If run as shown below, the result of if($ops==“” && $opother==“”) is ALWAYS true, even when $ops<>“”
If you print $ops and exit before the if() concerned (shown below at // *** the offending item *** //), it contains a value.
Placing an exit anywhere else in the script below the if() results (correctly) in a false result.
I think there’s something strange going on with execution order - any ideas much appreciated. Full code below.
The form enctype is multipart/form-data in case that’s significant?
Thanks
<?php
include_once("bs.php");
unset($_SESSION["errors"]);
unset($_SESSION["missing"]);
unset($_SESSION["profile"]);
unset($_SESSION["cats"]["profile"]);
foreach($_POST as $k=>$v) {
if(!is_array($v)) {
if (strpos($k,"*") && $v=="") {$k=str_replace("*","",$k); $_SESSION["missing"]["profile"][$k]=1;}
$k=str_replace("*","",$k);
$_SESSION["profile"][$k]=$v;
$k=enc($k);
$$k=enc($v);
if($k=="password"){$pwplaintext=$password;$$k=$v=sha1($password);}
if(strpos($k,"x_")===false) {
$v=enc($v);
$sqlstring.="$k='$v',";
}
}
if($k=="user"){err("System field found in submission","A fieldname was found in the information sent by your browser which should not be there.");}
}
$sqlstring=rtrim($sqlstring,",");
foreach($_POST as $k=>$v) {
if (is_array($v)) {
foreach($v as $kk=>$vv) {
$prefix=enc(substr($k,0,2));
$vv=enc($vv);
if($prefix=="op") {$ops.="($user,'$sessionid',$vv),";}
if($prefix=="bb") {$bbs.="($user,'$sessionid',$vv),";}
$_SESSION["cats"]["profile"][$prefix][$vv]=$vv;
}
}
}
//*** the offending item ***//
if($ops=="" && $opother=="") {
$_SESSION["missing"]["profile"]["ops"]=1;
$_SESSION["errors"]["profile"]["ops"]="Please choose at least one category or enter new ones below";
}
//if everything passes muster...
if($_SESSION["missing"]["profile"]=="" && $_SESSION["errors"]["profile"]=="") {
mysql_query("UPDATE user SET $sqlstring WHERE user=$user");
// upload logo
if ($_FILES["x_newlogo"]) {$ext=substr($_FILES['x_newlogo']['name'],strpos($_FILES['x_newlogo']['name'],"."));
if ($ext && !in_array(strtolower($ext),array(".bmp",".jpg",".jpeg",".png",".gif"))) {$err="The file type you uploaded is not allowed. Please upload a BMP, GIF, JPG or PNG file.<br/>The filename must be in the format <i>filename.ext</i>";}}
if ($_FILES['x_newlogo']) {
// extension already set in validation, above
$filename="_newlogo";
$filename="$user$filename$ext";
if (move_uploaded_file($_FILES['x_newlogo']['tmp_name'], "adimg/$filename")){
avcheck($filename,"profile",$user);
mysql_query("UPDATE user SET newlogo='$filename' WHERE user=$user");
fbackup($filename);
}
}
mysql_query("DELETE FROM user_op WHERE user=$user");
mysql_query("DELETE FROM user_bb WHERE user=$user");
$ops=rtrim($ops,",");
$bbs=rtrim($bbs,",");
if($ops) {
mysql_query("INSERT INTO user_op(user,sessionid,sector) VALUES $ops") or die(mysql_error());
}
if($bbs) {
mysql_query("INSERT INTO user_bb(user,sessionid,sector) VALUES $bbs") or die(mysql_error());
}
setmsg("Your profile was updated","your_adverts.php");
}
else {
setmsg("Errors were found in the information below - please check and try again","critical",$referer);
}