ginerjm

did the default timezone change on you? As for your Sat/Sun question - I'll let you ponder that solution to avoid embarrassing you in a public forum.

I wasn't aware of any previous thread, hence my needless repetition.

This is some odd code. Here are my questions: This line: if(isset($_SESSION['user'])!="") What are you trying to determine here? That the 'user' element exists? Or that it is not null/empty? It probably works but as a simple programmer I look at it leerily. IMHO, decide on what you want and code for that. In this case I see a test that yields a Boolean result which you are then testing against (what I call) a null value. Whether it is True or False, the test is either invalid or (due to some PHP rules) not exactly clear. After that first line you then grab 3 inputs and massage them and then put them into a query. Yet - you didn't check to see if they were blank!! Third - you do this query looking for a password. Hmmmm. You didn't hash the input password so it appears that you are storing passwords in clear text in your db. Tsk, tsk, tsk. Not at all a good practice. Even if you were storing it in an encrypted form and using an encrypted input value to query with, you should never return the password value to your script. What for? You aren't going to use it anywhere, are you? (If the answer is yes - it s/b NO.) Next - you run your query (without checking if it ran successfully ) and pull a row from the results. THEN you check to see if there were any rows returned (the count). Doesn't that give you a thoughts about anything? Check the count BEFORE you (try and) fetch a row! Now we get to where you encrypt your user input (which you are not even sure exists!) and test the query result value. As I said before you should not be bringing down a password value into your script. Construct your query to look for that correct record and if you get that 1 record result that you expect you will know that the userid/password combination is correct. Now for the html. You output a script tag to display an error message. Not my choice of actions but to each his own. But - you are clever enough to include a noscript tag in your output, but I see nothing there that makes it necessary. Even more - you already sent out a JS script before knowing if the browser accepts JS. How is that going to work? Even more curious you use the noscript tags to wrap your CSS includes. So - if your browser supports JS, it can't utilize the CSS code, but if it doesn't you will use a well-designed layout based upon those CSS files? Hmmmm. And for my final question. You have a set of inputs that you want to show. First you begin an unordered list element. Then you begin a form which is necessary of course. Then you wrap that form inside an html table element which is a common, though outdated, method for designing an input page. What exactly is this list element doing for you? Things to think about. The multiple uses of an id name will confuse the browser. I don't know why you are assigning them to table row elements, but if you are going to do it use unique values. The use of a button element inside of a form is not the usual way. Why not an input element specifying a 'submit' type? The button element has its uses, but the type='submit' input element is specifically there for this purpose.

Bootstrap requires an absolute excess of html tags?

I have never seen so many div tags used before. What a mess!

Where is the data coming from? A form? Show us some of the html that created it.

You didn't tell us what the problem is, but why don't you look at this line: $friend = $friends[$i] You will always get the last key value in your loop. Is that what you want?

Why all the mystery in a simple ini file? Why not a simple text file with a defined format? You want the user to maintain it, so how is it going to get to the server? Email? Ftp? ok. So now it's on the server. Why does it have to be endoded. Why not just like the php.ini file format?

They are working on it. No idea from their end, but I think they change my ini file when I had them fix my timezone problem last week.

You need to learn how RDBMS really work and what proper table design is. NO - you don't add another column; you produce a second record. I could write for 10 minutes telling you more but it would behoove you better to spend a few hours reading and learning what I would attempt to tell you. Better you teach yourself some things before going further in this endeavor.

If you want multiple tags you have to use a different name attribute. If you name them all 'tags' you will only get one. Either alter the name or use the html array format for naming.

I use emails to send some data regularly to some of my apps. Yesterday my email failed me with some strange messages. Besides messages about unknown items failing to load for the script, it also said that PDO was an unknown class. That is very strange. The line that triggers that message is: $db_options = array( PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC); which is the puzzling thing. I use this same module to do my database connects everywhere and it continues to work for my 'regular' appls, just not for the scripts that are piped-to from an email. Any idea what may have happened here? This is running on my host's server so I have no control over it.

I agree with Jacques1. I also think I gave you the reason for my/our position in my previous post. It goes against all well-defined principles of data storage to do what you are doing. Do you really think you are qualified to re-invent the (database) wheel? Answer me/us this. Suppose you need to count one of the many unique data values that you have embedded in multiple records in your database, ie, for some reason you want to analyze the values you have. In a properly normalized database it is simply a quick and dirty sql query. For you? This idea of properly normalized databases is 1) not new. It's been around since my college days; and 2) nobody else is coming up with a "new and improved" method for data storage, at least not in the logical sense. What makes you think you have to do it?

HTH

Thirty years I've been in this - never heard of such a scheme. IMHO - you'll live to regret this.

Perhaps you should limit the number of company staff (1-2) who can even request a password reset. Then you could provide them with a secret token to be used which could be easily changed when it needed to be. That would allow the 'company' to always know who is requesting password changes.

The whole idea of an RDBMS is to make it easy to access data quickly and efficiently. To put like data elements into the same table column means that you will ALWAYS have to finagle it to access just one of those data items which conflicts with the reason you are using the RDBMS in the first place.

Don't understand what you are trying to tell us.

I dont' see how example 1 relates to example 2

so much for that...

Something like this: session_start(); error_reporting(E_ALL); ini_set('display_errors', 1); // $your_email ='email address';// <<=== update to your email address $errors = ''; $name = ''; $visitor_email = ''; $phone = ''; $foundus = ''; $message = ''; //***** echo "in mailer script<br>"; if(isset($_POST['submit'])) { echo "Got submit<br>"; if(empty($_SESSION['6_letters_code']) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0) { //Note: the captcha code is compared case insensitively. //if you want case sensitive match, update the check above to // strcmp() $errors .= "n <div class='contact-text-sitemap'>The captcha code does not match!</div>"; } echo "captcha check: $errors<br>"; $name = $_POST['name']; $visitor_email = $_POST['email']; $phone = $_POST['phone']; $foundus = $_POST['foundus']; $message = $_POST['message']; ///------------Do Validations------------- if(empty($name)||empty($visitor_email)||empty($phone)||empty($message)) { $errors .= "\n Name, Email, Phone and Message are required fields. "; } echo "inputs check: $errors<br>"; if(IsInjected($visitor_email)) { $errors .= "\n Bad email value!"; } echo "injection check: $errors<br>"; if(empty($errors)) { //send the email $to = $your_email; $subject="New Website Enquiry"; $from = $your_email; $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; $body = "A user $name submitted the contact form:\n". "Name: $name\n". "Email: $visitor_email \n". "Phone: $phone \n". "How Did You Find Us: $foundus \n". "Message: \n ". "$message\n". $headers = "From: $from \r\n"; $headers .= "Reply-To: $visitor_email \r\n"; echo "Mail parts:<br>to $to subj $subj<br>"; echo "body $body<br>"; echo "headers $headers<br>"; mail($to, $subject, $body,$headers); // header('Location: thank-you.php'); echo "Mail call was made"; } } echo "no submit found"; // Function to validate against any email injection attempts function IsInjected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$inject/i"; if(preg_match($inject,$str)) { return true; } else { return false; } } ?>

Try putting some echos in your mailer.php script to show what progress you are making. Comment out the header command and just echo a response to your page so you can see if this script works before moving on.

So hard to make any sense of this. I'm assuming that the line "echo $var1" is the line in question. And that it is not showing up in 'main' div area. Question - why are you doing all this output when you haven't received the rest of the POST data fields? Seems backwards to be worrying about your output when you haven't even analyzed the input yet. Good practice says to separate the bulk of your html from your php. Same for the JS code too. Grab all the inputs, work with them, build the dynamic output into php vars and THEN do the output of your static html (doctype, metas, head, scripts,styles and body tags) and then place those php vars where they need to be, ALL at the end of the script. First things first and last things last. Makes much more sense logically as you read thru the script and is much easier to maintain down the road. PS - you should really learn some css and get all that outdated styling out of your html tags.

show us the corrected code so we can see really see the problem.

Why do you look for just first or last instead of both at the same time?