[Gesior AAC] Advanced Bug Tracker

Herpicus · Oct 7, 2012

blind sql injection Works Fix it Now!!!!!

- - - Updated - - -

I set the request data to account_login=4111111111111111&password_login=sqwevfaa&Submit=-1%20or%2035%20%3d%2033
and I got an sql error

- - - Updated - - -

PHP:

   <?php
if($logged)
{
    // type (1 = question; 2 = answer)
    // status (1 = open; 2 = new message; 3 = closed;)
   
    $dark = $config['site']['darkborder'];
    $light = $config['site']['lightborder'];
   
    $priority = array(1 => "Low", "Normal", "Emergency");
    $tags = array(1 => "[MAP]", "[WEBSITE]", "[CLIENT]", "[MONSTER]", "[NPC]", "[OTHER]");
       
    if($group_id_of_acc_logged >= $config['site']['access_admin_panel'] and $_REQUEST['control'] == "true")
    {
        if(empty($_REQUEST['id']) and empty($_REQUEST['acc']) or !is_numeric($_REQUEST['acc']) or !is_numeric($_REQUEST['id']) )
            $bug[1] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `type` = 1 order by `uid` desc');
       
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
            $bug[2] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 1')->fetch();
       
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
        {
            if(!empty($_REQUEST['reply']))
                $reply=true;
               
            $account = $ots->createObject('Account');
            $account->load($_REQUEST['acc']);
            $account->isLoaded();
            $players = $account->getPlayersList();
           
            if(!$reply)
            {
                if($bug[2]['status'] == 2)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($bug[2]['status'] == 4)
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
                elseif($bug[2]['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($bug[2]['status'] == 1)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                   
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';                            
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=40%><img src=bug/report.png> <b>Subject:</b></td><td> '.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].'  '.$value.'</td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$light.'"><td><img src=bug/pri.gif> <b>Priority:</b></td><td> <img src=bug/'.$bug[2]['priority'].'.png> '.$priority[$bug[2]['priority']].'';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td><img src=bug/tibia.png> <b>Posted by:</b></td><td>';    
               
               
                foreach($players as $player)
                {
                    $main_content .= '<img src=bug/t.png> '.$player->getName().'<br>';
                }
               
                $main_content .= '</td></tr>';
                $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><b>Description:</b></td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';    
                $main_content .= '</TABLE>';
               
                $answers = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`');
               
                $ot = $config['site']['worlds'];
               
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
                        $who = "<img src=bug/staff.gif> <font color=red><b>SUPPORT</b></font>";
                    else
                        $who = "<img src=bug/player.gif> <font color=green><b>PLAYER</b></font>";
                       
                    $main_content .= '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';                            
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=70%><img src=bug/tibia.png><i><b>Posted by:</b></i></td><td>'.$who.'</td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><i><b>Description:</b></i></td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';    
                    $main_content .= '</TABLE>';
                }
                if($bug[2]['status'] < 3)
                    $main_content .= '<br><a rel="nofollow" href="index.php?subtopic=bugtracker&amp;control=true&amp;id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
            }
            else
            {
                if($bug[2]['status'] < 3)
                {
                    $reply = $SQL->query('SELECT MAX(reply) FROM `z_bug_tracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2')->fetch();
                    $reply = $reply[0] + 1;
                    $iswho = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply` desc limit 1')->fetch();
 
                    if(isset($_POST['finish']))
                    {
                        if(empty($_POST['text']))
                            $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                        if($iswho['who'] == 1)
                            $error[] = "<font color=black><b>You must wait for User answer.</b></font>";
                        if(empty($_POST['status']))
                            $error[] = "<font color=black><b>Status cannot be empty.</b></font>";
                           
                           
                        if(!empty($error))
                        {
                            foreach($error as $errors)
                                $main_content .= ''.$errors.'<br>';
                        }
                        else
                        {
                            $type = 2;
                            $INSERT = $SQL->query('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`reply`,`type`, `who`) VALUES ('.$SQL->quote($_REQUEST['acc']).','.$SQL->quote($_REQUEST['id']).','.$SQL->quote($_POST['text']).','.$SQL->quote($reply).','.$SQL->quote($type).','.$SQL->quote(1).')');
                            $UPDATE = $SQL->query('UPDATE `z_bug_tracker` SET `status` = '.$_POST['status'].' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].'');
                            header('Location: index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
                        }
                    }
                    $main_content .= '<br><form method="post" action=""><table><tr><td>Message:</i></td><td><textarea name="text" rows="3" cols="25"></textarea></td></tr><tr><td><br><font color=gray><b>IN PROGRESS</b></font> <img src=bug/waiting.gif></td><td><input type=radio name=status value=2></td></tr><tr><td><font color=green><b>SUPPORTED <img src=bug/success.PNG></b></font></td><td><input type=radio name=status value=4></td></tr><tr><td><font color=red><b>NOT A BUG <img src=http://www.iscr.com/imagenes/menu/cancel.gif></b></font></td><td><input type=radio name=status value=3></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
                }
                else
                {
                    $main_content .= "<br><font color=black><b>You can't add answer to closed bug thread.</b></font>";
                }
            }
           
            $post=true;
        }
        if(!$post)
        {
            $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD colspan=2 CLASS=white><B>Bug Tracker Admin</B></TD></TR>';            
            $i=1;
            foreach($bug[1] as $report)
            {
           
             
                if($report['status'] == 2)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($report['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($report['status'] == 4)
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/success.PNG>";
                elseif($report['status'] == 1)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                           
                if(is_int($i / 2))
                {
                    $bgcolor = $dark;
                }
                else
                {
                    $bgcolor = $light;
                }
 
                $main_content .= '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><img src=bug/'.$report['priority'].'.png> <a rel="nofollow" href="index.php?subtopic=bugtracker&amp;control=true&amp;id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
                       
                $showed=true;
                $i++;
            }
            $main_content .= '</TABLE>';
        }
    }
    else
    {        
        $acc = $account_logged->getId();
        $account_players = $account_logged->getPlayersList();
       
        foreach($account_players as $player)
        {
            $allow=true;
        }
       
        if(!empty($_REQUEST['id']))
            $id = addslashes(htmlspecialchars(trim($_REQUEST['id'])));
       
        if(empty($_REQUEST['id']))
            $bug[1] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `type` = 1 order by `id` desc');
       
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']))
            $bug[2] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 1')->fetch();
        else
            $bug[2] = NULL;
           
        if(!empty($_REQUEST['id']) and $bug[2] != NULL)
        {
            if(!empty($_REQUEST['reply']))
                $reply=true;
           
            if(!$reply)
            {
           
 
                if($bug[2]['status'] == 1)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($bug[2]['status'] == 2)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                elseif($bug[2]['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($bug[2]['status'] == 4)    
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
 
                   
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';                            
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=40%><img src=bug/report.png><b> Subject:</b></td><td> '.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$light.'"><td><img src=bug/pri.gif> <b>Priority:</b></td><td> <img src=bug/'.$bug[2]['priority'].'.png> '.$priority[$bug[2]['priority']].'';  
               
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td><img src=bug/tibia.png> <b>Posted by:</b></td><td>';    
                $main_content .= '<img src=bug/t.png> You <br>';
           
                 
                $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><b>Description:</b></td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';    
                $main_content .= '</TABLE>';
               
                $answers = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`');
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
                        $who = "<img src=bug/staff.gif> <font color=red><b>SUPPORT</b></font>";
                    else
                        $who = "<img src=bug/player.gif> <font color=green><b>YOU</b></font>";
                       
                    $main_content .= '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';                            
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=70%><img src=bug/tibia.png><i><b> Posted by:</b></i></td><td>'.$who.'</td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><i><b>Description:</b></i></td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';    
                    $main_content .= '</TABLE>';
                }
                if($bug[2]['status'] != 3)
                    $main_content .= '<br><a rel="nofollow" href="index.php?subtopic=bugtracker&amp;id='.$id.'&reply=true"><b>[REPLY]</b></a>';
            }
            else
            {
                if($bug[2]['status'] != 3)
                {
                    $reply = $SQL->query('SELECT MAX(reply) FROM `z_bug_tracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2')->fetch();
                    $reply = $reply[0] + 1;
                    $iswho = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2 order by `reply` desc limit 1')->fetch();
 
                    if(isset($_POST['finish']))
                    {
                        if(empty($_POST['text']))
                            $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                        if($iswho['who'] == 0)
                            $error[] = "<font color=black><b>You must wait for Administrator answer.</b></font>";
                        if(!$allow)
                            $error[] = "<font color=black><b>You haven't any characters on account.</b></font>";
                           
                        if(!empty($error))
                        {
                            foreach($error as $errors)
                                $main_content .= ''.$errors.'<br>';
                        }
                        else
                        {
                            $type = 2;
                            $INSERT = $SQL->query('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`reply`,`type`) VALUES ('.$SQL->quote($acc).','.$SQL->quote($id).','.$SQL->quote($_POST['text']).','.$SQL->quote($reply).','.$SQL->quote($type).')');
                            $UPDATE = $SQL->query('UPDATE `z_bug_tracker` SET `status` = 1 where `account` = '.$acc.' and `id` = '.$id.'');
                            header('Location: index.php?subtopic=bugtracker&id='.$id.'');
                        }
                    }
                    $main_content .= '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
                }
                else
                {
                    $main_content .= "<br><font color=black><b>You can't add answer to closed bug thread.</b></font>";
                }
            }
           
            $post=true;
        }
        elseif(!empty($_REQUEST['id']) and $bug[2] == NULL)
        {
            $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD CLASS=white><B>Bug Tracker</B></TD></TR>';                            
            $main_content .= '<TR BGCOLOR="'.$dark.'"><td><i>Bug doesn\'t exist.</i></td></tr>';    
            $main_content .= '</TABLE>';
            $post=true;
        }
       
        if(!$post)
        {
            if($_REQUEST['add'] != TRUE)
            {
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD colspan=2 CLASS=white><B>Bug Tracker</B></TD></TR>';            
                foreach($bug[1] as $report)
                {
                    if($report['status'] == 1)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                    elseif($report['status'] == 2)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                    elseif($report['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                    elseif($report['status'] == 4)                    
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
                       
                    if(is_int($report['id'] / 2))
                    {
                        $bgcolor = $dark;
                    }
                    else
                    {
                        $bgcolor = $light;
                    }
 
                    $main_content .= '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><img src=bug/'.$report['priority'].'.png> <a rel="nofollow" href="index.php?subtopic=bugtracker&amp;id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
                   
                    $showed=true;
                }
               
                if(!$showed)
                {
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td><i>You don\'t have reported any bugs.</i></td></tr>';    
                }
                $main_content .= '</TABLE>';
               
                $main_content .= '<br><a rel="nofollow" href="index.php?subtopic=bugtracker&amp;add=true"><b>[ADD REPORT]</b></a>';
            }
            elseif($_REQUEST['add'] == TRUE)
            {
                $thread = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$acc.' and `type` = 1 order by `id` desc')->fetch();
                $id_next = $SQL->query('SELECT MAX(id) FROM `z_bug_tracker` where `account` = '.$acc.' and `type` = 1')->fetch();
                $id_next = $id_next[0] + 1;
               
                if(empty($thread))
                    $thread['status'] = 3;
                   
                if(isset($_POST['submit']))
                {
                    if($thread['status'] != 3)
                        $error[] = "<font color=black><b>Can be only 1 open bug thread.</b></font>";
                    if(empty($_POST['subject']))
                        $error[] = "<font color=black><b>Subject cannot be empty.</b></font>";
                    if(empty($_POST['text']))
                        $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                    if(!$allow)
                        $error[] = "<font color=black><b>You haven't any characters on account.</b></font>";
                    if(empty($_POST['tags']))
                        $error[] = "<font color=black><b>Tag cannot be empty.</b></font>";
                       
                    if(!empty($error))
                    {
                        foreach($error as $errors)
                            $main_content .= ''.$errors.'<br>';
                    }
                    else
                    {
                        $type = 1;
                        $status = 1;
                        $INSERT = $SQL->query(mysql_real_escape_string('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`type`,`subject`,`status`,`tag`,`priority`) VALUES ('.$SQL->quote($acc).','.$SQL->quote($id_next).','.$SQL->quote($_POST['text']).','.$SQL->quote($type).','.$SQL->quote($_POST['subject']).','.$SQL->quote($status).','.$SQL->quote($_POST['tags']).','.$SQL->quote($_POST['priority']).')'));
                        header('Location: index.php?subtopic=bugtracker&id='.$id_next.'');
                    }
                       
                }
                $main_content .= '<br><form method="post" action=""><font size=4><b>Bug Tracker</b></font><br><br><br><table><tr><td><img src=bug/report.png> <b>Subject:</b></td><td><input type=text name="subject"/></td></tr><tr><td><img src=bug/des.png><b>Description:</b></td><td><textarea name="text" rows="4" cols="15"></textarea></td></tr><tr><td><img src=bug/tag.png> <b>TAG:</b></td><td><select name="tags"><option value="">SELECT</option>';
               
                for($i = 1; $i <= count($tags); $i++)
                {
                    $main_content .= '<option value="' . $i . '">' . $tags[$i] . '</option>';
                }
               
               $main_content .= '</td></tr><tr><td><br><img src=bug/pri.gif> <b>Priority:</b></td><td><br><select name="priority"><option value="">SELECT</option>';
               
                for($i = 1; $i <= count($priority); $i++)
                {
                    $main_content .= '<option value="' . $i . '">' . $priority[$i] . '</option>';
                }
               
               
                $main_content .= '</select></tr></tr></table><br><input type="submit" name="submit" value="Submit" class="input2"/></form>';
            }
        }
    }
   
    if($group_id_of_acc_logged >= $config['site']['access_admin_panel'] and empty($_REQUEST['control']))
    {
        $main_content .= '<br><br><a rel="nofollow" href="index.php?subtopic=bugtracker&amp;control=true">[ADMIN PANEL]</a>';
    }
}
else
{
    $main_content .= 'Please enter your account name and your password.<br/><a rel="nofollow" href="?subtopic=createaccount" >Create an account</a> if you do not have one yet.<br/><br/><form action="?subtopic=bugtracker" method="post" ><div class="TableContainer" >  <table class="Table1" cellpadding="0" cellspacing="0" >    <div class="CaptionContainer" >      <div class="CaptionInnerContainer" >        <span class="CaptionEdgeLeftTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionBorderTop" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span>        <span class="CaptionVerticalLeft" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span>        <div class="Text" >Account Login</div>        <span class="CaptionVerticalRight" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span>        <span class="CaptionBorderBottom" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span>        <span class="CaptionEdgeLeftBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>      </div>    </div>    <tr>      <td>        <div class="InnerTableContainer" >          <table style="width:100%;" ><tr><td class="LabelV" ><span >Account Name:</span></td><td style="width:100%;" ><input type="password" name="account_login" SIZE="10" maxlength="10" ></td></tr><tr><td class="LabelV" ><span >Password:</span></td><td><input type="password" name="password_login" size="30" maxlength="29" ></td></tr>          </table>        </div>  </table></div></td></tr><br/><table width="100%" ><tr align="center" ><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=lostaccount" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Account lost?" alt="Account lost?" src="'.$layout_name.'/images/buttons/_sbutton_accountlost.gif" ></div></div></td></tr></form></table></td></tr></table>';
}
?>

- - - Updated - - -

I have Fixed the Php code so its 100% secure

MY EYES! THEY BURN! Why can't people start doing it right with gesior

Tuslawek · Jan 24, 2013

i am using gesior 2012 0.4 rev and when i click on any bug from admin panel nothing appear

any suggestions?

dustot · Mar 1, 2013

What do i have to add on Layout.php?
Thanks REP+ if help.

- - - Updated - - -

thanks to @Kyoshiro

ricotjeh · Mar 16, 2013

Find This in layout.php:

<div id='account_Submenu' class='Submenu'> // or any other submenu as u desire.

then it starts listing the subclasses, for example : <a href='?subtopic=accountmanagement'>
At the end of a subclass, (after </div> </a> ) insert code.

<a href='?subtopic=Bug'>
<div id='submenu_BugTracker' class='Submenuitem' onMouseOver='MouseOverSubmenuItem(this)' onMouseOut='MouseOutSubmenuItem(this)'>
<div class='LeftChain' style='background-image:url(<?PHP echo $layout_name; ?>/images/general/chain.gif);'></div>
<div id='ActiveSubmenuItemIcon_accountmanagement' class='ActiveSubmenuItemIcon' style='background-image:url(<?PHP echo $layout_name; ?>/images/menu/icon-activesubmenu.gif);'></div>
<div class='SubmenuitemLabel'>Bug Tracker</div>
<div class='RightChain' style='background-image:url(<?PHP echo $layout_name; ?>/images/general/chain.gif);'></div>
</div>
</a>

- - - Updated - - -

I got everything working, Untill when i want to open the reported bugs in the admin pannel, i get redirected to a blanco page...
Also, the file included is called bug, i had to copy it and name it bugtracker, otherwise it wouldnt redirect corectly.

Any Fix on the Blanco redirect when opening a report?

Cornex · Mar 17, 2013

Tuslawek said:
i am using gesior 2012 0.4 rev and when i click on any bug from admin panel nothing appear any suggestions?

Try this! :

PHP:

<?php
if(!defined('INITIALIZED'))
	exit;
	
/*CREATE TABLE z_bug_tracker (
  `account` varchar(255) NOT NULL,
  `type` int(11) NOT NULL,
  `status` int(11) NOT NULL,
  `text` text NOT NULL,
  `id` int(11) NOT NULL,
  `subject` varchar(255) NOT NULL,
  `priority` int(11) NOT NULL,
  `reply` int(11) NOT NULL,
  `who` int(11) NOT NULL,
  `uid` int(11) NOT NULL AUTO_INCREMENT,
  `tag` int(11) NOT NULL,
  PRIMARY KEY (uid)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1*/

	
if($logged)
{
    // type (1 = question; 2 = answer)
    // status (1 = open; 2 = new message; 3 = closed;)
    
    $dark = $config['site']['darkborder'];
    $light = $config['site']['lightborder'];
    
    $priority = array(1 => "Low", "Normal", "Emergency");
    $tags = array(1 => "[MAP]", "[WEBSITE]", "[CLIENT]", "[MONSTER]", "[NPC]", "[OTHER]");
        
    if($group_id_of_acc_logged >= $config['site']['access_admin_panel'] and $_REQUEST['control'] == "true")
    {
        if(empty($_REQUEST['id']) and empty($_REQUEST['acc']) or !is_numeric($_REQUEST['acc']) or !is_numeric($_REQUEST['id']) )
            $bug[1] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `type` = 1 order by `uid` desc');
        
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
            $bug[2] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 1')->fetch();
        
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']) and !empty($_REQUEST['acc']) and is_numeric($_REQUEST['acc']))
        {
            if(!empty($_REQUEST['reply']))
                $reply=true;
                
            $account = new Account();
            $players = $account_logged->getPlayersList();
            
            if(!$reply)
            {
                if($bug[2]['status'] == 2)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($bug[2]['status'] == 4)
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
                elseif($bug[2]['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($bug[2]['status'] == 1)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                    
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';                            
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=40%><img src=bug/report.png> <b>Subject:</b></td><td> '.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].'  '.$value.'</td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$light.'"><td><img src=bug/pri.gif> <b>Priority:</b></td><td> <img src=bug/'.$bug[2]['priority'].'.png> '.$priority[$bug[2]['priority']].'';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td><img src=bug/tibia.png> <b>Posted by:</b></td><td>';    
                
                
                foreach($players as $player)
                {
                    $main_content .= '<img src=bug/t.png> '.$player->getName().'<br>';
                }
                
                $main_content .= '</td></tr>';
                $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><b>Description:</b></td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';    
                $main_content .= '</TABLE>';
                
                $answers = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`');
                
                $ot = $config['site']['worlds'];
                
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
                        $who = "<img src=bug/staff.gif> <font color=red><b>SUPPORT</b></font>";
                    else
                        $who = "<img src=bug/player.gif> <font color=green><b>PLAYER</b></font>";
                        
                    $main_content .= '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';                            
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=70%><img src=bug/tibia.png><i><b>Posted by:</b></i></td><td>'.$who.'</td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><i><b>Description:</b></i></td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';    
                    $main_content .= '</TABLE>';
                }
                if($bug[2]['status'] < 3)
                    $main_content .= '<br><a href="index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'&reply=true"><b>[REPLY]</b></a>';
            }
            else
            {
                if($bug[2]['status'] < 3)
                {
                    $reply = $SQL->query('SELECT MAX(reply) FROM `z_bug_tracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2')->fetch();
                    $reply = $reply[0] + 1;
                    $iswho = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply` desc limit 1')->fetch();

                    if(isset($_POST['finish']))
                    {
                        if(empty($_POST['text']))
                            $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                        if($iswho['who'] == 1)
                            $error[] = "<font color=black><b>You must wait for User answer.</b></font>";
                        if(empty($_POST['status']))
                            $error[] = "<font color=black><b>Status cannot be empty.</b></font>";
                            
                            
                        if(!empty($error))
                        {
                            foreach($error as $errors)
                                $main_content .= ''.$errors.'<br>';
                        }
                        else
                        {
                            $type = 2;
                            $INSERT = $SQL->query('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`reply`,`type`, `who`) VALUES ('.$SQL->quote($_REQUEST['acc']).','.$SQL->quote($_REQUEST['id']).','.$SQL->quote($_POST['text']).','.$SQL->quote($reply).','.$SQL->quote($type).','.$SQL->quote(1).')');
                            $UPDATE = $SQL->query('UPDATE `z_bug_tracker` SET `status` = '.$_POST['status'].' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].'');
                            header('Location: index.php?subtopic=bugtracker&control=true&id='.$_REQUEST['id'].'&acc='.$_REQUEST['acc'].'');
                        }
                    }
                    $main_content .= '<br><form method="post" action=""><table><tr><td>Message:</i></td><td><textarea name="text" rows="3" cols="25"></textarea></td></tr><tr><td><br><font color=gray><b>IN PROGRESS</b></font> <img src=bug/waiting.gif></td><td><input type=radio name=status value=2></td></tr><tr><td><font color=green><b>SUPPORTED <img src=http://www.binarybiz.com/support/faq/admin/images/success.gif></b></font></td><td><input type=radio name=status value=4></td></tr><tr><td><font color=red><b>NOT A BUG <img src=http://www.iscr.com/imagenes/menu/cancel.gif></b></font></td><td><input type=radio name=status value=3></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
                }
                else
                {
                    $main_content .= "<br><font color=black><b>You can't add answer to closed bug thread.</b></font>";
                }
            }
            
            $post=true;
        }
        if(!$post)
        {
            $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD colspan=2 CLASS=white><B>Bug Tracker Admin</B></TD></TR>';            
            $i=1;
            foreach($bug[1] as $report)
            {
            
              
                if($report['status'] == 2)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($report['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($report['status'] == 4)
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
                elseif($report['status'] == 1)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                            
                if(is_int($i / 2))
                {
                    $bgcolor = $dark;
                }
                else
                {
                    $bgcolor = $light;
                }

                $main_content .= '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><img src=bug/'.$report['priority'].'.png> <a href="index.php?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
                        
                $showed=true;
                $i++;
            }
            $main_content .= '</TABLE>';
        }
    }
    else
    {        
        $acc = $account_logged->getId();
        $account_players = $account_logged->getPlayersList();
        
        foreach($account_players as $player)
        {
            $allow=true;
        }
        
        if(!empty($_REQUEST['id']))
            $id = addslashes(htmlspecialchars(trim($_REQUEST['id'])));
        
        if(empty($_REQUEST['id']))
            $bug[1] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `type` = 1 order by `id` desc');
        
        if(!empty($_REQUEST['id']) and is_numeric($_REQUEST['id']))
            $bug[2] = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 1')->fetch();
        else
            $bug[2] = NULL;
            
        if(!empty($_REQUEST['id']) and $bug[2] != NULL)
        {
            if(!empty($_REQUEST['reply']))
                $reply=true;
            
            if(!$reply)
            {
            

                if($bug[2]['status'] == 1)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                elseif($bug[2]['status'] == 2)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                elseif($bug[2]['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                elseif($bug[2]['status'] == 4)     
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";

                    
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';                            
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=40%><img src=bug/report.png><b> Subject:</b></td><td> '.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$light.'"><td><img src=bug/pri.gif> <b>Priority:</b></td><td> <img src=bug/'.$bug[2]['priority'].'.png> '.$priority[$bug[2]['priority']].'';  
                
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td><img src=bug/tibia.png> <b>Posted by:</b></td><td>';    
                $main_content .= '<img src=bug/t.png> You <br>';
            
                  
                $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><b>Description:</b></td></tr>';    
                $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';    
                $main_content .= '</TABLE>';
                
                $answers = $SQL->query('SELECT * FROM '.$SQL->tableName('z_bug_tracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`');
                foreach($answers as $answer)
                {
                    if($answer['who'] == 1)
                        $who = "<img src=bug/staff.gif> <font color=red><b>SUPPORT</b></font>";
                    else
                        $who = "<img src=bug/player.gif> <font color=green><b>YOU</b></font>";
                        
                    $main_content .= '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';                            
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td width=70%><img src=bug/tibia.png><i><b> Posted by:</b></i></td><td>'.$who.'</td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$light.'"><td colspan=2><img src=bug/des.png><i><b>Description:</b></i></td></tr>';    
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';    
                    $main_content .= '</TABLE>';
                }
                if($bug[2]['status'] != 3)
                    $main_content .= '<br><a href="index.php?subtopic=bugtracker&id='.$id.'&reply=true"><b>[REPLY]</b></a>';
            }
            else
            {
                if($bug[2]['status'] != 3)
                {
                    $reply = $SQL->query('SELECT MAX(reply) FROM `z_bug_tracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2')->fetch();
                    $reply = $reply[0] + 1;
                    $iswho = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$acc.' and `id` = '.$id.' and `type` = 2 order by `reply` desc limit 1')->fetch();

                    if(isset($_POST['finish']))
                    {
                        if(empty($_POST['text']))
                            $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                        if($iswho['who'] == 0)
                            $error[] = "<font color=black><b>You must wait for Administrator answer.</b></font>";
                        if(!$allow)
                            $error[] = "<font color=black><b>You haven't any characters on account.</b></font>";
                            
                        if(!empty($error))
                        {
                            foreach($error as $errors)
                                $main_content .= ''.$errors.'<br>';
                        }
                        else
                        {
                            $type = 2;
                            $INSERT = $SQL->query('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`reply`,`type`) VALUES ('.$SQL->quote($acc).','.$SQL->quote($id).','.$SQL->quote($_POST['text']).','.$SQL->quote($reply).','.$SQL->quote($type).')');
                            $UPDATE = $SQL->query('UPDATE `z_bug_tracker` SET `status` = 1 where `account` = '.$acc.' and `id` = '.$id.'');
                            header('Location: index.php?subtopic=bugtracker&id='.$id.'');
                        }
                    }
                    $main_content .= '<br><form method="post" action=""><table><tr><td><i>Description</i></td><td><textarea name="text" rows="15" cols="35"></textarea></td></tr></table><br><input type="submit" name="finish" value="Submit" class="input2"/></form>';
                }
                else
                {
                    $main_content .= "<br><font color=black><b>You can't add answer to closed bug thread.</b></font>";
                }
            }
            
            $post=true;
        }
        elseif(!empty($_REQUEST['id']) and $bug[2] == NULL)
        {
            $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD CLASS=white><B>Bug Tracker</B></TD></TR>';                            
            $main_content .= '<TR BGCOLOR="'.$dark.'"><td><i>Bug doesn\'t exist.</i></td></tr>';    
            $main_content .= '</TABLE>';
            $post=true;
        }
        
        if(!$post)
        {
            if($_REQUEST['add'] != TRUE)
            {
                $main_content .= '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['site']['vdarkborder'].'><TD colspan=2 CLASS=white><B>Bug Tracker</B></TD></TR>';            
                foreach($bug[1] as $report)
                {
                    if($report['status'] == 1)
                    $value = "<font color=gray><b>WAITING</b> <img src=bug/waiting.gif></font>";
                    elseif($report['status'] == 2)
                    $value = "<font color=#4169E1><b>NEW ANSWER</b></font> <img src=bug/new.png>";
                    elseif($report['status'] == 3)
                    $value = "<font color=red><b>NOT A BUG</b></font> <img src=bug/closed.png>";
                    elseif($report['status'] == 4)                    
                    $value = "<font color=green><b>SUPPORTED</b></font> <img src=bug/ok.png>";
                        
                    if(is_int($report['id'] / 2))
                    {
                        $bgcolor = $dark;
                    }
                    else
                    {
                        $bgcolor = $light;
                    }

                    $main_content .= '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><img src=bug/'.$report['priority'].'.png> <a href="index.php?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';            
                    
                    $showed=true;
                }
                
                if(!$showed)
                {
                    $main_content .= '<TR BGCOLOR="'.$dark.'"><td><i>You don\'t have reported any bugs.</i></td></tr>';    
                }
                $main_content .= '</TABLE>';
                
                $main_content .= '<br><a href="index.php?subtopic=bugtracker&add=true"><b>[ADD REPORT]</b></a>';
            }
            elseif($_REQUEST['add'] == TRUE)
            {
                $thread = $SQL->query('SELECT * FROM `z_bug_tracker` where `account` = '.$acc.' and `type` = 1 order by `id` desc')->fetch();
                $id_next = $SQL->query('SELECT MAX(id) FROM `z_bug_tracker` where `account` = '.$acc.' and `type` = 1')->fetch();
                $id_next = $id_next[0] + 1;
                
                if(empty($thread))
                    $thread['status'] = 3;
                    
                if(isset($_POST['submit']))
                {
                    if($thread['status'] != 3)
                        $error[] = "<font color=black><b>Can be only 1 open bug thread.</b></font>";
                    if(empty($_POST['subject']))
                        $error[] = "<font color=black><b>Subject cannot be empty.</b></font>";
                    if(empty($_POST['text']))
                        $error[] = "<font color=black><b>Description cannot be empty.</b></font>";
                    if(!$allow)
                        $error[] = "<font color=black><b>You haven't any characters on account.</b></font>";
                    if(empty($_POST['tags']))
                        $error[] = "<font color=black><b>Tag cannot be empty.</b></font>";
                        
                    if(!empty($error))
                    {
                        foreach($error as $errors)
                            $main_content .= ''.$errors.'<br>';
                    }
                    else
                    {
                        $type = 1;
                        $status = 1;
                        $INSERT = $SQL->query('INSERT INTO `z_bug_tracker` (`account`,`id`,`text`,`type`,`subject`,`status`,`tag`,`priority`) VALUES ('.$SQL->quote($acc).','.$SQL->quote($id_next).','.$SQL->quote($_POST['text']).','.$SQL->quote($type).','.$SQL->quote($_POST['subject']).','.$SQL->quote($status).','.$SQL->quote($_POST['tags']).','.$SQL->quote($_POST['priority']).')');
                        header('Location: index.php?subtopic=bugtracker&id='.$id_next.'');
                    }
                        
                }
                $main_content .= '<br><form method="post" action=""><font size=4><b>Bug Tracker</b></font><br><br><br><table><tr><td><img src=bug/report.png> <b>Subject:</b></td><td><input type=text name="subject"/></td></tr><tr><td><img src=bug/des.png><b>Description:</b></td><td><textarea name="text" rows="4" cols="15"></textarea></td></tr><tr><td><img src=bug/tag.png> <b>TAG:</b></td><td><select name="tags"><option value="">SELECT</option>';
                
                for($i = 1; $i <= count($tags); $i++)
                {
                    $main_content .= '<option value="' . $i . '">' . $tags[$i] . '</option>';
                }
                
               $main_content .= '</td></tr><tr><td><br><img src=bug/pri.gif> <b>Priority:</b></td><td><br><select name="priority"><option value="">SELECT</option>';
                
                for($i = 1; $i <= count($priority); $i++)
                {
                    $main_content .= '<option value="' . $i . '">' . $priority[$i] . '</option>';
                }
               
                
                $main_content .= '</select></tr></tr></table><br><input type="submit" name="submit" value="Submit" class="input2"/></form>';
            }
        }
    }
    
    if($group_id_of_acc_logged >= $config['site']['access_admin_panel'] and empty($_REQUEST['control']))
    {
        $main_content .= '<br><br><a href="index.php?subtopic=bugtracker&control=true">[ADMIN PANEL]</a>';
    }
}
else
{
    $main_content .= 'Please enter your account name and your password.<br/><a href="?subtopic=createaccount" >Create an account</a> if you do not have one yet.<br/><br/><form action="?subtopic=bugtracker" method="post" ><div class="TableContainer" >  <table class="Table1" cellpadding="0" cellspacing="0" >    <div class="CaptionContainer" >      <div class="CaptionInnerContainer" >        <span class="CaptionEdgeLeftTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionBorderTop" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span>        <span class="CaptionVerticalLeft" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span>        <div class="Text" >Account Login</div>        <span class="CaptionVerticalRight" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif);" /></span>        <span class="CaptionBorderBottom" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif);" ></span>        <span class="CaptionEdgeLeftBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>        <span class="CaptionEdgeRightBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif);" /></span>      </div>    </div>    <tr>      <td>        <div class="InnerTableContainer" >          <table style="width:100%;" ><tr><td class="LabelV" ><span >Account Name:</span></td><td style="width:100%;" ><input type="password" name="account_login" SIZE="10" maxlength="10" ></td></tr><tr><td class="LabelV" ><span >Password:</span></td><td><input type="password" name="password_login" size="30" maxlength="29" ></td></tr>          </table>        </div>  </table></div></td></tr><br/><table width="100%" ><tr align="center" ><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=lostaccount" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url('.$layout_name.'/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url('.$layout_name.'/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Account lost?" alt="Account lost?" src="'.$layout_name.'/images/buttons/_sbutton_accountlost.gif" ></div></div></td></tr></form></table></td></tr></table>';
}

ricotjeh · Mar 19, 2013

Thanks Cornex!

Solved for me

Sir Gabriiel · Mar 31, 2013

I have a problem ...

When I go to add the bug, gives error ...

The page is blank

Elynnia - Reportar Bug

- - - Updated - - -

The tables have already been created and the problem will not yet solved

Cornex · Mar 31, 2013

Sir Gabriiel said:
I have a problem ...

When I go to add the bug, gives error ...

The page is blank

Elynnia - Reportar Bug

- - - Updated - - -

The tables have already been created and the problem will not yet solved

Use the script i posted, 2 posts up

Sir Gabriiel · Mar 31, 2013

_CorneX_ said:
Use the script i posted, 2 posts up

I'm using now and look

http://elynnia.net/index.php?subtopic=bugtracker

The page does not open

Cornex · Mar 31, 2013

Sir Gabriiel said:
I'm using now and look

http://elynnia.net/index.php?subtopic=bugtracker

The page does not open

It should work on gesior 1.0.1, if you use another gesior then i don't know..

Sir Gabriiel · Mar 31, 2013

_CorneX_ said:
It should work on gesior 1.0.1, if you use another gesior then i don't know..

I use Gesior and an operating system Ubuntu.
Does the error is not in the permissions?

- - - Updated - - -

Error When I go to add the bug, gives error ...

Elynnia - Reportar Bug

elia3343 · Feb 9, 2015

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42S22]: Column not found: 1054 Unknown column 'priority' in 'field list'' in C:\xampp\htdocs\bug.php:339 Stack trace: #0 C:\xampp\htdocs\bug.php(339): PDO->query('INSERT INTO `z_...') #1 C:\xampp\htdocs\index.php(118): include('C:\xampp\htdocs...') #2 {main} thrown in C:\xampp\htdocs\bug.php on line 339

Mr Erimyth · Jan 26, 2016

Button submit dont work anyone can help me?

djsoja · Jan 11, 2017

"Can be only 1 open bug thread."

Why?? , how to change limit ?

djsoja · Jan 12, 2017

[Gesior AAC] Advanced Bug Tracker

Herpicus

Web Developer

Tuslawek

New Member

dustot

New Member

ricotjeh

New Member

Cornex

Web Developer

ricotjeh

New Member

Sir Gabriiel

New Member

Cornex

Web Developer

Sir Gabriiel

New Member

Cornex

Web Developer

Sir Gabriiel

New Member

elia3343

Hoster

Mr Erimyth

Member

djsoja

New Member

djsoja

New Member