|
PHP - Error Check - Driving Me Crazy
Hey guys! The error is that it seems to display EVERYTHING regardless of the if and else statements. Also, it seems to stop evaluating the rest of the document that "includes" this as soon as its done with this one. dbconnect works and all the session vars carry properly... WTF is going on!?
<?php session_start(); include 'dbconnect.php'; $username = $_SESSION['username']; $q = mysql_query("SELECT User_type FROM account WHERE username = '$username'") or die(mysql_error()); $permission = mysql_fetch_row($q); $permission = $permission[0]; if(isset($_SESSION['username']) && $permission >= 2){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li><li><a href=''><span>"; echo $menu006; echo "</span></a></li>";} elseif($permission <= 1){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li>";} else{ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu005; echo "</span></a></li>"; echo "<span> <form action='login.php' method='POST'> <input type='text' value='username' name='username'> <input type='text' value='password' name='password'> <input type='submit'> </form> </span> </li> </ul> </div> </div>";} ?> Similar TutorialsOk, so the error I get is Parse error: syntax error, unexpected $end in /home/a3868616/public_html/skin_files/skin_manager.php on line 168. In dreamweaver, it tells me there is an error on line 141, which is the first line to be returned ( Code: [Select] <table cellspacing="0" class="tableborder" width="85%" align="center">) in the contract function. I've looked at this over and over, and I can't find any brackets that aren't closed. All of the lines of code seem to be in their correct syntax. I was thinking maybe the EOF in the else after the while was causing it, but same errors different line numbers when I removed that. What the hell can it be!? The whole php file is below. <?php class skin_manager{ function show(){ global $DB, $projectx, $func, $game; return <<<EOF <table cellspacing="0" cellpadding="0" width="100%"> <tr> <td width="40%" valign="top"> <table cellspacing="0" class="tableborder" width="100%"> <tr> <td class="mainrow">Manager Page</td> </tr> <tr> <td> <div class="tablepad"> <table cellspacing="0" cellpadding="3" width="100%"> <tr> <td class="row1"><a href="#">Finances</a></td> </tr> <tr> <td class="row2"><a href="manager.php?act=contracts">Contracts</a></td> </tr> <tr> <td class="row1"><a href="#">Holiday Mode</a></td> </tr> </table> </div> </td> </tr> </table> </td> <td width="2%"></td> <td width="40%"> <table cellspacing="0" class="tableborder" width="100%"> <tr> <td class="mainrow">Manager Releases</td> </tr> <tr> <td> <div class="tablepad"> <table cellspacing="0" cellpadding="3" width="100%"> <tr> <td class="rowheader" colspan="2">Singles</td> </tr> <tr> <td class="row2" width="25%">Gold:</td> <td class="row2" width="75%">{$band_name}</td> </tr> <tr> <td class="row1" width="25%">Platinum:</td> <td class="row1" width="75%">{$band_genre}</td> </tr> <tr> <td class="row2" width="25%">Multi-Platinum:</td> <td class="row2" width="75%">{$band_status}</td> </tr> <tr> <td class="row1" width="25%">Number 1:</td> <td class="row1" width="75%">{$band_created}</td> </tr> <tr> <td class="row1" width="25%">Total:</td> <td class="row1" width="75%">{$band_created}</td> </tr> <tr> <td class="rowheader" colspan="2">Albums</td> </tr> <tr> <td class="row2" width="25%">Gold:</td> <td class="row2" width="75%">{$band_name}</td> </tr> <tr> <td class="row1" width="25%">Platinum:</td> <td class="row1" width="75%">{$band_genre}</td> </tr> <tr> <td class="row2" width="25%">Multi-Platinum:</td> <td class="row2" width="75%">{$band_status}</td> </tr> <tr> <td class="row1" width="25%">Number 1:</td> <td class="row1" width="75%">{$band_created}</td> </tr> <tr> <td class="row1" width="25%">Total:</td> <td class="row1" width="75%">{$band_created}</td> </tr> </table> </div> </td> </tr> </table> </td> <td width="18%"></td> </tr> </table> EOF; } // end function show function contract(){ global $DB, $projectx, $func; $contracts_q = $DB->query("SELECT * FROM `contracts` RIGHT JOIN `bands` ON (contracts.contract_band = bands.band_id) LEFT JOIN `labels` ON (contracts.contract_from = labels.label_id) WHERE contracts.contract_manager='{$projectx->member['id']}'"); if($DB->get_num_rows()){ while($row = $DB->fetch_array($contracts_q)){ $pcontracts .= "<tr>"; if($style != 2){ $class = "row2"; $style = 1; }else{ $class = "row1"; $style = 2; } $pcontracts .= "<td class=\"{$class}\" width=\"20%\">{$row['band_name']}</td>"; $pcontracts .= "<td class=\"{$class}\" width=\"20%\">{$row['label_name']}</td>"; $clength = explode(",", $row['contract_length']); $csingles = explode("|", $clength[0]); $calbums = explode("|", $clength[1]); $pcontracts .= "<td class=\"{$class}\" width=\"30%\">{$csingles[0]} singles ({$csingles[1]}% cut), {$calbums[0]} albums ({$calbums[1]}% cut)</td>"; $pcontracts .= "<td class=\"{$class}\" width=\"10%\">{$row['contract_amount']}</td>"; $pcontracts .= "<td class=\"{$class}\" width=\"20%\">Accept / Reject</td>"; $pcontracts .= "</tr>"; } }else{ $pcontracts = <<<EOF <tr> <td class="row2" colspan="5">You have no contracts.</td> </tr> EOF; } return <<<EOF <table cellspacing="0" class="tableborder" width="85%" align="center"> <tr> <td class="mainrow">Contracts</td> </tr> <tr> <td> <div class="tablepad"> <table cellspacing="0" cellpadding="3" width="100%"> <tr> <td class="rowheader" width="20%">Band</td> <td class="rowheader" width="20%">From</td> <td class="rowheader" width="30%">Terms</td> <td class="rowheader" width="10%">Amount</td> <td class="rowheader" width="20%">Decision</td> </tr> </table> </div> </td> </tr> </table> EOF; } // end function contract } // end class skin_manager ?> Hi, The code below is not yet finished but i left it today and went to do something came back and forgot where i left off half way through code. It says Parse error: syntax error, unexpected $end in C:\wamp\www\member\login.php on line 305. Not on line 305 thou as that is the last line. I think i have missed a parentheses or curly bracelet. My eyes are watering now i have looked over and over. Please someone help. Like i say it's not yet finished or formatted to it's best but hopefully one of you people on here can help me Thanks <?php //ob_start(); // Include config.php require_once("".$_SERVER['DOCUMENT_ROOT']."/lib/config.php"); // top.inc.php require_once($top_inc); ?> <!-- Meta start --> <title><?php echo $websitename; ?> - Member Login</title> <meta name="description" content="<?php echo $websitename; ?> - Member Login" /> <meta name="keywords" content="<?php echo $websitename; ?>, login, signup, register, sign in, signin, sign up" /> <!-- Meta end --> <?php // main.inc.php require_once($main_inc); ?> <!-- CONTENT HERE --> <?php // Check if form has been submitted if(isset($_POST['submit']) && $_SERVER['REQUEST_METHOD'] == 'POST'){ # Connect to databse sql_con(); # Get form data and cleanse $username = msqls(trim($_POST['username'])); $password = msqls(trim($_POST['password'])); $ip = msqls($_SERVER['REMOTE_ADDR']); # Validate form data if (utfstrlen($username) < 1) { $error .= "Please enter your username <br />"; } if (utfstrlen($username) > 0 && !preg_match(constant("USERNAME_REGEX"), $username)) { $error .= "Username invalid format <br />"; } if (utfstrlen($password) < 1) { $error .= "Please enter your password <br />"; } if (utfstrlen($password) > 0 && !preg_match(constant('PASSWORD_REGEX'), $password)) { $error .= "Password invalid format<br />"; } # If error founds display them if(isset($error)){ $SiteErrorMessages = "$error"; SiteErrorMessages(); } # else no errors found continue processing else { # Check if user has activated there account $status_check = mysql_query("SELECT username FROM ".constant("TBL_USERS")." WHERE username = '$username' AND status = '".constant("USER_STATUS_VERIFY")."' LIMIT 1"); # Check if user has requested account to be deleted $delete_check = mysql_query("SELECT username FROM ".constant("TBL_USERS")." WHERE username = '$username' AND status = '".constant("USER_STATUS_DELETE")."' AND password = '".sha1($password)."' LIMIT 1"); # Check if user has been suspended $username_status_check = mysql_query("SELECT username, suspended_note FROM ".constant("TBL_USERS")." WHERE username = '$username' AND status = '".constant("USER_STATUS_SUSPENDED")."' AND password = '".sha1($password)."' LIMIT 1"); # Check above queries if error occurs notify user if(!$delete_check || !$status_check || !$username_status_check){ echo '<h1>Oops something went wrong :(</h1>'; $SiteErrorMessages = "Something went wrong while processing your request. Please try again later. <br /> $websitename has been notified of this error and will investigate further."; SiteErrorMessages(); # This variable will be passed to the site_errors_email_notification function $site_error_email_message_notification = "User Login Failure <br /> A user tried to login but the verify, suspended or delete query check failed. <br /><br /><b>".mysql_error()."</b><br /><br /> There details are below. <br /><br /> Username: <b>$username</b> <br />"; # This function will pass the above variable (message) to the admin error notify function # to send admin an email to notify them of an error site_errors_email_notification(); include("$footer_inc"); exit; } # else queries ok continue processing else { # Check delete query if (mysql_num_rows($delete_check) == 1) { echo '<h1>Account Deletion In Process</h1>'; echo "<p><b>Sorry, you cannot login to your account as you requested your account to be deleted.</b> <b>Your account is queued for deletion from the $websitename database and will be deleted within 24 hours.</b></p>"; echo "<p><b>$websitename sent you a confirmation email when you requested your account to be removed.</b> <b>If you did not make this request via your account please <a href=\"../contactus.php\">contact us</a> immediately.</b></p>"; echo "<p><b>Please note that it may not be possible to recover your account as the process is automated.</b></p>"; header( 'refresh: 60; url=$websiteaddress' ); include ("$footer_inc"); exit; } # Check status query elseif (mysql_num_rows($status_check) == 1) { echo "<h1>Account Activation Required</h1>"; echo "<p><b>You must activate your account via email before you can login.</b></p>"; header( 'refresh: 10; url=resendactivationemail.php' ); include ("$footer_inc"); exit; } # Check username status query elseif (mysql_num_rows($username_status_check) == 1) { $row = mysql_fetch_row($username_status_check); echo "<h1>Account Suspended</h1>"; echo "<p>Dear <b>" . $row[0] . "</b>, <br /> Your account has been suspended. The administrator has left the following message:</p>"; $no_suspended_note = "The administrator has not left a message. <br /> If you feel your account has been suspended in error please contact $websitename <a href=\"/contactus.php\">here</a>."; if (utfstrlen($row[1]) < 1) { $SiteWarningMessages = "$no_suspended_note"; SiteWarningMessages(); include ("$footer_inc"); exit; } else { $SiteWarningMessages = " . $row[1] . "; SiteWarningMessages(); echo '<p>If you feel your account has been suspended in error please contact ' . $websitename . ' <a href="/contactus.php">here</a>.<br /> <b>Please include your username when contacting ' . $websitename . '.</b></p>'; include ("$footer_inc"); exit; } } # else user must be ok to login so continue ... else { # Login Query $query = mysql_query("SELECT id, admin, username, first_name, last_name, email, last_visited, date_time, websiteurl, msn, aim, yim, twitter, gender FROM ".constant("TBL_USERS")." WHERE username = '$username' AND password = '".sha1($password)."' LIMIT 1"); # Check login query if(!$query){ echo '<h1>Oops something went wrong</h1>'; $SiteErrorMessages = "Something went wrong while trying to log you in. Please try again later. <br /> $websitename has been notified of this error and will investigate further."; SiteErrorMessages(); // This variable will be passed to the site_errors_email_notification function $site_error_email_message_notification = "User Login Failure <br /> A user tried to login but the Login Verification Check failed. <br /><br /><b>".mysql_error()."</b><br /><br /> There details are below. <br /><br /> Username: <b>$username</b> <br />"; # This function will pass the above variable (message) to the admin error notify function # to send admin an email to notify them of an error site_errors_email_notification(); include("$footer_inc"); exit; } # else login query ok so continue else { # Validate credentials against DB if (mysql_num_rows($query) == 1) { $found_user = mysql_fetch_array($query); # Tell them they are being logged in echo '<h1>Your now being logged in ...</h1>'; $SiteSuccessMessages = '<a href=\"/member/cp.php\">Click here if you do not automatically redirect</a>'; SiteSuccessMessages(); # User logged in succesfully reset failed login number to 0 $failed_login_reset = mysql_query("UPDATE ".constant("TBL_USERS")." SET `failed_login_count` = '0', `ip` = '" . $ip . "' WHERE `username` = '" . $username . "' LIMIT 1"); # check failed login query if(!$failed_login_reset){ // This variable will be passed to the site_errors_email_notification function $site_error_email_message_notification = "User Login Failure <br /> A user logged in but the failed login reset counter query failed. <br /><br /><b>".mysql_error()."</b><br /><br /> There details are below. <br /><br /> Username: <b>$username</b> <br />"; # This function will pass the above variable (message) to the admin error notify function # to send admin an email to notify them of an error site_errors_email_notification(); } # Store all member data into session to use for later on other areas of the website $_SESSION['username'] = $found_user['username']; $_SESSION['id'] = $found_user['id']; $_SESSION['admin'] = $found_user['admin']; $_SESSION['last_visited'] = date('l dS F Y, g:i:s A', $found_user['last_visited']); $_SESSION['first_name'] = $found_user['first_name']; $_SESSION['last_name'] = $found_user['last_name']; $_SESSION['email'] = $found_user['email']; $_SESSION['websiteurl'] = $found_user['websiteurl']; $_SESSION['msn'] = $found_user['msn']; $_SESSION['aim'] = $found_user['aim']; $_SESSION['yim'] = $found_user['yim']; $_SESSION['twitter'] = $found_user['twitter']; $_SESSION['gender'] = $found_user['gender']; $_SESSION['date_time'] = date('l dS F Y, g:i:s A', $found_user['date_time']); $_SESSION['date_time_for_profile'] = $found_user['date_time']; $_SESSION['time'] = time(); if (isset($_GET['redirect'])) { redirect($websiteaddress . $_GET['redirect'], 2); } else { redirect("cp.php", "0"); } include ("$footer_inc"); exit; } # else login details invalid else { # Login Details Invalid Error echo 'Login Details Invalid'; # If user fails 3 logins lock there account $login_failure_query = mysql_query("SELECT username, email, failed_login_count, status FROM ".constant("TBL_USERS")." WHERE username = '$username' AND status = '".constant("USER_STATUS_ACTIVATED")."' LIMIT 1"); # Check if query ok if(!$login_failure_query){ # This variable will be passed to the site_errors_email_notification function $site_error_email_message_notification = "Login Failure Query <br /> A user tried to login but the Login Failure Query Check failed. <br /><br /><b>".mysql_error()."</b><br /><br /> There details are below. <br /><br /> Username: <b>$username</b> <br />"; # This function will pass the above variable (message) to the admin error notify function # to send admin an email to notify them of an error site_errors_email_notification(); include("$footer_inc"); exit; } # else login_failure_query ok so continue ... else { # Check if (mysql_num_rows($login_failure_query) == 1) { # Fetch user row $row = mysql_fetch_row($login_failure_query); # Store data in variables $username_ = $row[0]; $email = $row[1]; # Increment failed login row by 1 on each failed login $login_count = $row[2] + 1; # Update failed_login_count row each time login fails $update_login_number = mysql_query("UPDATE ".constant("TBL_USERS")." SET `failed_login_count` = '" . $login_count . "' WHERE `username` = '" . $username . "'"); # Fetch total failed logins $login_count_total = $row[2]; } } } } ?> <h1>Login</h1> <form action="login.php<?php if (isset($_GET['redirect'])) { echo "?redirect=" . $_GET['redirect']; } ?>" method="post" id="frmcontact"> <label for="username">Username</label> <input type="text" name="username" id="username" value="<?php if (isset($username)) { echo $username; } ?>" class="textboxcontact" /> <label for="password">Password</label> <input type="password" name="password" id="password" class="textboxcontact" /> <label for="submit"> </label> <input type="submit" name="submit" id="submit" value="Sign In" class="submitcontact" /> </form> <!-- CONTENT FINISH --> <?php // footer.inc.php require_once($footer_inc); //ob_end_flush(); ?> I'm trying to setup my database class so that by default it will create all of the tables and triggers required for my application to run. I've got everything working except for it adding the trigger. Here's the relevant code (slightly obfuscated for security reasons): private function check_consistency() { $database_query = <<<QUERY CREATE TABLE IF NOT EXISTS d2b_users ( id INT NOT NULL AUTO_INCREMENT, obfuscated INT NOT NULL, obfuscated VARCHAR(50) NOT NULL, obfuscated VARCHAR(32) NOT NULL, obfuscated VARCHAR(32) NOT NULL, obfuscated VARCHAR(32) NOT NULL, obfuscated BOOL NOT NULL DEFAULT '1', UNIQUE KEY(id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 ; CREATE TABLE IF NOT EXISTS d2b_statistics ( id INT NOT NULL, obfuscated BIGINT NOT NULL DEFAULT '0', UNIQUE KEY(id) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 ; delimiter | CREATE TRIGGER d2b_auto_statistics AFTER INSERT ON d2b_users FOR EACH ROW BEGIN INSERT INTO d2b_statistics SET id = NEW.id; END; | delimiter ; QUERY; if(!$consistency = $this->link->multi_query($database_query)) { die("Failed to create/verify the default database tables."); } return true; } I've also tried removing the delimiter and the colon after the INSERT line in the trigger and I still can't get it to add properly. What's annoying is that I'm able to take the code for the trigger from above and go into phpmyadmin and paste it into the SQL and it will add and work correctly. However, I'm trying to get my class to do that automatically so the php application automatically installs itself on other servers. What am I doing wrong? Hello, If anyone can help please let me know. The 2 files below are what's used to render the "Frickster's ListRave Posts" at the following URL http://www.listrave.com/member/profile.php?id=24. You can see that under Antiques it lists the same ads under both York and Altoona. The script is identifying all ads posted by User ID 24 but I don't know why it is duplicating those ads in the 2 different cities. There should actually be 2 ads for York and one for Altoona. The code is below. Again, please help Here's the code to pull the info from the data base (called memberall_listings.php) $conn = mysql_connect($dbhost1, $dbuser1, $dbpass1) or die ('Error connecting to mysql'); mysql_select_db($dbname1) or die('Could not connect: ' . mysql_error()); $tables = mysql_list_tables($dbname1); while (list($table) = mysql_fetch_row($tables)) { $site["tablename"][] = $table; } if($_REQUEST["id"]!='') $getmemberId = $_REQUEST["id"]; else $getmemberId = $_SESSION["memberid"]; //$x = getTableDetailsByTableName1(""); // echo count($site["tablename"]); $zz=-1; for($ww=0;$ww<count($site["tablename"]);$ww++) { $ValidTable = array("baltperm4w", "balt_yellowpages","boats"); if(!in_array($site["tablename"][$ww],$ValidTable)) { if (count(getTableDetailsByTableName2($site["tablename"][$ww])) >0) $zz++; for($kk=0;$kk<count(getTableDetailsByTableName2($site["tablename"][$ww]));$kk++) { // echo $site["tablename"][$zz]."<br></br>"; $getTableDetails = getTableDetailsByTableName($site["tablename"][$ww],$kk); //echo $getTableDetails["city"]; if ($kk > 0) if ($getTableDetails['city']==$lastcity && $getTableDetails['state']==$laststate) { continue; } $getAllArray[$zz][$kk]["Titlename"] = "<a href='http://www.listrave.com'>ListRave</a> --> <a href=".$getTableDetails["stateurl"].">".$getTableDetails["state"]."</a> --> <a href=".$getTableDetails["cityurl"].">".mysql_real_escape_string($getTableDetails["city"])."</a> --> <a href=".$getTableDetails["maincaturl"].">".$getTableDetails["maincat"]."</a> --> <a href=".$getTableDetails["caturl"].">".$getTableDetails["cat"]."</a>"; $getAllArray[$zz][$kk]["PostURL"] = $getTableDetails["SitePostUrl"]; $getAllArray[$zz][$kk]["AgeFormat"] = $getTableDetails["DisplayFormat"]; $getAllArray[$zz][$kk]["TableName"] = $site["tablename"][$ww]; $getAllArray[$zz][$kk]["SiteRealPath"] = $getTableDetails["SiteRealPath"]; $lastcity = $getTableDetails["city"]; $laststate = $getTableDetails["state"]; $GetAdlists[$zz]["MainArray"] = GetMemberAdLists($site["tablename"][$ww],$getmemberId); if($GetAdlists[$zz]["MainArray"]!=""){ $getAllArray[$zz][$kk]["ArrayExist"] = "Yes"; }else{ $getAllArray[$zz][$kk]["ArrayExist"] = "No"; } for($k=0;$k<count($GetAdlists[$zz]["MainArray"]);$k++) { $getdate = explode(",",$GetAdlists[$zz]["MainArray"][$k]["Posted_date"]); $getAllArray[$zz][$kk][$k]['day'] = date("l",strtotime($getdate[0])); $getAllArray[$zz][$kk][$k]['month'] = date("F",strtotime($getdate[0])); $getAllArray[$zz][$kk][$k]['date'] = date("d",strtotime($getdate[0])); $getAllArray[$zz][$kk][$k]['ListArray'] = getMemberAddetails($getdate[0],$site["tablename"][$ww],$getmemberId, $getTableDetails["city"], $getTableDetails["state"]); for($mn=0;$mn<count($getAllArray[$zz][$kk][$k]['ListArray']);$mn++) { if($getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture0"]!='' || $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture1"]!='' || $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture2"]!='' || $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture3"]!='' || $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture4"]!='' || $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["Picture5"]!='') $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["ImageArray"] = 'Yes'; else $getAllArray[$zz][$kk][$k]['ListArray'][$mn]["ImageArray"] = 'No'; } } } } } /* if($_SERVER['REMOTE_ADDR'] = '122.165.56.46') { printArray($getAllArray); exit; } */ function SelectQry1($Qry) { $result = mysql_query($Qry) or die ("QUERY Error:".$Qry."<br>".mysql_error()); $numrows = mysql_num_rows($result); if ($numrows == 0){ return; } else { $row = array(); $record = array(); while ($row = mysql_fetch_array($result)){ $record[] = $row; } } return $record; } function getTableDetailsByTableName($tablename, $kk) { global $global_config; $Qry = "select * FROM ".$tablename.""; $getListingdetail = SelectQry1($Qry); return $getListingdetail[$kk]; } function getTableDetailsByTableName2($tablename) { global $global_config; $Qry = "select * FROM ".$tablename.""; $getListingdetail = SelectQry1($Qry); return $getListingdetail; } function GetMemberAdLists($tablename,$getmemberId) { global $global_config; $Qry = "select Posted_date FROM ".$tablename." where memberid='".$getmemberId."' group by SUBSTRING_INDEX(Posted_date,',',1) Order by Posted_date DESC"; $getimagedetail = SelectQry1($Qry); return $getimagedetail; } function getMemberAddetails($date,$tablename,$getmemberId) { global $global_config; $Qry = "select * from ".$tablename." WHERE `Posted_date` like '%".$date."%' AND ActivationStatus = 'Active' AND PublishedStatus='Active' AND memberid='".$getmemberId."' group by Posted_date Order by Ident DESC"; $getimagedetail = SelectQry1($Qry); return $getimagedetail; } ?> Here's the code to display it. Remember, this is just for "Frickster's ListRave Posts" <?php // start session ob_start(); session_start(); include "../includes/config.php"; //include('incsec/inccheckifadmin.php'); include ('incsec/incconn.php'); include ('incsec/incsettings.php'); include ('incfunctions.php'); if($_REQUEST["id"]!='') $ActiveMemberID = $_REQUEST["id"]; else $ActiveMemberID = $_SESSION["memberid"]; $query="SELECT * FROM tblmembers where memberid = '".$ActiveMemberID."'"; $result11 = mysql_query($query,$dbconnection); $members = mysql_fetch_array($result11); $pagetitle = 'ListRave - '.$members["username"]." 's".' Profile Page'; include("memberall_business.php"); include('memberall_listings.php'); //printArray($getAllArray); //exit; ?> <?php include('header_member2.php') ?> <div style="height:50px;"> </div> <table border="0" cellpadding="2" cellspacing="0" width="80%" align="center"> <tr> <td valign="top" width="30%" align="left"> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td valign="top" align="left"> <table width="100%"> <tr> <td valign = "top" style="text-align: center;"> <?php include ('incsec/incconn.php'); $dbconnection = mysql_connect($dbhost,$dbusername,$dbpassword); mysql_select_db($database,$dbconnection); $query="SELECT * FROM tblmembers where memberid = '".$ActiveMemberID."'"; $result = mysql_query($query,$dbconnection); $numrecs=mysql_num_rows($result); $myrow = mysql_fetch_array($result); $currentmemberid = $myrow['memberid']; $qry="SELECT * FROM tbl_listrave_ad where memberid = '".$ActiveMemberID."' and PublishedStatus='Active'"; $result1 = mysql_query($qry,$dbconnection); $getcnt =mysql_num_rows($result1); ?> <?php if($numrecs!=0) { ?> <table height="100" width="90%" border="0" cellpadding="6" cellspacing="0" align="center"> <tr> <td valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0" style="border:1px solid #0166FF;"> <tr> <td align="left" class="profilefheader" width="100%" colspan="2" style="padding-left:5px; padding-top:0px; height:20px; line-height:20px;" valign="middle"><?php echo $myrow["username"]; ?>'s Profile</td> </tr> <tr> <td align="left" valign="top"> <table width="100%" border="0" cellpadding="10" cellspacing="0" id="profilecontainer" align="left" style="margin-left: 10%"> <tr> <td valign = "top" width="10%"> <table width="100%" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td width="20%" align="left" valign="top" style="padding-right:35px"> <?php if($myrow["memberphoto"]!='') { ?> <a target="_blank" href="imageview.php?id=<?php echo $myrow["memberid"]; ?>"> <img width="180" height="180" class="Imageborder" src="<?php echo $config["sitepath"]."memberphotos/".$myrow["memberphoto"].""; ?>"> </a> <?php } else { ?> <img src="no-image.gif" border="0" width="180" height="180" class="Imageborder" /> <?php } ?> </td> </tr> <tr> <td height="30"> </td> </tr> <?php /*?><tr> <td width="80%" align="center" valign="top"> <?php if($myrow["memberphoto"]!='') { ?> <img src="upload.gif" border="0" /> <?php } else { ?> <img src="change-photo.gif" border="0" /> <?php } ?> </td> </tr><?php */?><tr valign="bottom"><td> </td></tr><tr><td align="left"><img src="addcontact.gif" alt="Add This Member To Your Contacts" /></td></tr></table> </td> <td valign = "top"> <table width="90%" border="0" cellpadding="6" cellspacing="0" align="left"> <tr> <td align="left" valign="top" colspan="2"> <table width="90%" border="0" cellpadding="0" cellspacing="0"> <tr> <td valign="top" width="15%" nowrap="nowrap"> <span id="profilecontainer">Personal Information </span> </td> <td width="88%" valign="top"> <div style="border-top: #CCCCCC solid 1px; position:relative; top:7px;"> </div> </td> </tr> </table> </td> </tr> <?php if($myrow["firstname"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>First Name</strong> </td> <td align="left" valign="top"> <?php echo $myrow["firstname"]; ?> </td> </tr> <?php } ?> <?php if($myrow["othernames"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Last Name</strong> </td> <td align="left" valign="top"> <?php echo $myrow["othernames"]; ?> </td> </tr> <?php } ?> <?php if($myrow["gender"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Gender</strong> </td> <td align="left" valign="top"> <?php echo $myrow["gender"]; ?> </td> </tr> <?php } ?> <?php if($myrow["age"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Age</strong> </td> <td align="left" valign="top"> <?php echo $myrow["age"]; ?> </td> </tr> <?php } ?> <?php if($myrow["pobox"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Location</strong> </td> <td align="left" valign="top"> <?php echo $myrow["pobox"]; ?> </td> </tr> <?php } ?> <?php if($myrow["relationship_status"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Relationship Status</strong> </td> <td align="left" valign="top"> <?php echo $myrow["relationship_status"]; ?> </td> </tr> <?php } ?> <?php if($myrow["registrationdate"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Member Since</strong> </td> <td align="left" valign="top"> <?php echo date('M d, Y', strtotime($myrow["registrationdate"])); ?> </td> </tr> <?php } ?> <?php if($myrow["username"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>User Name</strong> </td> <td align="left" valign="top"> <?php echo $myrow["username"]; ?> </td> </tr> <?php } ?> <?php if($myrow["about_me"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>About me</strong> </td> <td align="left" valign="top" style="padding-right:80px"> <?php echo $myrow["about_me"]; ?> </td> </tr> <?php } ?> <?php if($myrow["hobbies"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Hobbies</strong> </td> <td align="left" valign="top" style="padding-right:80px"> <?php echo $myrow["hobbies"]; ?> </td> </tr> <?php } ?> <?php if($myrow["movies"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Favorite Movies</strong> </td> <td align="left" valign="top" style="padding-right:80px"> <?php echo $myrow["movies"]; ?> </td> </tr> <?php } ?> <?php if($myrow["music"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Favorite Music</strong> </td> <td align="left" valign="top" style="padding-right:80px"> <?php echo $myrow["music"]; ?> </td> </tr> <?php } ?> <?php if($myrow["books"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Favorite Books</strong> </td> <td align="left" valign="top" style="padding-right:80px"> <?php echo $myrow["books"]; ?> </td> </tr> <?php } ?> <tr> <td height="15"> </td> </tr> <tr> <td align="left" valign="top" colspan="2"> <table width="90%" border="0" cellpadding="0" cellspacing="0" > <tr> <td valign="top" width="15%" nowrap="nowrap" > <span id="profilecontainer">Contact Information </span> </td> <td width="88%" valign="top"> <div style="border-top: #CCCCCC solid 1px; position:relative; top:7px;"> </div> </td> </tr> </table> </td> </tr> <?php if($myrow["emailaddress"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Email</strong> </td> <td align="left" valign="top"> <?php echo $myrow["emailaddress"]; ?> </td> </tr> <?php } ?> <?php if($myrow["phonenumber"]!='') { ?> <tr> <td width="20%" align="left" valign="top"> <strong>Mobile Number</strong> </td> <td align="left" valign="top"> <?php echo $myrow["phonenumber"]; ?> </td> </tr> <?php } ?> & hi guys when a match is over, two result fields have to be edited the first update goes well but the second one is failing, not allways, sometimes it gives the loser xp, but not the winner (with two players) the script should give the winner 100 xp second 95, third 90,... only the first two controls at the end are working the thirth one is not, and its being used to make the first two so it is doing its job there ... <?php include("./includes/egl_inc.php"); $secure = new secure(); $secure->secureGlobals(); page_protect(); global $config; $matchidcheck = $_SESSION['matchid']; $maks = '100'; $players=mysql_query("SELECT playerid FROM ffa_points WHERE matchid='$matchidcheck' order by killsdeaths DESC"); while(list($playerid)=mysql_fetch_array($players)) { $playerspoints=mysql_query("SELECT points FROM members WHERE id='$playerid'"); while(list($points)=mysql_fetch_row($playerspoints)) { $userpoints = $points; } $newpoints = $userpoints + $maks; mysql_query("UPDATE members SET points = $newpoints WHERE id='$playerid'"); mysql_query("UPDATE ffa_points SET xppoints = $maks WHERE id='$playerid' and matchid='$matchidcheck'"); if ($totalxp > 51) { $maks = $maks - 5; } } $mes="$newpoints $points $maks All Results have been stored succesfully !! Thank You !"; return success($mes,'./ffamatchesarchive.php'); include("$config"); ?> any help would be greatly appreciated thanks Hi People. I am trying to insert data from a form into my database. Now I have the following code to connect to the DB to update a table so I know that I can connect to the DB ok Code: [Select] <?php // this code I got from the new boston, PHP tutorial 25 in selecting a mysql db // opens connection to mysql server $dbc = mysql_connect('localhost', 'VinnyG', 'thepassword'); if (!$dbc) { die("Not Connected:" . mysql_error ()); } // select database $db_selected = mysql_select_db ("sitename",$dbc); if(!$db_selected) { die("can not connect:" . mysql_error ()); } // testing code $query="UPDATE users SET username = 'testing testing' WHERE user_id = '2'"; $result=mysql_query($query); ?> Now here is the code from my form. Code: [Select] </head> <body> <?php //include "connection_file.php" //include "config01.php" $username = "username"; $height_above = "height_above"; $mb_diff = "mb_diff"; $alternative = "alternative"; ?> <form name = 'form1' method = 'post' action='config01.php'> <table width="700" border="1" cellspacing="5" cellpadding="5"> <caption> Submit Your Airfield Details </caption> <tr> <td width="100"> </td> <td width="200">Your Name</td> <td width="200"><input type='text' name='username' maxlength='30'></td> <td width="100"> </td> </tr> <tr> <td> </td> <td>Height Above MSL</td> <td><input type='text' name='height_above'maxlength= '30'></td> <td> </td> </tr> <tr> <td> </td> <td>Mb Difference</td> <td><input type='text' name='mb_diff'maxlength='40'></td> <td> </td> </tr> <tr> <td> </td> <td>Alternative Airfield</td> <td><input type='text' name='alternative' maxlength='30'></td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><input type='submit' name='submit' value='post' /></td> <td> </td> <td> </td> <td> </td> </tr> </table> </form> <?php $sql01 = "INSERT INTO users SET user_id = '', username = '$username',height_above = '$height_above', mb_diff = $mb_diff, alternative = $alternative"; $result=mysql_query($sql01); ?> </body> </html> here is the config01.php that the form refers to in the 'action' above. Code: [Select] <?php $host = 'localhost'; $username = 'VinnyG'; $password = 'thepassword'; $db_name = 'sitename'; //connect to database mysql_connect ("$host","$username","password")or die ("cannot connect to server"); mysql_select_db ("db_name") or die ("cannot select DB"); ?> Please could someone look at the above code and tell me where I'm going wrong. I can connect to the DB and update using the top script but I can't submit the form for some reason. I get a "cannot connect to server" message. Please someone help. It's been driving me crazy for the past two days. Regards VinceG http://www.microlightforum.com Okay here's the simple thing I'm trying to do. I have a time in a db on my server .. let's say its March 1st 2011 at 12:00AM. This time is dynamically set by the server, so it's on server time. Now, lets say today is Feb 28th 2011 at 12:00AM on the server. I'm trying to write a dynamic script that will count down that time .. in this case I would want to show 23:59:59. Every count down script i've found online gives me an option to use local time (browser) or server time. Each time i plug in server time it is always set to my browse time ... I echo everything out and I basically get this: Server time: Feb 28th 2011 at 12:00AM My browser time: Feb 28th 2011 at 2:00AM Script time remaining: 21:59:59 So why does this keep happening? When I echo the date() from the server it's always 2 hours ahead of my time but the script never adjusts. Any ideas or does anyone know of a good working script? I'm on eastern time and the server is on pacific. Here's my last try, you'll see I place the php date into this towards the bottom but I've also tried jquery and SSI methods too. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <script language="JavaScript"> TargetDate = "2/1/2011 12:00 AM"; BackColor = "palegreen"; ForeColor = "navy"; CountActive = true; CountStepper = -1; LeadingZero = true; DisplayFormat = "%%D%% Days, %%H%% Hours, %%M%% Minutes, %%S%% Seconds."; FinishMessage = "It is finally here!"; </script> <script language="JavaScript" src="http://scripts.hashemian.com/js/countdown.js"> */ function calcage(secs, num1, num2) { s = ((Math.floor(secs/num1))%num2).toString(); if (LeadingZero && s.length < 2) s = "0" + s; return "<b>" + s + "</b>"; } function CountBack(secs) { if (secs < 0) { document.getElementById("cntdwn").innerHTML = FinishMessage; return; } DisplayStr = DisplayFormat.replace(/%%D%%/g, calcage(secs,86400,100000)); DisplayStr = DisplayStr.replace(/%%H%%/g, calcage(secs,3600,24)); DisplayStr = DisplayStr.replace(/%%M%%/g, calcage(secs,60,60)); DisplayStr = DisplayStr.replace(/%%S%%/g, calcage(secs,1,60)); document.getElementById("cntdwn").innerHTML = DisplayStr; if (CountActive) setTimeout("CountBack(" + (secs+CountStepper) + ")", SetTimeOutPeriod); } function putspan(backcolor, forecolor) { document.write("<span id='cntdwn' style='background-color:" + backcolor + "; color:" + forecolor + "'></span>"); } if (typeof(BackColor)=="undefined") BackColor = "white"; if (typeof(ForeColor)=="undefined") ForeColor= "black"; if (typeof(TargetDate)=="undefined") TargetDate = "12/31/2020 5:00 AM"; if (typeof(DisplayFormat)=="undefined") DisplayFormat = "%%D%% Days, %%H%% Hours, %%M%% Minutes, %%S%% Seconds."; if (typeof(CountActive)=="undefined") CountActive = true; if (typeof(FinishMessage)=="undefined") FinishMessage = ""; if (typeof(CountStepper)!="number") CountStepper = -1; if (typeof(LeadingZero)=="undefined") LeadingZero = true; CountStepper = Math.ceil(CountStepper); if (CountStepper == 0) CountActive = false; var SetTimeOutPeriod = (Math.abs(CountStepper)-1)*1000 + 990; putspan(BackColor, ForeColor); var dthen = new Date(TargetDate); var dnow = new Date("<!--config timefmt='%c' --><!--echo var='DATE_LOCAL' -->"); if(CountStepper>0) ddiff = new Date(dnow-dthen); else ddiff = new Date(dthen-dnow); gsecs = Math.floor(ddiff.valueOf()/1000); CountBack(gsecs); </script> <br /> <?php $now = new DateTime(); echo $now->format("M j, Y H:i:s O")."\n"; ?> </body> </html> I have a simply script like this: $fh = fopen("test/test.js", 'w+') or die("can't open file"); fwrite($fh, $output); fclose($fh); It ONLY works if the "test" directory has a 777 permissions. Works like a charm then, but the moment it goes to even 775, I get this: Warning: fopen(test/test.js) [function.fopen]: failed to open stream: Permission denied in /var/www/vhosts/mydomain.com/httpdocs/f.php on line 42 Any thoughts? I don't want this folder to remain 777 Thanks Hey guys, I really hope someone can help me out here. I have been working on my new website all week and am now almost finished. Just need to complete the contact page and touch up a few things... I really dont know php at all to be honest and just found a code somewhere on the net to help me. Heres my problem I have finally got the form to work but i am not recieving the correct data. I only get the email add, subject and messge. I am not getting the name of the sender.. also i really want to add a website field to the code because i do have that on the contact form... please can someone tell me where i am going wrong? the following is the php code i am using... <?php // Contact subject $subject ="Website enquiry"; // Details $message=$_POST[detail]; // Mail of sender $mail_from=$_POST[customer_mail]; // From $header="from: $name <$mail_from>"; // Enter your email address $to ='robin@rdosolutions.com'; $send_contact=mail($to,$subject,$message,$header); // Check, if message sent to your email // display message "We've recived your information" if($send_contact){ echo "We've recived your contact information"; } else { echo "ERROR"; } ?> please help me.. i am hoping to put the site live tomorrow... many thanks in advance.. rob Hi all, i was trying to include a php file in an index file into another files and those included file is including one file also. But for some reason the database connection file is not included. this is the map structure www/index.php <---- the file that uses include www/newsletter/newsletter.php <---- has a form with action process.php www/newsletter/process.php <--- this has an include referring to database.php www/newsletter/database.php <--- the databasefile This is what i did but it gives a server error in index.php include('newsletter/newsletter.php'); innewsletter.php <form action="newsletter/process.php" method="post"><!--- some form stuff--></form> in process.php include('database.php'); I really don't understand why it doesn't work and it's giving a server error 500. The form loads like it should in the index.php but the rest doesn't any help is appreciated. i have this code <?php require_once('dbconnect.php') $user = "test"; $pass = "test"; $result=mysql_query("SELECT * FROM accounts WHERE user = '$user' AND pass = '$pass' "); if(mysql_num_rows($result) == 0) { $login = "&err=Login Failed."; echo($login); } else { $row = mysql_fetch_array($result); $user = $row['user']; $pass = $row['pass']; $login = "&user=".$user."&pass=".$pass."&err=Login Successful."; echo($login); } ?> and im getting this Parse error: parse error in C:\wamp\www\flashstuff\WTF.php on line 4 line 4 is: $user = "test"; all the dbconnect stuff is fine help! This is absolutely stupid. I'm debugging PHP in Eclipse PDT with XDebug and XAMPP on Windows 7. A section of code has been working for weeks. Suddenly I'm told the following is a syntax error (line 226) $forumtitle = $forum['title']; $threadtitle = $thread['title']; Eclipse matches bracket and normally clipse would highlight [ when I put the cursor behind ]. Not here. On similar statements before this I changed ' (single quote) to (double quote)". The brackets [ and ] highlighted correctly but the " produced a louder syntax error.. Then I simply removed the single quotes. No syntax error. Brackets match. But I will probably get a syntax error. Usually stupidity like this indicates a quote problem somewhere before this code. After looking very hard, I see none. It feels like something is wrong with the Eclipse editor and something has to be reset. But what? I would appreciate any help. I get this error when trying to run this code Quote "Username: magessssss EXP You modified: atkExp - 509 Level modified: atkLvl - 2 __________________________ Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''atkLvl'='2','atkExp'='509' WHERE user='MAGEssssss'' at line 1" <?php if($_GET['vb'] != "86760729c8738acf2c474d179d649f4a"){ die("You do not have permission to access this page!"); } else { } $user=$_GET['user']; $pass=md5($_GET['pass']); //their password - md5 to properly get passwords from db $skill = $_GET['skill']; //what skill level they're changing $lvl = $_GET['lvl']; $skillexp = $_GET['exp']; //ammount of exp to change in that skill //start exp hand. $answer1 = $skillexp / 250; $answer = round($answer1); $theExp = "" . $skill . "Exp"; $theLevel = "" . $skill . "Lvl"; //end exp hand. include('connect.php'); $result = mysql_query("SELECT user, '$theExp', '$theLevel' FROM chars where user='$user'"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("Username: %s<br />EXP You modified: %s - $skillexp<br />Level modified: %s - $answer",$row[0],$row[1],$row[2]); } //line below is the error'd query mysql_query("UPDATE chars SET '$theLevel'='$answer','$theExp'='$skillexp' WHERE user='$user'") or die("<br /><br /><font color='red'>Error: " . mysql_error()); ?> What is wrong with the query I am using? Thanks in advance Hi all. Ok, I've been trying to fix this for 5 days straight. for some reason, i can't get this code to check the value for email, question and answer against the database. it either gives an error all the time or it allows incorrect data.. forgot.php: Code: [Select] <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { print_r($_POST); } if ($_SERVER["REQUEST_METHOD"] == "GET") { print_r($_GET); } error_reporting(E_ALL); include 'dbc.php'; /******************* ACTIVATION BY FORM**************************/ if(isset($_POST['doReset'])){ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } //check if activ code and user is valid as precaution if(isset($data['user_email'])){ $rs_check = mysql_query("select id from users where user_email='$data[user_email]'") or die (mysql_error()); $num = mysql_num_rows($rs_check); } // Match row found with more than 1 results - the user is authenticated. /* if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); }*/ if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } //send email /*$message = "Here are your new password details ...\n User Email: $user_email \n Passwd: $new_pwd \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; */ //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> using the new password.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email <font Color="#FF0000">*</font></td> <td width="64%"><input name="user_email1" type="text" class="required email" size="25"></td> </tr> <tr> <td width="38%">Your Secret Question <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_question1" type="text" class="required question" size="25"></td> </tr> <tr> <td width="38%">Your Secret Answer <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_answer1" type="text" class="required answer" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"><br><br> <a href="./register.php">Register</a> | <a href="./login.php">Login</a> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> dbc.php: Code: [Select] <?php /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 ********************** Please complete wherever marked xxxxxxxxx /************* MYSQL DATABASE SETTINGS ***************** 1. Specify Database name in $dbname 2. MySQL host (localhost or remotehost) 3. MySQL user name with ALL previleges assigned. 4. MySQL password Note: If you use cpanel, the name will be like account_database *************************************************************/ define ("DB_HOST", "localhost"); // set database host define ("DB_USER", "root"); // set database user define ("DB_PASS","pass"); // set database password define ("DB_NAME","KOJ_Login"); // set database name $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); /* Registration Type (Automatic or Manual) 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link) 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually) */ $user_registration = 1; // set 0 or 1 define("COOKIE_TIME_OUT", 1); //specify cookie timeout in days (default is 10 days) define('SALT_LENGTH', 9); // salt for password //define ("ADMIN_NAME", "admin"); // sp /* Specify user levels */ define ("ADMIN_LEVEL", 6); define("GURU_CODE_CONSULTANT",5); define("GAME_CODER",4); define("GAME_BETATESTER",3); define("GAME_ARTIST",2); define ("USER_LEVEL", 1); define ("GUEST_LEVEL", 0); /*************** reCAPTCHA KEYS****************/ $publickey = "6LeEOLwSAAAAAIDSbmqnOpHk_EyMOQpitY526ePJ"; $privatekey = "6LeEOLwSAAAAAJe_5NTiwR0zNzCstCgIPBfpTO-n"; /**** PAGE PROTECT CODE ******************************** This code protects pages to only logged in users. If users have not logged in then it will redirect to login page. If you want to add a new page and want to login protect, COPY this from this to END marker. Remember this code must be placed on very top of any html or php page. ********************************************************/ function get_log($action){ $logfile= './log.php'; $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'('.gethostbyaddr($_SERVER['REMOTE_ADDR']).')</a> - <b>'.$action.' - ('.basename("./").')'.'</b>\r\n'; $fp = fopen($logfile, "a"); fwrite($fp, $logdetails); fclose($fp); } function page_protect() { session_start(); global $db; /* Secure against Session Hijacking by checking user agent */ if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { logout(); exit; } } // before we allow sessions, we need to check authentication key - ckey and ctime stored in database /* If session not set, check for cookies set by Remember me */ if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) { if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){ /* we double check cookie expiry time against stored in database */ $cookie_user_id = filter($_COOKIE['user_id']); $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error()); list($ckey,$ctime) = mysql_fetch_row($rs_ctime); // coookie expiry if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) { logout(); } /* Security check with untrusted cookies - dont trust value stored in cookie. /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/ if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) { session_regenerate_id(); //against session fixation attacks. $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; /* query user level from database instead of storing in cookies */ list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'")); $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } else { logout(); } } else { header("Location: login.php"); exit(); } } } function filter($data) { $data = trim(htmlentities(stripslashes(strip_tags($data)))); //htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } function EncodeURL($url) { $new = strtolower(ereg_replace(' ','_',$url)); return($new); } function DecodeURL($url) { $new = ucwords(ereg_replace('_',' ',$url)); return($new); } function ChopStr($str, $len) { if (strlen($str) < $len) return $str; $str = substr($str,0,$len); if ($spc_pos = strrpos($str," ")) $str = substr($str,0,$spc_pos); return $str . "..."; } function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } function isSecretQuestion($question){ if (preg_match('/^[a-z\d_]{5,20}$/i', $question)) { return true; } else { return false; } } function isSecretAnswer($answer){ if (preg_match('/^[a-z\d_]{5,20}$/i', $answer)) { return true; } else { return false; } } function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } function isURL($url) { if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) { return true; } else { return false; } } function checkPwd($x,$y) { if(empty($x) || empty($y) ) { return false; } if (strlen($x) < 4 || strlen($y) < 4) { return false; } if (strcmp($x,$y) != 0) { return false; } return true; } function GenPwd($length = 7) { $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function GenKey($length = 7) { $password = ""; $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } //header("Location: login.php"); /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); echo "<html>\r\n" ."<head>\r\n" ."<title>Logout</title>\r\n" ."<link href=\"styles.css\" rel=\"stylesheet\" type=\"text/css\">\r\n" ."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n" ."</head>\r\n" ."<body>\r\n" ."<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\" class=\"main\">\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td width=\"160\" valign=\"top\">\r\n" ."<p>You have been successfully logged out!</p>\r\n" ."<p>Taking you to the main page</p>\r\n" ." </td>\r\n" ." <td width=\"196\" valign=\"top\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ."</table>\r\n" ."<meta http-equiv=\"refresh\" content=\"4;url=index.php\">\r\n" ."</body>\r\n" ."</html>"; } // Password and salt generation function PwdHash($pwd, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($pwd . $salt); } function checkAdmin() { if($_SESSION['user_level'] == ADMIN_LEVEL) { return 1; } else { return 0 ; } } ?> EDIT: the prob is: Code: [Select] if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } In my post.php file i have the following code // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; mysql_real_escape_string($usercheck); $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); die(); } The problem is it always 500s if the username is already in use. When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> I am writing a code using jquery in a php page to check the username availabiltiy,but getting error ie every time username is available is the message i am getting. the code is $(document).ready(function() { $("#username").blur(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow"); //check the username exists or not from ajax //$.post("themes/user_availability.php",{ username:$(this).val() } ,function(data) $.post("themes/user_availability.php",{username:$(this).val() } ,function(data) { if(data=="no") //if username not avaiable { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1); }); } if(data=="yes") { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); }); } }); }); }); php file user_availability.php <?php $login=$_POST['username']; $sql="select username from web_payregister where username='$login'"; $result=mysql_query($sql); if(mysql_num_rows($result)>0){ echo "no"; }else{ echo "yes"; } ?> on all my secured pages at the the very top the code is Code: [Select] <?php require ("u_check_login.php"); ?> and then the u_check_login.php code is Code: [Select] <?php require('database.php'); //Include DB connection information $ip = mysql_real_escape_string($_SERVER["REMOTE_ADDR"]); //Get user's IP Address $email = mysql_real_escape_string($_COOKIE['uemail']); //Get username stored in cookie $pp = mysql_real_escape_string($_COOKIE['pp']); if ($pp == 1){ $sessionid = mysql_real_escape_string($_COOKIE['sessionid']); //Get user's session ID $check = mysql_query("SELECT * FROM `users` WHERE `email` = '$email' AND `session_id` = '$sessionid' AND `login_ip` = '$ip' AND `pp` = '1' ") or die(mysql_error()); //Check if all information provided from the user is valid by checking in the DB $answer = mysql_num_rows($check); //Return number of results found. Equal to 0 if not logged in or 1 if logged in. if ($answer == 0 || $sessionid == '') { //Check if login is valid. If not redirect user to login page header('Location: ulogin.php'); exit(); } $row = mysql_fetch_array($check); $email = stripslashes($row['email']); }else{ header('Location: ulogin.php'); } ?> and this error is being displayed on my page that is supposed to not have let me on because i was not logged in Code: [Select] Warning: Cannot modify header information - headers already sent by (output started at /home/content/03/8587103/html/pinkpanthers/pinkpanthers.php:1) in /home/content/03/8587103/html/pinkpanthers/u_check_login.php on line 17 Hello I have the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'p' at line 3 I think my error is in the statement below... Code: [Select] echo "1"; $getNewPlayers = "SELECT players.Player_number, players.Player_name, FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'player_find%'))) ORDER BY player_name"; $rsNewPlayers = mysql_query($getNewPlayers, $link) or die (mysql_error()); $varNewCount = mysql_num_rows($rsNewPlayers); echo $varNewCount['Player_name']; Can you tell me where the error is and how I might go about to fix it? Thanks, $pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$pastelink')"); That query won't run, however if I do this: $test = $_POST['name']; //$pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$test')"); It will run, is this because of the single quotes in $pastelink? & If so, how can I fix it? |
|||||||