rdkd1970

that is correct and I am using session_start(); on all my pages

The line that shows when I use the error codes is which is now $_GET as I have tried it all with no success. $username = $_SESSION[username]

if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { '<a href="http://www.blessedtalk.com">Register Account</a> | <a href="http://www.blessedtalk.com/login-form.php">Log In</a>'; } $id = ""; $username = ""; $firstname = ""; $lastname = ""; // ------- ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS --------- if (isset($_GET['id'])) { $id = $_GET['id']; // filter everything but numbers } else if (isset($_SESSION['SESS_ID'])) { $id = $_SESSION['SESS_ID']; } else { '<a href="http://www.blessedtalk.com/login-form.php">Log In</a>'; } if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) { echo "Important variables from the form are missing."; exit(); } // Filter all of the common variables $post_type = $_POST['post_type']; $post_body = $_POST['post_body']; $post_body = nl2br(htmlspecialchars($post_body)); $post_body = mysql_real_escape_string($post_body); $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); $member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); $username = preg_replace('#[^0-9]#i', '', $_GET['username']); $member_password = mysql_real_escape_string($_POST['upass']); // Check the database to be sure that their ID, password, and email session variables all match in the database $u_id = $member_id; $sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: You do not exist in the system"; exit(); } // Check the database to be sure that this forum section exists $sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: That forum section does not exist."; exit(); } // Prevent this member from posting more than 30 times in one day $sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32"); $numRows = mysql_num_rows($sql); if ($numRows > 30) { echo "ERROR: You can post only 30 times per day. Your maximum has been reached."; exit(); } // Add this post to the database now. The query depends on the "post_type" value // Only if the post_type is "a" /////////////////////////////////////////////////////////////////////////////////// if ($post_type == "a") { $post_title = preg_replace('#[^A-za-z0-9 ?!.,]#i', '', $_POST['post_title']); if ($post_title == "") { echo "The Topic Title is missing."; exit(); } if (strlen($post_title) < 10) { echo "Your Topic Title is less than 10 characters."; exit(); } $sql = mysql_query("INSERT INTO forum_posts (username, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) VALUES('".$username."','".$member_id."',now(),'a','".$forum_section_title."','".$forum_section_id."','".$post_title."','".$post_body."')") or die (mysql_error()); $this_id = mysql_insert_id(); //$sql = mysql_query("UPDATE forum_posts SET otid='$this_id' WHERE id='$this_id'"); header("location: view_thread.php?id=$this_id"); exit(); } I am trying to add a forum to this site. So I am grabbing the username from the main file which was set under the html folder and have a forum folder. All my pages have the above isset settings but this one page I need to add to another table the username. It grabs the id from the session but not the username. It worked twice and stopped working.

Can you use $_SESSION function differently in another page and it will pick up the other registered variable if it has not been used before.

I tried this at first it was using another test member username then it stopped all together. It seems as if this section is not recognizing the connection between post_author and username according to the settings. Yesterday i changed the while statement with post_author from $row[username] to username it went through but today I tried another test name no luck. $post_type = $_POST['post_type']; $post_body = $_POST['post_body']; $post_body = nl2br(htmlspecialchars($post_body)); $post_body = mysql_real_escape_string($post_body); $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); $member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); $post_author = preg_replace('#[^0-9]#i', '', $_SESSION['username']); $member_password = mysql_real_escape_string($_POST['upass']); All of these are working besides the post_author to the username.

try making this line and if instead of a while statement see how that works. while statements keep going. while($row = mysql_fetch_array($result)){

I am using $_SESSION[username] to connect to another table and to display and add the variable to the table with no luck. How can I set this up. I know there is a way but I am not getting it. post_author and post_author_id are suppose to go into the db when I hit the submit button but only the post_author_id is responding. I have the errors ALL set up and it keeps letting me know the variable is undefined. When I put the $_SESSION[username] as the $_SESSION[sESS_ID] it displayed the id of the member. I have put the variable at the beginning as $username - ''; right now the line that is showing as error is $post_author = preg_replace('#[^0-9]#i', '', $_SESSION['username']); this is part of the file that is suppose to activate the info add to the db and display the username onto the page. if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '') || isset($_SESSION['username'])) { '<a href="http://www.blessedtalk.com">Register Account</a> | <a href="http://www.blessedtalk.com/login-form.php">Log In</a>'; } // Check the HTTP_REFERER for light level security $ref = parse_url($_SERVER['HTTP_REFERER']); $host = $ref["host"]; if ($host != "www.blessedtalk.com") { echo "Please log in at the home page."; exit(); } $id = ""; $username = ""; $firstname = ""; $lastname = ""; $post_author = ""; // ------- ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS --------- if (isset($_GET['id'])) { $id = $_GET['id']; // filter everything but numbers } else if (isset($_SESSION['SESS_ID'])) { $id = $_SESSION['SESS_ID']; } else { '<a href="http://www.blessedtalk.com/login-form.php">Log In</a>'; } // ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS --------- // ------- FILTER THE ID AND QUERY THE DATABASE -------- $sql = mysql_query("SELECT username, id FROM `myMembers` WHERE id='".$_SESSION["SESS_ID"]."'"); // query the member // ------- FILTER THE ID AND QUERY THE DATABASE -------- // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount < 1 ) { // evaluate the count header("location: index.php?msg=user_does_not_exist"); exit(); } while($row = mysql_fetch_array($sql)){ $username = $row["username"]; $post_author = $row["username"]; $post_author_id = $row["id"]; } // Be sure all form variables are present to proceed if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) { echo "Important variables from the form are missing."; exit(); } // Filter all of the common variables $post_type = $_POST['post_type']; $post_body = $_POST['post_body']; $post_body = nl2br(htmlspecialchars($post_body)); $post_body = mysql_real_escape_string($post_body); $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); $member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); $post_author = preg_replace('#[^0-9]#i', '', $_SESSION['username']); $member_password = mysql_real_escape_string($_POST['upass']); $sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: That forum section does not exist."; exit(); } // Prevent this member from posting more than 30 times in one day $sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32"); $numRows = mysql_num_rows($sql); if ($numRows > 30) { echo "ERROR: You can post only 30 times per day. Your maximum has been reached."; exit(); } if ($post_type == "a") { $post_title = preg_replace('#[^A-za-z0-9 ?!.,]#i', '', $_POST['post_title']); if ($post_title == "") { echo "The Topic Title is missing."; exit(); } if (strlen($post_title) < 10) { echo "Your Topic Title is less than 10 characters."; exit(); } $sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) VALUES('$post_author','$member_id',now(),'a','$forum_section_title','$forum_section_id','$post_title','$post_body')") or die (mysql_error()); $this_id = mysql_insert_id(); //$sql = mysql_query("UPDATE forum_posts SET otid='$this_id' WHERE id='$this_id'"); header("location: view_thread.php?id=$this_id"); exit(); }

Also in my database the post_author and post_author_id is blank when I come as a logged in user or a visitor to the site and post a topic to the forum

I removed the else statement and took out the !. It is still allowing anyone to make a topic without logging in. Not sure why

AND when I do log in through the main login section it is not recognizing the user.

I have my session_start(); set and my section to see if they are logged in or not but somehow it is allowing anyone to post to the forum without signing up. I have my table as follows :'( TABLE id INT (11) post_author var 255 post_author_id INT 11 otid INT 11 (original topic id and the responder) date_time DATETIME type ENUM a,b view_count INT 11 section_title VAR 88 section_id INT 11 thread_title VAR 64 post_body TEXT closed ENUM 0,1 default 0 CREATE TOPIC SECTION include_once "../Connection/mysql.php"; $logOptions = ''; // Check to see if the user is logged in with session variables if (!isset($_SESSION['userpass']) || $_SESSION['userpass'] == "") { $logOptions = '<a href="http://www.blessedtalk.com">Register Account</a> | <a href="http://www.blessedtalk.com/login-form.php">Log In</a>'; } else { // Assume they are a member because they have a password session variable set // Check the database to be sure that their ID, password, and email session variables all match in the database $u_id = mysql_real_escape_string($_SESSION['SESS_ID']); $u_name = mysql_real_escape_string($_SESSION['username']); $u_email = mysql_real_escape_string($_SESSION['useremail']); $u_pass = mysql_real_escape_string($_SESSION['userpass']); $sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id' AND username='$u_name' AND email='$u_email' AND password='$u_pass'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: You do not exist in the system."; exit(); } } // Check to make sure the URL variables of "sid" and "title" are set if (!isset($_POST['forum_id']) || $_POST['forum_id'] == "" || !isset($_POST['forum_title']) || $_POST['forum_title'] == "") { echo "Important variables are missing"; exit(); } else { // Acquire the variables and proceed to show them a form for creating a new topic $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['forum_id']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['forum_title']); } $sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: That section deos not exist."; exit(); } <script type="text/javascript" language="javascript"> <!-- function validateMyForm ( ) { var isValid = true; if ( document.form1.post_title.value == "" ) { alert ( "Please type in a title for this topic" ); isValid = false; } else if ( document.form1.post_title.value.length < 10 ) { alert ( "Your title must be at least 10 characters long" ); isValid = false; } else if ( document.form1.post_body.value == "" ) { alert ( "Please type in your topic body." ); isValid = false; } return isValid; } //--> </script> <div id="breadcrumbs"><a href="http://www.blessedtalk.com">Blessed Talk Home</a> ← <a href="http://www.blessedtalk.com/forum">Forum Home</a> ← <a href="section.php?id=<?php echo $forum_section_id; ?>"><?php echo $forum_section_title; ?></a></div> <h2>Creating New Topic In the <em><?php echo $forum_section_title; ?></em> Forum</h2> <form action="parse_post.php" method="post" name="form1"> <input name="post_type" type="hidden" value="a" /> Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" /> <br /><br /> Please type in a title for your topic here:<br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br /> Please type in your topic body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea> <br /><br /><input name="" type="submit" value="Create my topic now!" onclick="javascript:return validateMyForm();"/> <input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" /> <input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" /> <input name="uid" type="hidden" value="<?php echo $_SESSION['SESS_ID']; ?>" /> <input name="upass" type="hidden" value="<?php echo $_SESSION['userpass']; ?>" /> </form>

I have this code for updating my profile page ie. picture, location, youtube. But it will upload but i get this error message. Notice: Undefined index: parse_var in I have put it as a variable $parse_var and I get this then I put it as $_POST['parse_var'] it does not upload anything how can I put it so I do not get this error message showing. if ($_POST['parse_var'] == "pic"){ if (!$_FILES['fileField']['tmp_name']) {

I am trying to click on another members profile and view theirs with the add as friend or remove as friend links but it keeps coming back to my own profile. I believe it is because of the $_SESSION[sESS_ID] I have in the $sqlArray. What am I suppose to use to get the other members profile when I click on it. $friendLink = ""; $the_chat_form = ""; $iFriend_array = ""; if (isset($_SESSION['SESS_ID']) && $_SESSION['SESS_ID'] != $id) { // If SESSION id :-\ is set, AND it does not equal the profile owner's ID // SQL Query the friend array for the logged in viewer of this profile if not the owner $sqlArray = mysql_query("SELECT friend_array FROM myMembers WHERE id='" . $_SESSION['SESS_ID'] ."' LIMIT 1"); while($row=mysql_fetch_array($sqlArray)) { $iFriend_array = $row["friend_array"]; } $iFriend_array = explode(",", $iFriend_array); if (in_array($id, $iFriend_array)) { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'remove_friend\');">Remove Friend</a>'; } else { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'add_friend\');">Add as Friend</a>'; } This is the javascript I am using. It works to open the friend request in my profile but it is not clicking on the other profile and letting me view them it goes back to my profile. function toggleInteractContainers(x) { if ($('#'+x).is(":hidden")) { $('#'+x).slideDown(200); } else { $('#'+x).hide(); } $('.interactContainers').hide(); } function toggleViewAllFriends(x) { if ($('#'+x).is(":hidden")) { $('#'+x).fadeIn(200); } else { $('#'+x).fadeOut(200); } } function toggleViewMap(x) { if ($('#'+x).is(":hidden")) { $('#'+x).fadeIn(200); } else { $('#'+x).fadeOut(200); } } // Friend adding and accepting stuff function addAsFriend(a,b) { var friendRequestURL = "scripts_for_profile/request_as_friend.php"; $("#add_friend_loader").show(); $.post(friendRequestURL,{ request: "requestFriendship", mem1: a, mem2: b } ,function(data) { $("#add_friend").html(data).show().fadeOut(12000); }); } function acceptFriendRequest (x) { var friendRequestURL = "scripts_for_profile/request_as_friend.php"; $.post(friendRequestURL,{ request: "acceptFriend", reqID: x } ,function(data) { $("#req"+x).html(data).show(); }); } function denyFriendRequest (x) { var friendRequestURL = "scripts_for_profile/request_as_friend.php"; $.post(friendRequestURL,{ request: "denyFriend", reqID: x } ,function(data) { $("#req"+x).html(data).show(); }); } // End Friend adding and accepting stuff // Friend removal stuff function removeAsFriend(a,b) { var friendRequestURL = "scripts_for_profile/request_as_friend.php"; $("#remove_friend_loader").show(); $.post(friendRequestURL,{ request: "removeFriendship", mem1: a, mem2: b } ,function(data) { $("#remove_friend").html(data).show().fadeOut(12000); }); } Should I be adding another section of the javascript for just adding a friend because the one that I have for adding a friend actually is allowing me to view my own profile and access the friend request but ofcourse nothing is in it as we can not view another profile.

I have in my friend_array DB is set up for text this is what is in the $sql when I click on the other member profile to try to add them as friend. Should I have it as something else. I also have in DB the friends_request for mem1 and mem2 a,b. but i do not have the default set for this. No matter how I put it in the codes it comes back to my profile so I am wondering if this is set up wrong in the DB.

Nothing echos I must have the wrong $sql. I am not sure what is happening now. But that line is suppose to click on the other profile but it keeps going back to my profile.

I tried this code but it gets an error in Dreamweaver before I even try it. Is there another way to echo echo ("'.$_SESSION['SESS_ID'].'&&'.$id.'");

I am trying to click on another members profile and view theirs with the add as friend or remove as friend links but it keeps coming back to my own profile. I believe it is because of the $_SESSION[sESS_ID] I have in the $sqlArray. What am I suppose to use to get the other members profile when I click on it. $friendLink = ""; $the_bless_form = ""; $iFriend_array = ""; if (isset($_SESSION['SESS_ID']) && $_SESSION['SESS_ID'] != $id) { // If SESSION id :-\ is set, AND it does not equal the profile owner's ID // SQL Query the friend array for the logged in viewer of this profile if not the owner $sqlArray = mysql_query("SELECT friend_array FROM myMembers WHERE id='" . $_SESSION['SESS_ID'] ."' LIMIT 1"); while($row=mysql_fetch_array($sqlArray)) { $iFriend_array = $row["friend_array"]; } $iFriend_array = explode(",", $iFriend_array); if (in_array($id, $iFriend_array)) { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'remove_friend\');">Remove Friend</a>'; } else { $friendLink = '<a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers(\'add_friend\');">Add as Friend</a>'; }

Okay thanks I copied your info for that video and yea it worked now I am out to find the correct link to that video I want to borrow.

Yea I grabbed it from the address bar. I just did not know....!!!

I am grabbing this video from youtube are you mentioning this may not be usable for me to borrow it and display it on my page and I will need to choose another one.

I am not sure what you mean.????

This is my script I want to display but it does not show in the page just blank. <td><object width="220" height="148"><param name="movie" value="http://www.youtube.com/user/THEWORLDOFTRAVEL#p/search/2/uX9nd3xM_MY=1&h1=enUS&color1=0x234900&color3=34900&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/user/THEWORLDOFTRAVEL#p/search/2/uX9nd3xM_MY=1&h1=enUS&color1=0x234900&color3=34900&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="220" height="148"></embed></object></td>

You rock!!!!! :D :D

Do I have to put that $id folder in the db added to my tables for members.

should it automatically make it for them the folder $id when they submit their pic