bp_322']."&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' checked />".$locale['bp_321']."</td>\n"; }
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td class='title0' colspan='2' align='center'><input type='hidden' name='event_id' value='".$event_id."' /><input type='submit' name='edit_event' class='button' value='".$locale['bp_309']."'></td>\n";
echo "</tr></table></td></tr></table><br /><br />\n";
echo "</form>\n";
closetable();
require_once THEMES."templates/footer.php";
?>

Somewhere at top of file add $event_id = 0;
Actually that won't be needed. I fixed it after careful comparison to edit script that works on my other v8.00.19 site, and making a few subtle changes. Here is the script now:
CodeDownload  
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) PHP-Fusion Inc
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: edit_event.php
| Author: Terry Broullette(Grimloch)
| Copyright © 2018 Terry Broullette(Grimloch)
| Web: https://www.whisperwillow.com
| Email: webmaster@whisperwillow.com
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../../../maincore.php";
require_once THEMES."templates/admin_header.php";
include INFUSIONS."bday_panel/infusion_db.php";
if (file_exists(INFUSIONS."bday_panel/locale/".$settings['locale'].".php")) {
   include INFUSIONS."bday_panel/locale/".$settings['locale'].".php";
} else {
   include INFUSIONS."bday_panel/locale/English.php";
}
if (ini_get('register_globals') != 1) {
   if ((isset($_POST) == true) && (is_array($_POST) == true)) extract($_POST, EXTR_OVERWRITE);
   if ((isset($_GET) == true) && (is_array($_GET) == true)) extract($_GET, EXTR_OVERWRITE);
}
if (!checkrights("BDC") || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect(BASEDIR."index.php"); }
add_to_head("<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js'></script>");
add_to_head("<script type='text/javascript' src='".INFUSIONS."bday_panel/include/date.js'></script>");
add_to_head("<script type='text/javascript' src='".INFUSIONS."bday_panel/include/jquery.datePicker.js'></script>");
add_to_head("<link rel='stylesheet' href='".INFUSIONS."bday_panel/css/datePicker.css' type='text/css' />");
add_to_head("<link rel='stylesheet' href='".INFUSIONS."bday_panel/css/calendar.css' type='text/css' />");
add_to_head("<script type='text/javascript' charset='utf-8'>
Date.firstDayOfWeek = 0;
Date.format = 'yyyy-mm-dd';
 $(function()
 {
            $('.date-pick').datePicker({startDate:'1996-01-01'});
 });
</script>");
require_once INCLUDES."bbcode_include.php";

if (isset($_POST['edit_event'])) {
   if (isset($_POST['event_title'])) {
      $event_title = stripinput($_POST['event_title']);
   }
   if (isset($_POST['event_desc'])) {
      $event_desc = stripinput($_POST['event_desc']);
   }
   if (isset($_POST['link_url'])) {
      $link_url = stripinput($_POST['link_url']);
   }
   if (isset($_POST['link_name'])) {
      $link_name = stripinput($_POST['link_name']);
   }
   if (isset($_POST['event_start'])) {
      $event_start = stripinput($_POST['event_start']);
   }
   if (isset($_POST['event_end'])) {
      $event_end = stripinput($_POST['event_end']);
   }
   if (isset($_POST['start_time'])) {
      $start_time = stripinput($_POST['start_time']);
   }
   if (isset($_POST['end_time'])) {
      $end_time = stripinput($_POST['end_time']);
   }
   if (isset($_POST['all_day'])) {
      $all_day = stripinput($_POST['all_day']);
   }
$var = ""; $mon = ""; $mon_name = ""; $month_name = ""; $event_day = "";
$part = $event_start;
$var = substr($part, 5, 2);
   if ($var == '01') { $mon = "1";
} elseif ($var == '02') { $mon = "2";
} elseif ($var == '03') { $mon = "3";
} elseif ($var == '04') { $mon = "4";
} elseif ($var == '05') { $mon = "5";
} elseif ($var == '06') { $mon = "6";
} elseif ($var == '07') { $mon = "7";
} elseif ($var == '08') { $mon = "8";
} elseif ($var == '09') { $mon = "9";
} else { $mon = $var; }
   $event_month = $mon;
   if ($mon == '1') { $mon_name = $locale['bp_900'];
} elseif ($mon == '2') { $mon_name = $locale['bp_901'];
} elseif ($mon == '3') { $mon_name = $locale['bp_902'];
} elseif ($mon == '4') { $mon_name = $locale['bp_903'];
} elseif ($mon == '5') { $mon_name = $locale['bp_904'];
} elseif ($mon == '6') { $mon_name = $locale['bp_905'];
} elseif ($mon == '7') { $mon_name = $locale['bp_906'];
} elseif ($mon == '8') { $mon_name = $locale['bp_907'];
} elseif ($mon == '9') { $mon_name = $locale['bp_908'];
} elseif ($mon == '10') { $mon_name = $locale['bp_909'];
} elseif ($mon == '11') { $mon_name = $locale['bp_910'];
} else { $mon_name = $locale['bp_911']; }
   $month_name = $mon_name;
$event_day = substr($part, 8, 2);
$result = dbquery("UPDATE ".DB_BDAY_EVENTS." SET event_title='$event_title', event_desc='$event_desc', link_url='$link_url', link_name='$link_name', event_start='$event_start', event_end='$event_end', event_month='$event_month', month_name='$month_name', start_time='$start_time', end_time='$end_time', all_day='$all_day', event_day='$event_day' WHERE event_id='$event_id'");
   redirect(BASEDIR."index.php");
}

$event = dbquery("SELECT * FROM ".DB_BDAY_EVENTS." WHERE event_id='".$_GET['event_id']."'");
   $data = dbarray($event);
      $evid = $data['event_id'];
      $evtitle = $data['event_title'];
      $evdesc = $data['event_desc'];
      $evurl = $data['link_url'];
      $evname = $data['link_name'];
      $evstart = $data['event_start'];
      $evend = $data['event_end'];
      $stime = $data['start_time'];
      $etime = $data['end_time'];
      $all_day = $data['all_day'];
   if ($all_day == '1') {
      $tspan = " All Day";
      } else {
      $tspan = "";
      }
   if ($stime) {
      $time_span = $stime." to ".$etime.$tspan;
      } else {
      $time_span = $tspan;
      }
opentable($locale['bp_300']);
echo "<form name='editform' method='post' action='".FUSION_SELF.$aidlink."'>\n";
echo "<table width='60%' border='0' cellpadding='0' cellspacing='0' align='center' class='tbl-brdr2'><tr>\n";
echo "<td align='center' width='100%'>\n";
echo "<table width='100%' border='0' cellpadding='5' cellspacing='5' align='center' class='tbl-brdr0'><tr>\n";
echo "<td class='title0' align='center' colspan='2'>".$locale['bp_314']."</td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_301']."*</td><td><input type='text' name='event_title' value='$evtitle' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_302']."</td><td><textarea name='event_desc' cols='58' rows='8' class='textbox' style='width:98%'>$evdesc</textarea></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_312']."</td><td>".display_bbcodes("98%", "event_desc", "editform")."</td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_303']."<br />&nbsp;".$locale['bp_304']."</td><td><input type='text' name='link_url' value='$evurl' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_305']."<br />&nbsp;".$locale['bp_306']."</td><td><input type='text' name='link_name' value='$evname' size='60' class='textbox' /></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
/* start New datePicker coding */
echo "<td valign='middle'>&nbsp;".$locale['bp_307']."</td><td valign='middle'><input class='date-pick' name='event_start' id='date-pick' value='$evstart'></td>\n";
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_308']."</td><td valign='middle'><input class='date-pick' name='event_end' id='date-pick' value='$evend'></td>\n";
echo "</tr><tr>\n";
/* end New datePicker coding */
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td valign='middle'>&nbsp;".$locale['bp_317']."<br />&nbsp;".$locale['bp_318']."</td><td><input type='time' name='start_time' value='$stime'>".$locale['bp_319']."<input type='time' name='end_time' value='$etime'>".$locale['bp_320']."";
if ($all_day == "yes") { echo "<input type='radio' name='all_day' value='yes' checked />".$locale['bp_322']."&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' />".$locale['bp_321']."</td>\n";
} else { echo "<input type='radio' name='all_day' value='yes' />".$locale['bp_322']."&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' checked />".$locale['bp_321']."</td>\n"; }
echo "</tr><tr>\n";
echo "<td height='8' colspan='2'></td>\n";
echo "</tr><tr>\n";
echo "<td class='title0' colspan='2' align='center'><input type='hidden' name='event_id' value='".$evid."' /><input type='submit' name='edit_event' class='button' value='".$locale['bp_309']."'></td>\n";
echo "</tr></table></td></tr></table><br /><br />\n";
echo "</form>\n";
closetable();
require_once THEMES."templates/footer.php";
?>

This won't work either, because is line 209 the variable $event_id has no value, is not defined.
All input comes via POST, but event_id is coming via GET?

douwe_yntema wrote:

@douwe_yntema - This won't work either, because is line 209 the variable $event_id has no value, is not defined.
All input comes via POST, but event_id is coming via GET?

I don't know what you mean; there are only 182 lines total in this script and it is working perfectly on my site. like
I reviewed the codes above, and offer my suggestion in 2 areas,

1. Security - your dbquery event_id is unsanitized. Highly recommend to sanitize it.
2. If SQL error, it will generate a lot of errors.

My adjustments input:

CodeDownload  
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) PHP-Fusion Inc
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: edit_event.php
| Author: Terry Broullette(Grimloch)
| Copyright © 2018 Terry Broullette(Grimloch)
| Web: https://www.whisperwillow.com
| Email: webmaster@whisperwillow.com
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../../../maincore.php";
require_once THEMES . "templates/admin_header.php";
include INFUSIONS . "bday_panel/infusion_db.php";
if (file_exists(INFUSIONS . "bday_panel/locale/" . $settings['locale'] . ".php")) {
   include INFUSIONS . "bday_panel/locale/" . $settings['locale'] . ".php";
} else {
   include INFUSIONS . "bday_panel/locale/English.php";
}
if (ini_get('register_globals') != 1) {
   if ((isset($_POST) == TRUE) && (is_array($_POST) == TRUE)) extract($_POST, EXTR_OVERWRITE);
   if ((isset($_GET) == TRUE) && (is_array($_GET) == TRUE)) extract($_GET, EXTR_OVERWRITE);
}
if (!checkrights("BDC") || !defined("iAUTH") || $_GET['aid'] != iAUTH) {
   redirect(BASEDIR . "index.php");
}
add_to_head(
   "<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js'></script>"
);
add_to_head("<script type='text/javascript' src='" . INFUSIONS . "bday_panel/include/date.js'></script>");
add_to_head("<script type='text/javascript' src='" . INFUSIONS . "bday_panel/include/jquery.datePicker.js'></script>");
add_to_head("<link rel='stylesheet' href='" . INFUSIONS . "bday_panel/css/datePicker.css' type='text/css' />");
add_to_head("<link rel='stylesheet' href='" . INFUSIONS . "bday_panel/css/calendar.css' type='text/css' />");
add_to_head(
   "<script type='text/javascript' charset='utf-8'>
Date.firstDayOfWeek = 0;
Date.format = 'yyyy-mm-dd';
 $(function()
 {
 $('.date-pick').datePicker({startDate:'1996-01-01'});
 });
</script>"
);
require_once INCLUDES . "bbcode_include.php";

if (isset($_POST['edit_event'])) {
   if (isset($_POST['event_title'])) {
      $event_title = stripinput($_POST['event_title']);
   }
   if (isset($_POST['event_desc'])) {
      $event_desc = stripinput($_POST['event_desc']);
   }
   if (isset($_POST['link_url'])) {
      $link_url = stripinput($_POST['link_url']);
   }
   if (isset($_POST['link_name'])) {
      $link_name = stripinput($_POST['link_name']);
   }
   if (isset($_POST['event_start'])) {
      $event_start = stripinput($_POST['event_start']);
   }
   if (isset($_POST['event_end'])) {
      $event_end = stripinput($_POST['event_end']);
   }
   if (isset($_POST['start_time'])) {
      $start_time = stripinput($_POST['start_time']);
   }
   if (isset($_POST['end_time'])) {
      $end_time = stripinput($_POST['end_time']);
   }
   if (isset($_POST['all_day'])) {
      $all_day = stripinput($_POST['all_day']);
   }
   $var = "";
   $mon = "";
   $mon_name = "";
   $month_name = "";
   $event_day = "";
   $part = $event_start;
   $var = substr($part, 5, 2);
   if ($var == '01') {
      $mon = "1";
   } else if ($var == '02') {
      $mon = "2";
   } else if ($var == '03') {
      $mon = "3";
   } else if ($var == '04') {
      $mon = "4";
   } else if ($var == '05') {
      $mon = "5";
   } else if ($var == '06') {
      $mon = "6";
   } else if ($var == '07') {
      $mon = "7";
   } else if ($var == '08') {
      $mon = "8";
   } else if ($var == '09') {
      $mon = "9";
   } else {
      $mon = $var;
   }
   $event_month = $mon;
   if ($mon == '1') {
      $mon_name = $locale['bp_900'];
   } else if ($mon == '2') {
      $mon_name = $locale['bp_901'];
   } else if ($mon == '3') {
      $mon_name = $locale['bp_902'];
   } else if ($mon == '4') {
      $mon_name = $locale['bp_903'];
   } else if ($mon == '5') {
      $mon_name = $locale['bp_904'];
   } else if ($mon == '6') {
      $mon_name = $locale['bp_905'];
   } else if ($mon == '7') {
      $mon_name = $locale['bp_906'];
   } else if ($mon == '8') {
      $mon_name = $locale['bp_907'];
   } else if ($mon == '9') {
      $mon_name = $locale['bp_908'];
   } else if ($mon == '10') {
      $mon_name = $locale['bp_909'];
   } else if ($mon == '11') {
      $mon_name = $locale['bp_910'];
   } else {
      $mon_name = $locale['bp_911'];
   }
   $month_name = $mon_name;
   $event_day = substr($part, 8, 2);
   $result = dbquery(
      "UPDATE " . DB_BDAY_EVENTS . " SET event_title='$event_title', event_desc='$event_desc', link_url='$link_url', link_name='$link_name', event_start='$event_start', event_end='$event_end', event_month='$event_month', month_name='$month_name', start_time='$start_time', end_time='$end_time', all_day='$all_day', event_day='$event_day' WHERE event_id='$event_id'"
   );
   redirect(BASEDIR . "index.php");
}

$content = "Error encountered"; // localize this.

if (isset($_GET['event_id']) && isnum($_GET['event_id'])) {

   $event = dbquery("SELECT * FROM " . DB_BDAY_EVENTS . " WHERE event_id='" . intval($_GET['event_id']) . "'");
   $data = dbarray($event);
   $evid = $data['event_id'];
   $evtitle = $data['event_title'];
   $evdesc = $data['event_desc'];
   $evurl = $data['link_url'];
   $evname = $data['link_name'];
   $evstart = $data['event_start'];
   $evend = $data['event_end'];
   $stime = $data['start_time'];
   $etime = $data['end_time'];
   $all_day = $data['all_day'];
   $tspan = "";
   if ($all_day == '1') {
      $tspan = " All Day";
   }
   $time_span = $tspan;
   if ($stime) {
      $time_span = $stime . " to " . $etime . $tspan;
   }

   $content = "<form name='editform' method='post' action='" . FUSION_SELF . $aidlink . "'>\n";
   $content .= "<table width='60%' border='0' cellpadding='0' cellspacing='0' align='center' class='tbl-brdr2'><tr>\n";
   $content .= "<td align='center' width='100%'>\n";
   $content .= "<table width='100%' border='0' cellpadding='5' cellspacing='5' align='center' class='tbl-brdr0'><tr>\n";
   $content .= "<td class='title0' align='center' colspan='2'>" . $locale['bp_314'] . "</td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_301'] . "*</td><td><input type='text' name='event_title' value='$evtitle' size='60' class='textbox' /></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_302'] . "</td><td><textarea name='event_desc' cols='58' rows='8' class='textbox' style='width:98%'>$evdesc</textarea></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_312'] . "</td><td>" . display_bbcodes(
         "98%", "event_desc", "editform"
      ) . "</td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_303'] . "<br />&nbsp;" . $locale['bp_304'] . "</td><td><input type='text' name='link_url' value='$evurl' size='60' class='textbox' /></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_305'] . "<br />&nbsp;" . $locale['bp_306'] . "</td><td><input type='text' name='link_name' value='$evname' size='60' class='textbox' /></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   /* start New datePicker coding */
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_307'] . "</td><td valign='middle'><input class='date-pick' name='event_start' id='date-pick' value='$evstart'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_308'] . "</td><td valign='middle'><input class='date-pick' name='event_end' id='date-pick' value='$evend'></td>\n";
   $content .= "</tr><tr>\n";
   /* end New datePicker coding */
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td valign='middle'>&nbsp;" . $locale['bp_317'] . "<br />&nbsp;" . $locale['bp_318'] . "</td><td><input type='time' name='start_time' value='$stime'>" . $locale['bp_319'] . "<input type='time' name='end_time' value='$etime'>" . $locale['bp_320'] . "";
   if ($all_day == "yes") {
      $content .= "<input type='radio' name='all_day' value='yes' checked />" . $locale['bp_322'] . "&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' />" . $locale['bp_321'] . "</td>\n";
   } else {
      $content .= "<input type='radio' name='all_day' value='yes' />" . $locale['bp_322'] . "&nbsp;&nbsp;&nbsp;&nbsp;<input type='radio' name='all_day' value='no' checked />" . $locale['bp_321'] . "</td>\n";
   }
   $content .= "</tr><tr>\n";
   $content .= "<td height='8' colspan='2'></td>\n";
   $content .= "</tr><tr>\n";
   $content .= "<td class='title0' colspan='2' align='center'><input type='hidden' name='event_id' value='" . $evid . "' /><input type='submit' name='edit_event' class='button' value='" . $locale['bp_309'] . "'></td>\n";
   $content .= "</tr></table></td></tr></table><br /><br />\n";
   $content .= "</form>\n";

}

opentable($locale['bp_300']).$content.closetable();

require_once THEMES . "templates/footer.php";

Thanks Chan I appreciate that and have incorporated your suggestions in all my files that need it. Remembering that I am a 'shade-tree' coder, I have never really used $_GET much before and didn't really understand how to sanitize so I am grateful that it is now clear! I have another question for you and the team. I have fixed the large amounts of 'Cannot modify headers already sent by ......', by commenting out the header line in 'themes/templates/layout.php' with no apparent bad effects.
CodeDownload  
<?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) PHP-Fusion Inc
| https://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: layout.php
| Author: PHP-Fusion Development Team
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
/* header("Content-Type: text/html; charset=".$locale['charset']); */


What are your thoughts and why is that line there?

Never mind Chan, I uncommented that line because it didn't really make a difference after all.
Thread Information
Author
Replies
7 posts
Views
425 times
Last Post
Last updated on 8 months ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Chan, Grimloch, douwe_yntema, RobiNN