okay here we go,
so on a page I have this call: [!publist!] , here’ s the publist snippet:
<?php
$pubchar = $_GET['pubchar'];
$myscript = "http://www.pianoquartet.nl/assets/snippets/nbscripts/publist.php?idpd=48&idpmod=40&idpdel=73&pubchar=".$pubchar;
include ($myscript);
?>
All the digits are refering to modx pages, idpd=publisher details,idpmod=the page with the call to modify data, idpdel=the page with the call to delete, pubchar=the character of the publisher.
here is the publist where i would like the modify and the delete icon omly to show "if logged in" else : don t show icon.
<?php
$idpubdetails = $_GET['idpd'];
$idpubmod = $_GET['idpmod'];
$pubchar = $_GET['pubchar'];
$idpubdelete = $_GET['idpdel'];
$idpub = $_GET['idpub'];
$abbreviation = $_GET['$abbreviation'];
if (strlen($pubchar) > 0)
{
$select_subset = true;
$letter = strtoupper(substr($pubchar,0,1));
if (is_numeric($letter))
$first_is_number = true;
else $first_is_number = false;
}
else $select_subset = false;
include('connections.php');
//$result = mysql_query($sql) or die('ERROR: '.$query.' '.mysql_error());
$letterlinks = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
echo '<a name="top"></a>';
echo '<a href="index.php?id=3&pubchar=0">0-9</a> ';
for ($i = 0; $i < 26; $i++):
echo '<a href="index.php?id=3&pubchar='.$letterlinks[$i].'">'.$letterlinks[$i].'</a> ';
endfor;
/*
while
($list = mysql_fetch_object($result)):
$letter = strtoupper(substr($list->name, 0, 1));
if ($prev_row != '0-9' && is_numeric($letter)):
echo '<br /><a name="number"></a><b><u>0-9</u></b> ';
echo '<a href="#top"><i>goto top</i></a><br />';
$prev_row = '0-9';
endif;
if ($letter != $prev_row && !is_numeric($letter)):
echo '<br /><a name="'.$letter.'"></a><b><u>'.$letter.'</u></b> ';
echo '<a href="#top"><i>goto top</i></a><br />';
$prev_row = $letter;
endif;
echo $list->name.'<br />';
endwhile;
*/
//echo "<br>select_subset = " . $select_subset;
if ($select_subset)
{
// 001: Database query
if ($first_is_number)
$query = "select * from publisher WHERE name >= '0%' and name <= '9%'";
else $query = "select * from publisher WHERE name like '".$pubchar."%'";
$query .= " order by name ASC";
//echo "<br>query = " . $query;
// 002: Execute query
$res = mysql_query($query, $sqlConn);
if (!$res)
{
die ('Could not run query: ' . mysql_error());
}
echo "<br><br>";
echo " <table border=\"0\" align=\"left\" text-align=\"right\" width=\"580\"valign=\"left\" color=\"#fafafa\" cellpadding=\"10\" cellspacing=\"2\">";
echo " <thead>";
echo " <tr>";
echo " <th scope=\"row\" bgcolor=\"#cccccc\">Name</th>";
echo " <th scope=\"row\" bgcolor=\"#cccccc\">Remarks</th>";
echo " <th scope=\"row\" bgcolor=\"#cccccc\">Options</th>";
echo " </tr>";
echo " </thead>";
echo " <tbody>";
$i = 0;
while ($row = mysql_fetch_array($res, MYSQL_BOTH))
{
$idpub = $row[0];
$abbreviation = $row[1];
$name = $row[7];
$address = $row[6];
$street = $row[3];
$postcode = $row[4];
$city = $row[5];
$country = $row[2];
$website = $row[8];
$email = $row[9];
$phone = $row[11];
$oddities = $row[10];
echo " <tr>";
{
echo "
";
if($i%2 == 0)
{
echo "<tr bgcolor='#F4F6FA'>";
$i++;
}
else
{
echo "<tr bgcolor='#E9EDF5'>";
$i++;
}
}
echo " <td >".$name."</td>";
echo " <td >".$oddities."</td>";
echo " <td ><a href=\"/index.php?id=".$idpubdetails."&idpub=".$idpub."&pubchar=".$pubchar."\">
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/details.png\" alt=\"Vieuw $name 's details\" title=\"Vieuw $name 's details\" style=\"border:0\"></a>";
// if $website is not empty
if ($website ==!'') {
// show this
echo "<a href=\"http://$website\" target=\"new\">
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/www.png\" alt=\"Go to '.$name.' \'s website\" title=\"Go to '.$name.' 's website\" style=\"border:0\"></a>";
}
echo"
<a href=\"/index.php?id=".$idpubmod."&idpub=".$idpub."&pubchar=".$pubchar."\">
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/edit.png\" alt=\"Edit $name 's details\" title=\"Edit $name 's details\" style=\"border:0\"></a>";
// als $email is not empty
if ($email ==!'') {
// show this
echo "<a href=\"mailto:$email\">
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/email.png\" alt=\"Email $name\" title=\"Email $name\" style=\"border:0\"></a>";
}
echo"
<a href=\"/index.php?id=".$idpubdelete."&idpub=".$idpub."&pubchar=".$pubchar."&abbreviation=".$abbreviation."\">
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/delete.png\" alt=\"Delete $name\" title=\"Delete $name\" style=\"border:0\"></a></td>";
echo " </tr>";
echo " </tr>";
}
//if logged in test test
if (isset($_SESSION['webInternalKey'])) { global $modx;
// User logged in so show icon
echo "<a href=\"http://$website\" target=\"new\"> login
<img src=\"http://www.pianoquartet.nl/assets/snippets/nbscripts/images/www.png\" alt=\"Go to '.$name.' \'s website\" title=\"Go to '.$name.' 's website\" style=\"border:0\"></a></td>";
}
else {echo login;
// user not logged in
}
echo " </tbody></table>";
}
//mysql_close($sqlConn);
?>
And on the last few lines we can find the suggestion you made, but logged in or not, it always shows "login" so it goes to the else statement. Not getting a value for the previous "if " statement. I think (who am i) that it comes down to the "include(’connections.php’);" statement which has no relation with modx. But willing to learn. Off course all these pages ( modify and delete) are accesible only to logged in webusers. So the non escaped scripts do not worry me yet. I would like to get this up and running. Thanks for reading all this,
bst, Fnk.