matthew.javelet

You already have it done dude, you just need to change one part. The first echo inside the foreach loop is what your issue is. Change: echo '<li><a class="dropdown" href="' . $cat['link'] . '">'; To: echo '<li><a href="' . $cat['link'] . '">';

http://php.net/manual/en/function.mysql-real-escape-string.php $codeNumber = mysql_real_escape_string( $codeNumber ); That should fix it right up. Definitely look up the function description so you understand what's going on here.

You can absolutely manually fix the code yourself. However, the application looks a bit large and it may take a while to accomplish and just by making the function static may not fix your issue 100%. Also, it won't just be your gateway.php file. If the application developers coding style is consistent than I believe none of the static functions are defined as static which means you'll have to manually find each static function and define it as so. Since this is not your own project, it is just an application you use, I would just downgrade PHP back to 5.2.

It seems you're using a static method when it's not defined as static. So instead of having: public static function functionName() You have function functionName() If you are calling a method statically you'll need to call it as such: method::call() If you are using $this context, the function cannot be static. If you are using a script made by a company or whatever, you may want to check for an update or double checking to make sure the program is compatible with PHP 5.4

You need to provide us with all relative information as much as you can to help us provide you with a decent answer. The code you are using obviously has it set up to return errors if there is either a server connection issue or database connection issue. Which one is it, what is the exact error you get?

I use MySQL Improved ( MySQLi ). I've heard a bunch of hype about PDO because of its wondrous prepared statements and nifty functions. But I think it's pretty much a pre-built database class, though I may be wrong. By MSQLi do you mean MySQLi or MiniSQL? Either way, PDO is just a class, it is not a storage system like Oracle, MSQL, PostgreSQL, etc. Also, I'd prefer MySQLi over basic MySQL for obvious reasons. Source: http://www.php.net/manual/en/intro.pdo.php

I'm not sure exactly what you're asking, but your code will work. It just has absolutely no error management which can lead to a compromised database. I don't know how the rest of your code is used so I'm not going to say the create user function isn't needed. I would just generate a random salt instead of using @2xp just to be extra safe.

After giving my title a second read I laughed at myself. I'm currently facing a small issue while using the CodeIgnitor framework. I'm building a session class to handle admin sessions so they can login to admin restricted pages. So far I just have two files handling the login in, the admin controller and the session class itself. The admin controller is meant to set a variable that belongs to the session class, this is the issue, it currently does not do that and I have no idea why. This is the sessions class: <?php class rmb_admin_sessions { /** * The CI object * @var object */ private $_obj; /** * Session ID * @var string */ protected $_session_id = ''; /** * Session data * @var array */ protected $_session_data = array(); /** * Timeout Variable * @var int */ protected $_session_expire = 120; /** * Validation status * @var boolean */ protected $_status = false; /** * Display message * @var string */ protected $_message = ''; /** * Constructor * * @return void */ public function __construct() { // Get the CodeIgniter instance $this->_obj = & get_instance(); // PR - Preformmated dump / I'm checking the session ID before&after form submission pr($this->_session_id); // See if we find a session $session_data = $this->_obj->db->query("SELECT * FROM nab_admin_sessions WHERE session_id = '{$this->_session_id}'"); // PR - Preformmated dump / I'm checking the DB queries before&after form submission to see if the sesion id gets included pr($this->_obj->db->queries); // If we find a session than an admin is logged in. Sessions are only added to the DB when an admin // loggs in successfully. Old sessions are deleted upon new logins, as well as old sessions being // deleted upon expiration of 1 hour if($session_data->num_rows() > 0) { // Sessions Data $session = $session_data->row_array(); // Unserialized user data $user_session_data = unserialize($session['user_data']); // Merge the two $this->session_data = array_merge($session, $user_session_data); // Verify user data $user_data = $this->_obj->db->query("SELECT u.*, p.* FROM nab_members AS u LEFT JOIN nab_permissions AS p ON p.group_id = u.user_group WHERE u.user_id = '{$this->session_data['user_id']}'"); $user = $user_data->row_array(); if($user['user_id'] == '') { // The user data did not match return $this->_set(false, ''); } if ($user['group_id'] != 9) { // User does not have proper access return $this->_set(false, 'Invalid access level'); } else { // The login was a success $this->_status = true; } } // We're logged in and legit, handle user activity if ($this->_status === true) { if($this->session_data['last_activity'] < (time() - $this->session_expire * 60)) { $this->_status = false; return $this->_set(false, 'Your session timed out.'); } $this->_obj->db->update( 'nab_admin_sessions', array( 'last_activity' => time(), 'user_data' => serialize($user) ), "session_id = '{$this->_session_id}'" ); return $this->_set(true, ''); } } /** * Sets status and error message * * @param boolean Session Status * @param string Display messages * @return void */ protected function _set($status, $message) { $this->_status = $status; $this->_message = $message; } /** * Sets session id * * @return boolean */ public function set_session($session_id) { $this->_session_id = $session_id; } /** * Grabs session status * * @return boolean */ public function get_status() { return $this->_status; } /** * Grabs error message * * @return boolean */ public function get_message() { return $this->_message; } } This is the controller: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); class Admin extends CI_Controller { /** * Default page * * @return void */ public function index() { $this->load->library('rmb_admin_sessions'); if($this->rmb_admin_sessions->get_status() === true) { $this->home(); } else { $this->admin_login(); } } /** * Admin Login * * @return void */ public function admin_login() { $user = ''; if ($this->input->post('process')) { $user = $this->authorise($this->input->post('username', true), $this->input->post('password')); if(isset($user) AND is_array($user)) { $session_id = md5( uniqid( microtime() ) ); // Upon a successful login, we set the admin session class sessions id. // This means when redirected back to /admin the admin session class should // have the correct value, which is still does not $this->rmb_admin_sessions->set_session($session_id); #$this->db->query("delete from nab_admin_sessions where session_ = '{$user['user_id']}'"); $insert = array( 'session_id' => $session_id, 'ip_address' => $this->input->ip_address(), 'user_agent' => $this->input->user_agent(), 'last_activity' => time(), 'user_data' => serialize($user) ); $this->db->insert('nab_admin_sessions', $insert); #redirect('/admin'); } } $message = $this->rmb_admin_sessions->get_message(); $message['errors'] = ( empty( $message ) ) ? $user : $message; $this->load->view('Admin/Forms/login', $message); } /** * Validates a users login * * @return void */ function authorise( $user_entered, $pass_entered ) { $user_data = $this->db->query("SELECT * FROM nab_members WHERE user_name = '{$user_entered}' LIMIT 1"); if( $user_data->num_rows() > 0 ) { $user = $user_data->row_array(); if( $this->rmb_membership->encode_password($this->input->post('password'), $user['user_pwd_salt']) == $user['user_password'] ) { return $user; } else { return 'Invalid password'; } } else { return 'Invalid username'; } } /** * Home page * * @return void */ public function home() { $this->load->view('Admin/home'); } } So the function set_session that is called once a user successfully logs in is not setting the session id. I made a test file to see if it was my logic or CodeIgnitor and this is what I came up with: <?php class sessions { protected $session_id; public function __construct() { echo $this->session_id; } public function set_session($sid) { $this->session_id = $sid; } } class admin { public function index() { $this->sessions = new sessions; $this->login(); // before - sessions Object ( [session_id:protected] => ) print_r($this->sessions); // after - sessions Object ( [session_id:protected] => 123456 ) } public function login() { if(isset($_POST['process'])) { $this->sessions->set_session('123456'); } echo <<<HTML <form method="post"> <input type="text" /> <input type="submit" name="process" /> </form> HTML; } } $admin = new admin; $admin->index(); So with this test file following the same logic, it actually does what it needs to do and properly sets the session id for the session class. So can somebody please tell me what's wrong? I was going to ask the people on the CI forums but they have a character limit when posting topics and don't have attachments on currently. I also tried to post my larger files as attachments but it wouldn't work so I apologize for that too.