HDFilmMaker2112

Well I changed it to this: $sql_credit="SELECT $tbl_name2.credit,$tbl_name.donor_id FROM $tbl_name JOIN $tbl_name2 ON $tbl_name2.donor_id='$tbl_name.donor_id' WHERE $tbl_name.username='$myusername' AND $tbl_name.password='$mypassword'"; Still no luck. It's working with USING. Thanks.

I've read that too, and from that I'm not seeing that I'm doing anything wrong.

I've read through the MySQL docs, and I have to say... the MySQL documentation is horribly written, or I guess the proper thing to say would be horribly formatted. Everything cluttered together, no separation of topics. I can''t really follow it. It's just a page of information with no clear distinction between points/topics.

in db_select. <?php require_once './conn.php'; $db_name="zyquo_donors"; // Database name $tbl_name="donors"; // Table name $tbl_name2="donors_credits"; $tbl_name3="additional_donate"; $tbl_name4="credits_listing"; // Connect to server and select databse. mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); ?> Do I need to use "ON" somewhere in the query?

The below should be pulling credit information from the DB and placing it in the first select menu. It's not doing so. I did a var_dump on $_SESSION and the username and password match the DB. I'm assuming my problem is in my SQL query. <?php session_start(); $myusername=$_SESSION['myusername2']; $mypassword=$_SESSION['mypassword2']; require_once 'db_select.php'; require_once 'func.php'; $sql_credit="SELECT $tbl_name2.credit,$tbl_name.donor_id FROM $tbl_name JOIN $tbl_name2 WHERE $tbl_name.username='$myusername' AND $tbl_name.password='$mypassword' AND $tbl_name2.donor_id='$tbl_name.donor_id'"; $result_credit=mysql_query($sql_credit); $content=' <div class="main"> <div class="main_header">Purchase Additional Credit</div>'; if($_GET['e']==t){ $content.='<p class="green clear"> Request Sent. You should be contact with a discounted crew credit button specifically for you, in the next two business days. </p> '; } else{ $content.=' <p> If you wish to purchase an additional credit, use the form below to select the credit you wish to buy, the name in which the original credit is listed under (as listed on the donors page), and the e-mail address in which the original purchase came from. This is a great to get your name back on the top 100 donors list. Once you submit this form, we will review the submitted material, create a new paypal purchase button specifically for you, and send you the link to that button. From there, you will be able to purchase the additional credit.'; if($_GET['e']==f){ $content.='<p class="red"> The email address you entered doesn\'t match the email in the database for this account. Please try again. <br /> If you keep having problems, please contact us at <a href="mailto:general@makethemoviehappen.com"> general@makethemoviehappen.com</a>. </p>'; } $content.=' <form action="" method="post"> <p><label>Name Credit is Listed Under:</label> <input type="text" name="name" size="30" /></p> <p><label>E-Mail of Original Purchase:</label> <input type="text" name="email" size="32" /></p>'; $content.='<p><label>Original Credit Purchased:</label> <select name="credit"> <option value="">Select Credit</option>'."\n"; while($row_credits=mysql_fetch_array($result_credit)){ extract($row_credits); $content.='<option value="'.ucfirst($credit).'">'.ucfirst($credit).'</option>'."\n"; } $content.='</select></p>'."\n"; $content.=' <p><label>Second Credit to Purchase:</label> <select name="new_credit"> <option value="">Select Credit</option>'."\n"; while($row_credits=mysql_fetch_array($result_credit)){ extract($row_credits); $content.='<option value="'.ucfirst($credit).'">'.ucfirst($credit).'</option>'."\n"; } $content.='</select></p>'."\n".' </p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> '; } $content.=" </div> <br />"; ?>

Wow.... Thank You. Completely blanked on that one.

The below code is not updating the data when I enter additional credits into the "New Credits" input box: The page returns blank, with the data being inserted into the DB with a donor_id of 0. elseif($_GET['do']=="edit"){ if(isset($_GET['id'])){ $id=(int)$_GET['id']; $edit_user_query="SELECT * FROM $tbl_name WHERE $tbl_name.donor_id=$id"; $edit_user_result=mysql_query($edit_user_query); while($edit_user_row=mysql_fetch_array($edit_user_result)){ extract($edit_user_row); } $credits_query="SELECT * FROM donors_credits WHERE donor_id=".$id." ORDER BY id"; $credits_result=mysql_query($credits_query); while($credits_row=mysql_fetch_array($credits_result)){ $credits[]=$credits_row['credit']; } if(count($credits) > 0){ $credit=implode(", ",$credits); } if(!empty($amount)){ $amount=number_format($amount, 2, '.', ','); } $section.=' - Edit User: '.$username.''; $content.=' <div class="main"> <div class="main_header">Edit User - '.(!empty($username) ? ''.$username.'' : ''.$name.'').'</div> <div class="user_form"> <form action="./index.php?admincp=users&do=process&source=edit&id='.$id.'" method="post"> <p><label>Name:</label> <input type="text" name="name" size="30" value="'.$name.'" /></p> <p><label>E-Mail:</label> <input type="email" name="email" size="32" value="'.$email.'" /></p> <p><label>Amount:</label> <input type="text" name="amount" size="8" value="'.$amount.'" /></p> <p><label>Username:</label> <input type="text" name="username" size="30" value="'.$username.'" /></p> <p> <label>Level:</label> <select name="level"> <option value=""'.(empty($level) ? ' selected="selected"' : '').'></option> <option value="nickel"'.($level=="nickel" ? ' selected="selected"' : '').'>Nickel</option> <option value="copper"'.($level=="copper" ? ' selected="selected"' : '').'>Copper</option> <option value="bronze"'.($level=="bronze" ? ' selected="selected"' : '').'>Bronze</option> <option value="silver"'.($level=="silver" ? ' selected="selected"' : '').'>Silver</option> <option value="gold"'.($level=="gold" ? ' selected="selected"' : '').'>Gold</option> <option value="platinum"'.($level=="platinum" ? ' selected="selected"' : '').'>Platinum</option> <option value="palladium"'.($level=="palladium" ? ' selected="selected"' : '').'>Palladium</option> </select> (Blank if something other than Donation) </p> <p> <label>User Level:</label> <select name="user_level"> <option value="0"'.($admin=="0" ? ' selected="selected"' : '').'>No Account</option> <option value="1"'.($admin=="1" ? ' selected="selected"' : '').'>Credit Purchase</option> <option value="2"'.($admin=="2" ? ' selected="selected"' : '').'>Donation</option> <option value="3"'.($admin=="3" ? ' selected="selected"' : '').'>Moderator</option> <option value="4"'.($admin=="4" ? ' selected="selected"' : '').'>Admin</option> </select> </p> <p><label>Credit:</label> <input type="text" name="credit_old" size="30" value="'.$credit.'" disabled="disabled" /></p> <p><label>New Credits:</label> <input type="text" name="credit" size="30" /></p> <p><label>Password:</label> <input type="text" name="password" size="30" value="'.$password.'" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> </div> '; } elseif($_GET['do']="process"){ $source=sanitize($_GET['source']); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $amount=amount_verify(sanitize($_POST['amount'])); $username=sanitize($_POST['username']); $level=sanitize($_POST['level']); $password=kam3($_POST['password']); $admin=sanitize($_POST['user_level']); $credits=sanitize($_POST['credit']); $credits=explode(",",$credits); array_walk($credits, 'trim_value'); if($amount=="00" || $amount==".00"){ $amount=""; } elseif($_GET['source']=="edit"){ $insert_id=$_GET['id']; $edit_user_query="UPDATE $tbl_name username='$username', name='$name', level='$level', amount='$amount', password='$password', admin='$admin', email='$email' WHERE donor_id='$insert_id'"; mysql_query($edit_user_query); if(!empty($credits)){ $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit',$insert_id)"; } if(mysql_affected_rows()==1){ $content.='<div class="center">User Edited.</div>'; } if (count($CreditArray) > 0 ){ $credit_array_query="INSERT $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } } } }

Excellent thanks. Now I have another issue. When I enter Test2 as my username and Test, Test2 as the credits. I get a page that only says User Added. Should Say: User Added. User Credits Added. After looking in the Database it looks like the data is indeed being added. Updated code: $source=sanitize($_GET['source']); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $amount=amount_verify(sanitize($_POST['amount'])); $username=sanitize($_POST['username']); $level=sanitize($_POST['level']); $password=kam3($_POST['password']); $admin=sanitize($_POST['user_level']); $credits=sanitize($_POST['credit']); $credits=explode(",",$credits); array_walk($credits, 'trim_value'); if($amount=="00" || $amount==".00"){ $amount=""; } if($_GET['source']=="new"){ $add_user_query="INSERT INTO $tbl_name (username, name, level, amount, password, admin, email) VALUES ('$username', '$name', '$level', '$amount', '$password', '$admin', '$email')"; mysql_query($add_user_query); $insert_id=mysql_insert_id(); if(!empty($credits)){ $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit',$insert_id)"; } if(mysql_affected_rows()==1){ $content.='<div class="center">User Added.</div>'; } if (count($CreditArray) > 0 ){ $credit_array_query="INSERT IGNORE INTO $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } if(mysql_affected_rows()==1){ $content.='<div class="center">User Credits Added.</div>'; } } }

The below is resulting in an error of: Warning: Invalid argument supplied for foreach() in /home/zyquo/public_html/makethemoviehappen.com/admin_users.php on line 145 Seems like it's an issue with array_walk. Worked fine until I added that. function trim_value(&$value) { $value = trim($value); } elseif($_GET['do']="process"){ $source=sanitize($_GET['source']); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $amount=amount_verify(sanitize($_POST['amount'])); $username=sanitize($_POST['username']); $level=sanitize($_POST['level']); $password=kam3($_POST['password']); $admin=sanitize($_POST['user_level']); $credits=sanitize($_POST['credit']); $credits=explode(",",$credits); $credits=array_walk($credits, 'trim_value'); if($amount=="00" || $amount==".00"){ $amount=""; } if($_GET['source']=="new"){ $add_user_query="INSERT INTO $tbl_name (username, name, level, amount, password, admin, email) VALUES ('$username', '$name', '$level', '$amount', '$password', '$admin', '$email')"; mysql_query($add_user_query); $insert_id=mysql_insert_id(); if(!empty($credits)){ $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit',$insert_id)"; } if (count($CreditArray) > 0 ){ $credit_array_query="INSERT IGNORE INTO $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } if(mysql_affected_rows()==1){ $content.='User Added.'; } }

Forgot to mention it also gives this error: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/zyquo/public_html/makethemoviehappen.com/main.php on line 347 Line 347 -> while($credits_row=mysql_fetch_array($credits_result)){ EDIT: I didn't set the $tbl_name4 variable. All my problems are so simple...

I'm having a bit of an issue with the below: for($i=1; $i <= 3; $i++){ $credits_query="SELECT * FROM $tbl_name4 WHERE film_number='$i'"; $credits_result=mysql_query($credits_query); $content.=' <div class="credit_header">'; if($i==1){$content.='First';}elseif($i==2){$content.='Second';}elseif($i==3){$content.='Third';} $content.=' Film Crew/Producer Credits </div> <table class="producer_table"> <tr class="producer_background"> <td class="border sixty"> Crew or Producer Position </td> <td class="border twenty"> Amount </td> <td class="border"> Buy </td> </tr> </table> <div class="producer_scroll"> <table class="producer_table">'; while($credits_row=mysql_fetch_row($credits_result)){ extract($credits_row); $content.=' <tr align="center"> <td class="border sixty">' .$position. '</td> <td class="border twenty">$' .$cost. '</td> <td class="border"> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="hidden" name="hosted_button_id" value="'.$product_code.'">QMNXL6WXL4YL6 <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_buynow_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </td> </tr>'; } $content.=' </table> </div>'; } I'm trying to make it loop three times, once for each film. Under each generated table it will be filled in with the credits available for purchase for that specific film, with that data being pulled from the database. Currently, it's not generating the tables with the database data: It just does this: <div class="producer_scroll"> <table class="producer_table"> </table> </div> <div class="credit_header">First Film Crew/Producer Credits </div> <table class="producer_table"> <tr class="producer_background"> <td class="border sixty"> Crew or Producer Position </td> <td class="border twenty"> Amount </td> <td class="border"> Buy </td> </tr> </table> <div class="producer_scroll"> <table class="producer_table"> </table> </div> <div class="credit_header">Second Film Crew/Producer Credits </div> <table class="producer_table"> <tr class="producer_background"> <td class="border sixty"> Crew or Producer Position </td> <td class="border twenty"> Amount </td> <td class="border"> Buy </td> </tr> </table> <div class="producer_scroll"> <table class="producer_table"> </table> </div> <div class="credit_header">Third Film Crew/Producer Credits </div> <table class="producer_table"> <tr class="producer_background"> <td class="border sixty"> Crew or Producer Position </td> <td class="border twenty"> Amount </td> <td class="border"> Buy </td> </tr> </table> <div class="producer_scroll"> <table class="producer_table"> </table> </div>

The below isn't inserting the credits into the database. The credit entries are not duplicates. So the IGNORE in the INSERT shouldn't be the issue correct? I attempted to insert Test, Test2 elseif($_GET['do']="process"){ $source=sanitize($_GET['source']); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $amount=amount_verify(sanitize($_POST['amount'])); $username=sanitize($_POST['username']); $level=sanitize($_POST['level']); $password=kam3($_POST['password']); $admin=sanitize($_POST['user_level']); $credits=sanitize($_POST['credit']); if($amount=="00"){ $amount=""; } if($_GET['source']=="new"){ $add_user_query="INSERT INTO $tbl_name (username, name, level, amount, password, admin, email) VALUES ('$username', '$name', '$level', '$amount', '$password', '$admin', '$email')"; mysql_query($add_user_query); if(!empty($credit)){ $insert_id=mysql_insert_id(); $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit','$insert_id')"; } if (count($CreditArray) > 0 ) { $credit_array_query="INSERT IGNORE INTO $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } } } elseif($_GET['source']=="edit"){ } }

The below is only returning one user from the database, it should be generating a list of all users in the database. elseif($_GET['do']=="edit"){ if(isset($_GET['id'])){ $id=(int)$_GET['id']; $edit_user_query="SELECT * FROM $tbl_name WHERE $tbl_name.donor_id=$id"; $edit_user_result=mysql_query($edit_user_query); while($edit_user_row=mysql_fetch_array($edit_user_result)){ extract($edit_user_row); } $credits_query="SELECT * FROM donors_credits WHERE donor_id=".$id." ORDER BY id"; $credits_result=mysql_query($credits_query); while($credits_row=mysql_fetch_array($credits_result)){ $credits[]=$credits_row['credit']; } $credit=implode(",",$credits); $section.=' - Edit User: '.$username.''; $content.=' <div class="main"> <div class="main_header">Edit User - '.$username.'</div> <div class="user_form"> <form action="./.php" method="post"> <p><label>Name:</label> <input type="text" name="name" size="30" value="'.$name.'" /></p> <p><label>E-Mail:</label> <input type="email" name="email" size="32" value="'.$email.'" /></p> <p><label>Amount:</label> <input type="text" name="amount" size="8" value="'.$amount.'" /></p> <p><label>Username:</label> <input type="text" name="username" size="30" value="'.$username.'" /></p> <p> <label>Level:</label> <select name="level"> <option value=""'.(empty($level) ? ' selected="selected"' : '').'></option> <option value="nickel"'.($level=="nickel" ? ' selected="selected"' : '').'>Nickel</option> <option value="copper"'.($level=="copper" ? ' selected="selected"' : '').'>Copper</option> <option value="bronze"'.($level=="bronze" ? ' selected="selected"' : '').'>Bronze</option> <option value="silver"'.($level=="silver" ? ' selected="selected"' : '').'>Silver</option> <option value="gold"'.($level=="gold" ? ' selected="selected"' : '').'>Gold</option> <option value="platinum"'.($level=="platinum" ? ' selected="selected"' : '').'>Platinum</option> <option value="palladium"'.($level=="palladium" ? ' selected="selected"' : '').'>Palladium</option> </select> (Blank if something other than Donation) </p> <p> <label>User Level:</label> <select name="user_level"> <option value="0"'.($admin=="0" ? ' selected="selected"' : '').'>No Account</option> <option value="1"'.($admin=="1" ? ' selected="selected"' : '').'>Credit Purchase</option> <option value="2"'.($admin=="2" ? ' selected="selected"' : '').'>Donation</option> <option value="3"'.($admin=="3" ? ' selected="selected"' : '').'>Moderator</option> <option value="4"'.($admin=="4" ? ' selected="selected"' : '').'>Admin</option> </select> </p> <p><label>Credit:</label> <input type="text" name="amount" size="30" value="'.$credit.'" /></p> <p><label>Password:</label> <input type="text" name="username" size="30" value="'.$password.'" /></p> <p><label>Confirm Password:</label> <input type="text" name="username" size="30" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> </div> '; } else{ $user_list_query="SELECT * FROM $tbl_name"; $user_list_result=mysql_query($user_list_query); while($user_list_row=mysql_fetch_array($user_list_result)){ extract($user_list_row); $content='<div><a href="./index.php?admincp=users&do=edit&'.$donor_id.'">'.(!empty($username) ? ''.$username.'' : ''.$name.'').'</a></div><br />'; } } } EDIT: Solved. $content has to be concatenated.

I used an if statement and checked to see if $bits[1] was empty: function amount_verify($number){ $bits = explode(",",$number); // split input value up to allow checking if(!empty($bits[1])){ $last = strlen($bits[1]); // gets part after first comma (thousands or decimals) if ($last < 3){ if ($last==0){ $number.=",00"; } $number = str_replace(".","",$number); $number = str_replace(",",".",$number); } $number = str_replace(",","",$number); } $dec_bits = explode(".",$number); // split input value up to allow checking $dec = strlen($dec_bits[1]); // gets part after first decimal point if ($dec==0){ $number.=".00"; } $symbol = substr($number, 0, 1); if(!ctype_digit($symbol)){ $number = substr($number, 1); } return $number; }

I have tested your amount_verify() function and it returns $1,000.00 as 1000.00 for me. Sorry my mistake, it's when I type $1000.00 or 1000.00 without the comma. That turns into 100000.00. Basically, when it's already properly formatted. I guess I need some way to by pass most of the function if it doesn't have a comma in it. I still need it to remove the symbol, if there is one present. So I can't by pass the entire function.

Alright, that solves that. Now a few non-related issues: I'm curious, how can I redirect on a condition that the data was inserted into the database? Should I just do an if statement with the mysql_query as the condition? And I also have an issue with my amount processing function. When I type $1,000.00 it returns 100000.00. Ideas on why this is happening? It seems fine for other numbers, just $1,000.00. $1,001.00 and $2,000.00 don't replicate the same issue, just $1,000.00.

Well I just checked the preg_match email_verify function by assigning it to a variable and adding it to var_dump, and it returns 1, which means it evaluates as true correct? EDIT: Here's the issue: if(email_verify($email)==$donors_row['email'] && $current_amount==$donors_row['amount'] && $name==$donors_row['name']){ Should be: if(email_verify($email) && $email==$donors_row['email'] && $current_amount==$donors_row['amount'] && $name==$donors_row['name']){ Now I'm curious, how can I redirect on a condition that the data was inserted into the database? Should I just do an if statement with the mysql_query as the condition? And I also have an issue with my amount processing function. When I type $1,000.00 it returns 100000.00. Ideas on why this is happening?

Alright, it's got the associative keys now, but it still directs back to the form with the error. Makes me think the only other option, in the if statement, is this email_verify($email). That's the only one I can't check the result of, because it's not assigned to a variable. The only way that should not be working is if the preg_match is set-up wrong, correct?

I just did var_dump on the posted data after processing and print_r for $donors_row. Results returned: string(16) "Andrew McCarrick" string(29) "example@example.com" string( 8 ) "25000.00" string(9) "100000.00" Array ( [0] => 1 [1] => Andrew McCarrick [2] => 25000.00 [3] => Producer [4] => 4 [5] => example@example.com ) I'm noticing the array contains numbers as keys.... I'm trying to use the database table columns name, instead of the column number. Is this the issue?

The below is returning the error: The information you entered doesn\'t match the our for this account. Please try again. <br /> If you keep having problems, please contact us at <a href="mailto:general@makethemoviehappen.com"> general@makethemoviehappen.com This is triggered by the if statement with the ($_GET['e']==f) condition, in the form code. The database is pulling the proper information for the current person logged in as I checked with print_r on $donors_row. <?php session_start(); $myusername=$_SESSION['myusername2']; $mypassword=$_SESSION['mypassword2']; require_once 'db_select.php'; require_once 'func.php'; $select_donors="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'"; $donors_results=mysql_query($select_donors); $donors_row=mysql_fetch_row($donors_results); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $current_amount=amount_verify(sanitize($_POST['current_amount'])); $additional_amount=amount_verify(sanitize($_POST['additional_amount'])); $donor_id=$donors_row['donor_id']; if(email_verify($email)==$donors_row['email'] && $current_amount==$donors_row['amount'] && $name==$donors_row['name']){ $insert_additional="INSERT INTO $tbl_name3 (donor_id, additional_amount) VALUES ('$donor_id', '$additional_amount')"; $additional_results=mysql_query($insert_additional); mysql_fetch_row($additional_results); $message=' I would like to donate additional money to Make the Movie Happen. Name: '.$name.' Email: '.$email.' Additional Amount: '.$additional_amount.' '; mail('general@makethemoviehappen.com','Make the Movie Happen - Additional Donation', $message, 'From:' .$email.''); header('Location: ./index.php?usercp=donate&e=t'); } else{ header('Location: ./index.php?usercp=donate&e=f'); } ?> <?php $content=' <div class="main"> <div class="main_header">Donate Additional Money</div>'; if($_GET['e']==t){ $content.='<p class="green clear"> Request Sent. You should be contact with a donate button specifically for you, in the next two business days. </p> '; } else{ $content.=' <p> If you wish to donate additional money, use the form below to enter the additional amount you wish to donate, the name in which the credit is listed under (as listed on the donors page), and the e-mail address in which the original purchase came from. This is a great to get your name back on the top 100 donors list, and to bump up your contributor level, and thus the freebies you get in return. Once you submit this form, we will review the submitted material, create a new paypal donation button specifically for you, and send you the link to that button. From there, you will be able to make the additional donation.'; if($_GET['e']==f){ $content.='<p class="red"> The information you entered doesn\'t match the our for this account. Please try again. <br /> If you keep having problems, please contact us at <a href="mailto:general@makethemoviehappen.com"> general@makethemoviehappen.com</a>. </p>'; } $content.=' <form action="./additional_donate_email.php" method="post"> <p><label>Name Credit is Listed Under:</label> <input type="text" name="name" size="30" /></p> <p><label>E-Mail of Original Donation:</label> <input type="text" name="email" size="32" /></p> <p><label>Additional Donation Amount:</label> <input type="text" name="additional_amount" size="8" /></p> <p><label>Current Donation Amount:</label> <input type="text" name="current_amount" size="8" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> '; } $content.=" </div> <br />"; ?> func.php - Just in case you need to see what the functions are doing: function email_verify($email){ return preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $email); } function amount_verify($number){ $bits = explode(",",$number); // split input value up to allow checking $last = strlen($bits[1]); // gets part after first comma (thousands or decimals) if ($last < 3){ if ($last==0){ $number.=",00"; } $number = str_replace(".","",$number); $number = str_replace(",",".",$number); } $number = str_replace(",","",$number); $dec_bits = explode(".",$number); // split input value up to allow checking $dec = strlen($dec_bits[1]); // gets part first decimal point if ($dec==0){ $number.=".00"; } $symbol = substr($number, 0, 1); if(!ctype_digit($symbol)){ $number = substr($number, 1); } return $number; } It's clearly not meeting all the conditions in the form checking if statement. I'm just not sure why.

Wow... I'm stupid. I didn't have .00 in my database entries. It was failing because the amount from the function has the decimal point added. Sorry guys.

http://www.makethemoviehappen.com/index.php?forgot The page was working perfectly... I just recently added the amount formatting and the preg_match for the email address. Since then it hasn't been working.

Not the whole thing, but the most relative stuff. Any way, here's the whole thing: <?php require_once 'db_select.php'; require_once 'func.php'; $donation_amount=sanitize($_POST['donation_amount']); $donation_amount=amount_verify($donation_amount); $email=sanitize($_POST['email']); if($_GET['forgot']=="username"){ if(email_verify($email)){ $sql3="SELECT * FROM $tbl_name WHERE email='$email' AND amount='$donation_amount'"; $result3=mysql_query($sql3); $rows3=mysql_fetch_row($result3); $num_rows3 = mysql_num_rows($result3); $username=$rows3[0]; if($num_rows3==1){ $content.='<p class="center">Your username has been sent to the provided email address.</p><br />'; $message='Some one (hopefully you) requested your username on Make the Movie Happen. Below is your username: Username: '.$username.' Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - Username', $message, 'From: general@makethemoviehappen.com'); } else{ header("Location: ./index.php?forgot&e=3"); } } else{ header("Location: ./index.php?forgot&e=4"); } } elseif($_GET['forgot']=="password"){ if(email_verify($email)){ $new_password =& generatePassword(); $username=sanitize($_POST['username']); $newpass=kam3($new_password); $sql1="UPDATE $tbl_name SET password='$newpass' WHERE username='$username' AND email='$email' AND amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1=mysql_affected_rows(); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ header("Location: ./index.php?forgot&e=1"); } } else{ header("Location: ./index.php?forgot&e=2"); } } else{ $content='<div class="main"> <div class="main_header clear">Forgot Password/Username</div> <br /> <div> <p class="eighteen">Forget Password</p> <p>Enter the information below to reset your password.</p>'; if($_GET['e']=="1"){ $content.='<p class="red">Information entered incorrect.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p>'; } if($_GET['e']=="2"){ $content.='<p class="red">Information entered incorrectly. Please check the format.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p> '; } $content.=' <form action="./index.php?forgot=password" method="post"> <p><label>Username:</label> <input type="text" name="username" size="30" /></p> <p><label>E-Mail of Original Donation/Purchase:</label> <input type="text" name="email" size="32" /></p> <p><label>Total Donation Amount:</label> <input type="text" name="donation_amount" size="5" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> <br /> <div> <p class="eighteen">Forget Username</p> <p>Enter the information below to have your username emailed to you.</p>'; if($_GET['e']=="3"){ $content.='<p class="red">Information entered incorrect.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p> '; } if($_GET['e']=="4"){ $content.='<p class="red">Information entered incorrectly. Please check the format.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p> '; } $content.=' <form action="./index.php?forgot=username" method="post"> <p><label>E-Mail of Original Donation/Purchase:</label> <input type="text" name="email" size="32" /></p> <p><label>Total Donation Amount:</label> <input type="text" name="donation_amount" size="5" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> </div> <br /> '; } ?>

The below is triggering the "Information entered incorrect." error message, when correct information is entered. function email_verify($email){ return preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $email); } function amount_verify($number){ $bits = explode(",",$number); // split input value up to allow checking $last = strlen($bits[1]); // gets part after first comma (thousands or decimals) if ($last < 3){ if ($last==0){ $number.=",00"; } $number = str_replace(".","",$number); $number = str_replace(",",".",$number); } $number = str_replace(",","",$number); $dec_bits = explode(".",$number); // split input value up to allow checking $dec = strlen($dec_bits[1]); // gets part first decimal point if ($dec==0){ $number.=".00"; } $symbol = substr($number, 0, 1); if(!ctype_digit($symbol)){ $number = substr($number, 1); } return $number; } $donation_amount=sanitize($_POST['donation_amount']); $donation_amount=amount_verify($donation_amount); $email=sanitize($_POST['email']); elseif($_GET['forgot']=="password"){ if(email_verify($email)){ $new_password =& generatePassword(); $username=sanitize($_POST['username']); $newpass=kam3($new_password); $sql1="UPDATE $tbl_name SET password='$newpass' WHERE username='$username' AND email='$email' AND amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1=mysql_affected_rows(); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ header("Location: ./index.php?forgot&e=1"); } } else{ header("Location: ./index.php?forgot&e=2"); } } else{ $content='<div class="main"> <div class="main_header clear">Forgot Password/Username</div> <br /> <div> <p class="eighteen">Forget Password</p> <p>Enter the information below to reset your password.</p>'; if($_GET['e']=="1"){ $content.='<p class="red">Information entered incorrect.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p>'; } if($_GET['e']=="2"){ $content.='<p class="red">Information entered incorrectly. Please check the format.</p> <p class="red twelve">If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.</p> '; } $content.=' <form action="./index.php?forgot=password" method="post"> <p><label>Username:</label> <input type="text" name="username" size="30" /></p> <p><label>E-Mail of Original Donation/Purchase:</label> <input type="text" name="email" size="32" /></p> <p><label>Total Donation Amount:</label> <input type="text" name="donation_amount" size="5" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> <br /> <div> <p class="eighteen">Forget Username</p> <p>Enter the information below to have your username emailed to you.</p>'; }

I came up with this... anybody see any possible flaws? The only thing I can think of is if somebody enters decimal of more than 2 digits. <?php $number ="1.234"; $bits = explode(",",$number); // split input value up to allow checking $last = strlen($bits[1]); // gets part after first comma (thousands (or decimals if incorrectly used by user) if ($last < 3){ if ($last==0){ $number.=",00"; } $number = str_replace(".","",$number); $number = str_replace(",",".",$number); } $number = str_replace(",","",$number); $dec_bits = explode(".",$number); // split input value up to allow checking $dec = strlen($dec_bits[1]); // gets part first decimal point if ($dec==0){ $number.=".00"; } ?> This maybe a better option. There is additional checking on it... if the value they enter doesn't match the value in the database, then an error is shown... so that should catch any three digits after the decimal point. I just wanted to accept a wider range of possible inputs to make it easier for users.