ManiacDan

$headers = "From:" . $from; //$headers is now "From: [email protected]" $headers = "Cc:" . $Cc; //$headers is now "Cc: [email protected]" $headers = 'MIME-Version: 1.0' . "\r\n"; //$headers is now "MIME-Version: 1.0" You're over-writing headers every time. The concatenation operator (.=) allows you to APPEND headers (though note that \r\n needs to be at the end of every line of the headers). -Dan

Right, because you need to do the JOIN right in the update, not with a subquery.

Echo, print, printf, and various other output functions count as "output." You also cannot have anything outside of PHP tags. If your page begins with a single space before the <?php tag, then it will fail to use a header. Similarly, if you include a file with a single space after the closing ?>, it will fail. The error messages you're pasting contain a file and line number. That's VERY easy to figure out. Go to that file. Go to that line. Fix that. You cannot output anything on any page if you're going to be using a header redirect. You're using md5 on your passwords now. 2 things: 1) use sha1, it's better 2) You need to update your database so the passwords in the DB are also hashed the same way.

JOIN conditions are allowed in an UPDATE.

1) Don't bump, it's against the rules. 2) ereg is deprecated, preg is better. 3) preg can be used to see if the fileNAME ends in a specific three-letter combination, but that doesn't mean anything. All imgur posts are .jpg regardless of their actual filetype.

1) Magic quotes is a php.ini setting that randomly sticks backslashes into your strings if they have single quotes or other special characters. It's a VERY old method of SORT OF protecting against SQL injection. If your php.ini has it on, turn it off. 2) Your login page snippet is now correct, though there's no reason to be using the output buffering code probably. ob_end_clean is not usually necessary, but I don't know what the rest of your code is using. 3) Your landing page suffers from the same problems as your first page did. session_is_registered(fusername) should be replaced with isset( $_SESSION['fusername'] ). Die after a header. Etc. 4) Still, view your source to see the full output. It's possible your server doesn't even know what PHP is and all of this is a wasted exercise.

1) $_SESSION is in all caps. 2) Session_register (and related functions) are deprecated and should not be used. Read the manual page on sessions for modern syntax 3) Don't post your database password in public. 4) Your use of stripslashes leads me to believe you're using magic_quotes. This is also deprecated and should be removed immediately. 5) you must die() immediately after header calls. 6) There is a space after the colon in a header redirect, and Location is capitalized. 7) View the SOURCE of a page to see the complete output. Always store passwords encrypted with a salted one-way hash in the database. Never store them "plain" like this. 9) This is clearly copied and pasted from a tutorial. Stop using that tutorial right now, it appears to be 5-6 years old. -Dan

If someone steals your code, they'll be able to simply highlight this tracking code and press backspace. You can protect your code with ioncube or something. However, note that people don't break into your server to steal your mediocre PHP code. You said it yourself that you're not that skilled. If someone were to break into your server, they'd steal your passwords and (fsm forbid) any credit card numbers you were storing. They don't want your code. Protection code of the type you're talking about is generally included with commercial code that's actually for sale. -Dan

Almost all of this was wrong. Fixed version below. You will have to actually learn JavaScript/HTML to continue. Read that, please. Your syntax was incorrect, this was not valid HTML and was not valid JavaScript. <html> <head> <script type="text/javascript"> function addSmiley(a) { document.getElementById('message').value = document.getElementById('message').value + a; document.fgetElementById('message').focus(); } </script> </head> <body> <form action='registration.php' method='post'> Your message:<br><textarea id="message" name='message' cols='40' rows='2'></textarea><br> <a href="#" onClick="addSmiley(':-)')">:-)</a> <a href="#" onClick="addSmiley(';-)')">;-)</a> <a href="#" onClick="addSmiley(':-(')">:-(</a> <a href="#" onClick="addSmiley(':-P')">:-P</a> <input type='submit' name='submit' value='Set Name'></form> <br> <br> </body> </html>

I'm afraid you don't speak enough English (or javascript, for that matter) to receive much help on this forum. Your JS is still incorrect. Lines should end in semicolons.

So you learned PHP but you don't have any professional experience in it. I would suggest doing a personal project without a framework first. That way, if you get a job that uses a different framework (symfony is very popular, for instance) then you won't be completely lost.

Remove all the +"\n" from your javascript. Also, use a javascript debugger. EVERY modern browser has one either built-in or readily available. -Dan

1) What version of PHP do you have experience in? If you've never programmed in PHP5, then yes the experience is significantly different. 2) Zend Framework has its own syntax, quirks, and learning curve. It's similar to learning a whole new language, but only roughly half as difficult. -Dan

That's exactly what I suggested, good work.

1) you are only printing the row if the date is higher than today's date. 2) <tr background-color: #CC9999;> That is invalid HTML. The style information should be inside a style attribute, or in a CSS class.

What have you tried so far? MySQL's IF/THEN construct is very robust.

You should be careful using copyrighted images, even on "demo" websites like this. The pip-boy icon from Fallout is fiercely protected. Also, the top nav doesn't do anything (and hiding the navigation is usually a bad idea) and the grammar is generally bad. The HTML/CSS itself is pretty good though. HOWEVER, there's no reason for the entire site to be frames. -Dan

I think you're thinking about this backward. Inbound links will be in the format of www.yoursite.com/12345-The-Article-Title-Here Your rewrite rule will ignore the title entirely and just use the ID (12345 in this case). Your rewrite rules cannot access the database. You would print out links to your site in the "pretty" format and then the rule takes the pretty format, strips out everything but the ID, and uses it. -Dan

The session works off a cookie called PHPSESSID. That is the cookie controlled by session_set_cookie_params()

The session cookie will be reset for X seconds with every page click, where X is the argument you provide to that function. If someone clicks before X seconds have elapsed, then the timer is reset. If nothing happens (not even ajax calls) for X seconds, the cookie SHOULD disappear from your browser and the session will expire. If you have anything else that restores the session (like your userID cookies) that invalidates this whole discussion.

Are you actively browsing the site? Cookies are reset upon every page execution.

How long have those INET functions been around? I did an IP-based database in 2008 and they weren't available then (or at least my entire team didn't find them). If the INET functions weren't available I'd say storing addresses as strings was a good idea UNLESS you need to do math on them (like subnetting).

session_set_cookie_params(7200); session_start(); Just like that. That will expire the session after 2 hours of inactivity. That comes right from the manual page.

That link I posted goes to the session_set_cookie_params() function manual page. If you don't use that function in your code, then no...not like that.

I won't do your work for you, no. The whole thing I described is maybe 8 lines of code.