SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Problem when No Check-Boxes Selected

    I have an Inbox that has a check-box next to each Message.

    The User can check any combination of Messages, and then choose from the following items in a Select List and click "Go"...
    - Mark as Read
    - Mark as Unread
    - Mark as Flagged
    - Mark as Not Flagged
    - Delete


    My current problem occurs when no check-boxes are selected and I choose "Mark as Read" and "Go".

    I get this error...
    Code:
    Array ( [pmAction] => Mark as Read [cmdGo] => Go ) 1
    ( ! ) Notice: Undefined variable: msgArray in /Users/user1/Documents/DEV/++htdocs/06_Debbie/account/inbox.php on line 68
    Call Stack
    #	Time	Memory	Function	Location
    1	0.0009	100316	{main}( )	../inbox.php:0
    
    ( ! ) Warning: Invalid argument supplied for foreach() in /Users/user1/Documents/DEV/++htdocs/06_Debbie/account/inbox.php on line 68
    Call Stack
    #	Time	Memory	Function	Location
    1	0.0009	100316	{main}( )	../inbox.php:0

    Here is a snippet of my PHP... (Lines 47-77)
    PHP Code:
        // *************************************************************
        // HANDLE FORM.                                 *
        // *************************************************************
        
    if ($_SERVER['REQUEST_METHOD']=='POST'){
            
    // Form was Submitted (Post).

            // Initialize Errors Array.
    //        $errors = array();

            
    echo print_r($_POST);

    //exit();
            // ************************
            // Check Message Action.    *
            // ************************
            
    if ($_POST['pmAction']=="Mark as Read"){

                
    // ************************
                // Mark Message as Read.    *
                // ************************
                
                
    foreach($msgArray as $msgID => $msgValue){
    //                echo "<p>\$msg[$msgID] = $msgValue</p>";

                    // Build query.
                    
    $q1 "UPDATE pm_recipient
                                    SET read_on=NOW(),
                                            updated_on=NOW()
                                    WHERE member_id_to=?
                                    AND message_id=?
                                    LIMIT 1"


    And this is a snippet of my dynamically created Form...
    PHP Code:
        <?php
            
    // ************************
            // Create 'Inbox' Output.    *
            // ************************

            // Display message.
            
    if (!$messagesFound){
                echo 
    "<p>There are no messages in your Inbox.</p>";
            }

            
    // Loop through Messages.
            
    while (mysqli_stmt_fetch($stmt6)){

                echo 
    "<tr" . (is_null($readOn) ? " class='pmRead'" "") . ">
                        <td class='colSelect'>
                            <input id='" 
    $pmID "' name=msg[" $pmID "] type='checkbox' value='TRUE' />
                        </td>
                        <td class='colFlag'>" 
                            
    . (($flag==TRUE) ? '<img src="/images/Flag_Red_20x22.png" width="15" alt="" />' '•') .
                        
    "</td>
                        <td>
    $fromUsername</td>
                        <td><a class='msgLink' href='/account/view_pm.php?msg=" 
    $pmID "'>$subject</a></td>
                        <td>
    $sentOn</td>
                    </tr>"
    ;
            }
        
    ?>

    How can I fix this so if the User forgets to check at least one message my code doesn't blow up?!

    Thanks,


    Debbie

  2. #2
    SitePoint Enthusiast aufshebung's Avatar
    Join Date
    May 2012
    Location
    Santa Fe, NM
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think all you have to do to get the error messages to stop showing up is wrap your foreach loop in a quick check:

    PHP Code:
    if (!empty($msgArray)) {
        foreach(
    $msgArray as $msgID => $msgValue){
            
    // ... 
    There's absolutely a more elegant way to do it, but that's the basic idea: Check to see if there even are any messages that were checked.

    How is the $msgArray variable created? Can you show some of that code as well?

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    aufshebung,

    Thanks for the reply! (You'll have to excuse me... I got to bed at 4:00am this morning, and my brain won't start functioning properly until about 10:00pm tonight?!)

    Even though it is lunch time, after coding straight for like 18 hours yesterday, my brain is fried!!!


    Quote Originally Posted by aufshebung
    How is the $msgArray variable created? Can you show some of that code as well?
    Didn't I answer that in my OP?


    Debbie

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Didn't I answer that in my OP?
    Nope. There is no line in the OP which reads $msgArray = .....
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,048
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    As StarLion has said looks like you need to define msgArray like so:

    PHP Code:
    $msgArray = isset($_POST['msg']) && is_array($_POST['msg'])?$_POST['msg']:array(); 
    That should probably be injected here:

    PHP Code:
    ...

    if (
    $_POST['pmAction']=="Mark as Read"){ 

         
    $msgArray = isset($_POST['msg']) && is_array($_POST['msg'])?$_POST['msg']:array();

         ... 
    By the way not sure if this was intentional or not but the member_id comparison is the only thing preventing people from marking others messages as read. Maybe that isn't so important here but in another context it could potentially be a huge security hole. If that was the reason you added it though than kudos. Just thought I would mention that.

    PHP Code:
                    $q1 "UPDATE pm_recipient
                                    SET read_on=NOW(),
                                            updated_on=NOW()
                                    WHERE member_id_to=?
                                    AND message_id=?
                                    LIMIT 1"

    The only code I hate more than my own is everyone else's.

  6. #6
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by oddz View Post
    As StarLion has said looks like you need to define msgArray like so:

    PHP Code:
    $msgArray = isset($_POST['msg']) && is_array($_POST['msg'])?$_POST['msg']:array(); 
    That should probably be injected here:

    PHP Code:
    ...

    if (
    $_POST['pmAction']=="Mark as Read"){ 

         
    $msgArray = isset($_POST['msg']) && is_array($_POST['msg'])?$_POST['msg']:array();

         ... 
    By the way not sure if this was intentional or not but the member_id comparison is the only thing preventing people from marking others messages as read. Maybe that isn't so important here but in another context it could potentially be a huge security hole. If that was the reason you added it though than kudos. Just thought I would mention that.

    PHP Code:
                    $q1 "UPDATE pm_recipient
                                    SET read_on=NOW(),
                                            updated_on=NOW()
                                    WHERE member_id_to=?
                                    AND message_id=?
                                    LIMIT 1"

    Oddz,

    Sorry for the late reply.

    If you remember, could you please help me understand where you think I have a security hole?!

    My Private Message system is dine, and I believe is working great, but maybe you disagree.

    I can tell you that in order to take any actions, you need the right "Member ID" and "Message ID" combination, and since the first is always checked against the User's $_SESSION, I believe I am good.

    I take security very seriously, so I welcome any ways to improve my code.

    Thanks,


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •