T Logical Error - please help

[tMicky]

Can someone help me figure out what the problem is:

Parse error: syntax error, unexpected T_LOGICAL_AND in ./Sources/CustomAction.php on line 38
   
if (!empty($_REQUEST['sa']))
   {
      $request = $smcFunc['db_query']('', '
         SELECT id_action, name, permissions_mode, action_type, header, body
         FROM {db_prefix}custom_actions
         WHERE url = {string:url}
            AND enabled = 1',
            AND id_parent = {int:id_parent}', LINE 38
         array(
            'id_parent' => $context['action']['id_action'],
            'url' => $_REQUEST['sa'],
         )
      );

[Shambles]

Code Select Expand

  AND enabled = 1',

doesn't look right to me (should that single quote be there?)

[JBlaze]

Code Select Expand

  AND enabled = 1',

doesn't look right to me (should that single quote be there?)

Indeed, that quote should be removed, since with it there, PHP is treating the "AND" as a logic operator instead of the string format.

The entire block of code should look like this:

Code Select Expand

if (!empty($_REQUEST['sa']))
   {
      $request = $smcFunc['db_query']('', '
         SELECT id_action, name, permissions_mode, action_type, header, body
         FROM {db_prefix}custom_actions
         WHERE url = {string:url}
            AND enabled = 1,
            AND id_parent = {int:id_parent}',
         array(
            'id_parent' => $context['action']['id_action'],
            'url' => $_REQUEST['sa'],
         )
      );

[tMicky]

Did the fix above and got another error:

Parse error: syntax error, unexpected T_CLASS, expecting ',' or ';' in ./Sources/CustomAction.php(90) : eval()'d code on line 36
this is the whole code

Code Select Expand

<?php
/**********************************************************************************
* CustomAction.php                                                                *
***********************************************************************************
* Software Version:           3.0                                                 *
**********************************************************************************/

if (!defined('SMF'))
die('Hacking attempt...');

function ViewCustomAction()
{
global $context, $smcFunc, $db_prefix, $txt;

// So which custom action is this?
$request = $smcFunc['db_query']('', '
SELECT id_action, name, permissions_mode, action_type, header, body
FROM {db_prefix}custom_actions
WHERE url = {string:url}
AND enabled = 1',
array(
'url' => $context['current_action'],
)
);

$context['action'] = $smcFunc['db_fetch_assoc']($request);

$smcFunc['db_free_result']($request);

// By any chance are we in a sub-action?
if (!empty($_REQUEST['sa']))
  {
     $request = $smcFunc['db_query']('', '
        SELECT id_action, name, permissions_mode, action_type, header, body
        FROM {db_prefix}custom_actions
        WHERE url = {string:url}                                          ***LINE 36
           AND enabled = 1,
           AND id_parent = {int:id_parent}',
        array(
           'id_parent' => $context['action']['id_action'],
           'url' => $_REQUEST['sa'],
        )
     );

if ($smcFunc['db_num_rows']($request) != 0)
{
$sub = $smcFunc['db_fetch_assoc']($request);

$smcFunc['db_free_result']($request);

$context['action']['name'] = $sub['name'];
// Do we have our own permissions?
if ($sub['permissions_mode'] != 2)
{
$context['action']['id_action'] = $sub['id_action'];
$context['action']['permissions_mode'] = $sub['permissions_mode'];
}
$context['action']['action_type'] = $sub['action_type'];
$context['action']['header'] = $sub['header'];
$context['action']['body'] = $sub['body'];
}
}

// Are we even allowed to be here?
if ($context['action']['permissions_mode'] == 1)
{
// Standard message, please.
$txt['cannot_ca_' . $context['action']['id_action']] = '';
isAllowedTo('ca_' . $context['action']['id_action']);
}

// Do this first to allow it to be overwritten by PHP source file code.
$context['page_title'] = $context['action']['name'];

switch ($context['action']['action_type'])
{
// Any HTML headers?
case 0:
$context['html_headers'] .= $context['action']['header'];
break;
// Do we need to parse any BBC?
case 1:
$context['action']['body'] = parse_bbc($context['action']['body']);
break;
// We have some more stuff to do for PHP actions.
case 2:
fixPHP($context['action']['header']);
fixPHP($context['action']['body']);

eval($context['action']['header']);
}

// Get the templates sorted out!
loadTemplate('CustomAction');
$context['sub_template'] = 'view_custom_action';
}

// Get rid of any <? or <?php at the start of code.
function fixPHP(&$code)
{
$code = preg_replace('~^\s*<\?(php)?~', '', $code);
}

?>

[MrPhil]

The error message tells you the problem is on line 90:

Code Select Expand

eval($context['action']['header']);
on line 36 of that eval'd function (as defined in $context['action']['header']). Now your job is to find the problem in that code, and trace back to where it came from and where the error was introduced.

[tMicky]

The error message tells you the problem is on line 90:

Code Select Expand

eval($context['action']['header']);
on line 36 of that eval'd function (as defined in $context['action']['header']). Now your job is to find the problem in that code, and trace back to where it came from and where the error was introduced.

I turned everything off and then back on and the error message now says
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
AND id_parent = 1' at line 4
./Sources/CustomAction.php
Line: 43

LIN3 33-43

Code Select Expand

$request = $smcFunc['db_query']('', '
         SELECT id_action, name, permissions_mode, action_type, header, body
         FROM {db_prefix}custom_actions
         WHERE url = {string:url}
            AND enabled = 1,
            AND id_parent = {int:id_parent}',
         array(
            'id_parent' => $context['action']['id_action'],
            'url' => $_REQUEST['sa'],
         )
      );

[MrPhil]

Remove the comma from

Code Select Expand

AND enabled = 1,
and end up with

Code Select Expand

AND enabled = 1

Whoever wrote this code knows nothing about PHP or MySQL.

[tMicky]

I am starting to think the code is broken. Fixed the "," issue, but now get this error -

Parse error: syntax error, unexpected T_CLASS, expecting ',' or ';' in .Sources/CustomAction.php(90) : eval()'d code on line 36

[MrPhil]

That's the same error you got before, isn't it? At line 90 of CustomAction.php it is eval'ing bad code: line 36 of the string $context['action']['header']. Someone is going to have to dive into that code and see what's wrong and how it got that way. Where did this code come from -- is it from a mod?

[tMicky]

That's the same error you got before, isn't it? At line 90 of CustomAction.php it is eval'ing bad code: line 36 of the string $context['action']['header']. Someone is going to have to dive into that code and see what's wrong and how it got that way. Where did this code come from -- is it from a mod?

It's from a mod, Custom Action.

What I am trying to do is this - http://www.simplemachines.org/community/index.php?topic=417714

I would appreciate any help, cause I checked the poster's site and the mod is working for him.

[MrPhil]

I can't look at it until tonight, but in the meantime, double check your work if you did any manual editing of SMF files. I suspect there's an error somewhere in what you did.

[tMicky]

I can't look at it until tonight, but in the meantime, double check your work if you did any manual editing of SMF files. I suspect there's an error somewhere in what you did.

thank you, I look forward to your help and I will double check my work again

[Angelina Belle]

tMicky,

You are having trouble with php syntax errors, pure and simple.
They can be hard to spot at first, but they are exactly what they say they are.  Punctuation in the wrong place can cause all kinds of confusing results.
If it doesn't cause a syntax error, it can cause the "wrong stuff".  Like a malfomed SQL statement, if that's where the error is.

If you are serious about coding stuff, you might want to look for a free code editor -- one which understands php.  It can help you spot syntax errors before you run them on the server. One that can help you spot matching quotes, curly brackets, et c.  One that can color-codes to show you what is going to be treated like php commands, and what is going to be treated like values (string constants, variables, etc)

After a while, your eyes will get used to what php code needs to look like.  You'll be able to spot the matching quotes as well as any php interpreter.

You might enjoy reading a nice tutorial on using php. That could involve reading what they've got at w3schools.com as well as the manual pages at php.net.
Enjoy!

[tMicky]

I checked the code with a PHP editor, and the only part that came up with the Debug was the "hacking attempt" part from Line 12.

if (!defined('SMF'))
   die('Hacking attempt...');

[MrPhil]

Those lines themselves are fine. They're usually the very first executable statement in a file. Check everything before that to see if a hacker added code or your editing broke something (e.g., ended a comment too early).

[Angelina Belle]

tMickey,

The php file you showed is from N. N.'s Custom Action mod.
I don't know where the extra comma and single-quote came from, but the latest version of the mod does not have these mistakes.
The bad php in that file is NOT in the latest download.  Somebody messed with the CustomAction.php file after the mod was installed?
The easiest way to fix this is to get a new copy of the file from the package .zip file.

The second problem is errors in the code for the custom action.  This code is stored on the database. When it is time to evaluate one of these custom actions, CustomAction.php gets that code from the database. If it is a php-based action, it does an eval on that code.

It seems that you are trying to do a php custom action, and that there are php syntax errors in that code (which is stored on the database). So you get php syntax errors. They could be as simple as the errors you found in your CustomAction.php file, or they could be more complicated. I have not seen the php that is being evaluated, so I do not know.

Where did you get this code?  Did you test this code before you stored it as a custom action? Did it ever work? Has anybody messed with it since then?

From looking at the files in the install package, I found out that, in managesettings, there is a way to list the custom actions and what is stored on the database for them.  You can take a look at what is stored, and you can compare it to the original source of that code, to find out if anything has been changed.  If someone has messed with the code, the simplest thing to do would be to take a new copy and start over, unless you have had a number of important customizations done to it.

The bigger question is: who is messing with your SMF files since the CustomAction mod was installed?  Who has messed with the php you are using for this custom action?