Ch0cu3r

Which ever user successfully logs in, Your code will always return the user's data with the user_id of 1. This is because your login() function does not return the users user_id but the boolean value of true when the username and password match a record in the users table! function login($username , $password) { GLOBAL $dbc; $user_id = user_id_from_username($username); $username = sanatize($username); $password = md5($password); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { return 0 == 1 ? $user_id : true; } // no results found so return false return false; } This line will always return true return 0 == 1 ? $user_id : true;You save the returned value of login() to the $_SESSION['user_id'] variable. This variable is then passed to the user_data() function to get the logged in users data. You then convert the users id value to an integer. $user_id = (int)$user_id;Which will convert the boolean value of $user_id to the integer value of 1. So therefore the query within that function will always return the user with the user_id of 1. $data=mysqli_query($dbc," SELECT $fields FROM `users` WHERE `user_id` = $user_id "); What you need to do is set the session data when the query successfully returns a result with a matched username/password. You should not be using user_data() function to get their data on each page request. This will be your login function function login($username , $password) { GLOBAL $dbc; $username = sanatize($username); $password = md5($password); // get all users data from database when username/password match. $query= mysqli_query($dbc,"SELECT `user_id`, `username`, `name` , `surname`, `email` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); if(mysqli_num_rows($query) == 1) { // set user data to sessions $row = mysqli_fetch_assoc($query); $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['username']; $_SESSION['name'] = $row['name']; $_SESSION['surname'] = $row['surname']; $_SESSION['email'] = $row['email']; return true; // return true } // no results found so return false return false; } To check if the user successfully logged in with the username/password you'd do if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login }

if("OK".equals(lines[0])) { listener.statusUpdated(i, "AVAILABLE"); } else { listener.statusUpdated(i, "NOT AVAILABLE"); }

Your .htaccess code is checking to see if this module has been loaded and then configuring how files are compressed. It is not loading the deflate module You need to enable the deflate modue within the httpd.conf file. You do this by removing the # infront of this line LoadModule deflate_module modules/mod_deflate.so Save httpd.conf and restart Apache.

The following $myWidth = '<script> document.write(window.innerWidth); </script>'; Does not execute the javascript. PHP does not know that is javascript within the quotes. It will see it as bunch of characters that make up a string. That string is stored within the $myWidth variable. Because strlen() counts how many characters are stored within the $myWidth variable. But echo gives me value "1366" Echo does not give you that value. Echo prints what ever is in the variable to the browser (right click > view source and to see PHP's output). So echo $myWIdth; will output the following <script> document.write(window.innerWidth); </script> The browser will then execute the JavaScript code code and write whatever the browsers width is to the HTML document, and so you see 1366 displayed. What you see here is PHP and javascript are executed at different times., PHP on the sever and JavaScript in the browser. You cannot capture the output of the JavaScript within PHP and visa-versa . What you're trying to do is not possible.

You're creating the file, sending headers so the file downloads and then writing the contents to the file. You need to write the data to the file first, before you send the headers.

You are outputting the text in white text color! Is your page background white? echo "<font color=\"#FFFFFF\">File test DOES exist!</font><br />" ; echo "<font color=\"#FFFFFF\">File test DOES NOT exist!</font><br />" If it is white you wont see any thing!

Simplify your $myarray. Set the carrier as the key for the array. then you can assign the consignments for that carrier using $myarray[ $carrier ]['consignemts'][] = $consignment; You'll get an array like Array ( [Royal Mail] => Array( [consignments] = Array( [0] => 'consignment number 1', [1] => 'consignment number 2', ... etc ... ) ), [FEDEX] => Array( [consignments] = Array( [0] => 'consignment number 1', ... etc ... ) ), [TNT] => Array( [consignments] = Array( [0] => 'consignment number 1', [1] => 'consignment number 2', [2] => 'consignment number 3', ... etc ... ) ) ) Then you can easily display the carriers consignments using a simple foreach foreach($carriers as $carrier => $consignments) { echo $carrier . ': Your consignments are: ' . implode(',', $consignments); } Code to build the carriers consignments $carriers = array(); foreach($rows as $row) { $consignment = $row['consignment_number']; //do something if ($consignment == 'RM') { $carrier = 'Royal Mail'; } elseif ( ctype_digit($consignment) && (strlen($consignment) == ) { $carrier = 'Fedex'; } elseif ( ctype_digit($consignment) && (strlen($consignment) == 11) ) { $carrier = 'TNT'; } // use carrier as key, append consignment to consignments sub array $carriers[ $carrier ]['consignments'][] = $consignment; }

You wan to apply the css styling to forms input field, not the form. The input field is this <input type="text" value="search here..." name="s" id="s"> Add class="searchbg"; attribute to the input field change searchbg in your css to .searchbg. CSS Styling should now apply.

You can't. HTTP is a stateless protocol. What are you trying to do?

I over complicated this part, change // limit the number of recently items to $maxItems $recentItems = count($_SESSION['recentlyViewed']); // how many items in the array if($recentItems > $maxItems) { $offset = $recentItems - $maxItems; array_splice($_SESSION['recentlyViewed'], $offset, $maxItems;); // make $_SESSION['recentlyViewed'] have only $maxItems in array } to // limit number of recently viewed its ot $maxItems if(count($_SESSION['recentlyViewed']) > $maxItems) { array_shift($_SESSION['recentlyViewed']); // make $_SESSION['recentlyViewed'] have only $maxItems in array }

The problem is you're just concatenating the recently viewed item in the session variable. You don't have any logic to limit how many items get added or to filter any duplicates I'd do something like this when adding recently viewd items // Set how many recently viewed items can be added to the array $maxItems = 5; if(!isset($_SESSION['recentlyViewed'])) $_SESSION['recentlyViewed'] = array(); // if item is not already in the array, add it if(!in_array($id, $_SESSION['recentlyViewed'])) { $_SESSION['recentlyViewed'][] = $id; } // product is in array and is not the last one (most recent one) // then remove it and make it the most recent if(in_array($id, $_SESSION['recentlyViewed']) && !$_SESSION['recentlyViewed'][$maxItems - 1] == $id) { $key = array_search($id, $_SESSION['recentlyViewed']); // get the position of the old one unset($_SESSION['recentlyViewed'][$key]); // delete the item from the array $_SESSION['recentlyViewed'][] = $id; // make it the most recent } // limit the number of recently items to $maxItems $recentItems = count($_SESSION['recentlyViewed']); // how many items in the array if($recentItems > $maxItems) { $offset = $recentItems - $maxItems; array_splice($_SESSION['recentlyViewed'], $offset, $maxItems;); // make $_SESSION['recentlyViewed'] have only $maxItems in array } Then to display the recently viewed items i'd do // display recent items // most recent should be displayed first $items = array_reverse($_SESSION['recentlyViewed']); foreach($items as $id) { echo ' <table width="50" cellspacing="0" cellpadding="0" border="1"> <tr> <th width="50" height="50" scope="col"> <a href="product.php?id=' . $id . '"><img src="inventory_images/' . $id . '.jpg" width="50" height="50" border="0" /></a> </th> </tr> </table>'; }

Irate meant you need to validate each form field before using it, You code cleaned up and upgraded to use mysqli <?php $servername = "localhost"; $username = "dbusername"; $password = "dbpassword"; $database = "dbasename"; $conn = mysqli_connect($servername, $username, $password, $database) or die(mysqli_error()); // connect to database using mysqli // validate username if( isset($_POST['regname']) && empty($_POST['regname']) ) // make sure username exits { $errors[] = 'Registration name required'; // set error } // valid email if( (isset($_POST['regemail']) && empty($_POST['regemail'])) || !isset($_POST['regemail'])) // make sure email exists { $errors[] = 'Registration email required'; // set error } elseif( isset($_POST['regemail']) && !filter_var($_POST['regemail'], FILTER_VALIDATE_EMAIL) ) // make sure email is a valid address { $errors[] = 'Registration email invalid'; // set error } if( isset($_POST['regpass1']) && empty($_POST['regpass1']) ) // make sure password exists { $errors[] = 'Password required'; // set error } elseif ( isset($_POST['regpass1']) && isset($_POST['regpass2']) && $_POST['regpass1'] != $_POST['regpass1'] ) // make sure passwords match { $errors[] = 'Passwords do not match!'; // set error } if(isset($errors) && empty($errors)) // make sure there are no validation errors { $regname = mysqli_real_escape_string($_POST['regname']); // sanitize username $regemail = mysqli_real_escape_string($_POST['regemail']); // sanitize email $password = sha1($_POST['regpass1']); // encrypt password $sql = "INSERT INTO oc_users (uid, displayname, password) VALUES ('$regname', '$regemail', '$pass')"; // prepare query if($result = mysqli_query($conn, $sql) or die(mysqli_error())) // execute query { echo 'Success user has been registered!'; // display message/redirect back to your site } } else // $errors contains errors { echo 'Sorry cannot complete registration!'. '<ul><li>'.implode('</li><li>', $errors).'</li></ul>'. // display them '<a href="yoursite.com/registration_form.html">Go Back</a>'; // provide link back to form, or display the form again } ?>

Read my post above? I pointed out what needs changing.

Or define $message as null before the if/else $message = null;

You'd pass your $database instance to your other objects __constructor and set it as a property. I think this is referred to as dependency injection Not the best example class classA { public function specialMethod() { // do somthing } } class classB { private $obj_a; public __construct(classA $objA) { $this->obj_a = $objA; // save objA as property } public function someMethod() { $this->obj_a->specialMethod(); // call specialMethod() in $objA } } $objA = new classA(); $objB = new classB($objA); // inject ObjectA into classB $objB->someMethod();

You're getting the error because the variable $message doesn't exist when $found_user returns true. When $found_user returns false $message will be set. if ($found_user) { $session->login($found_user); redirect_to("index.php"); } else { // username/password combo was not found in the database $message = "Username/password combination incorrect."; // <-- this is only set when $found_user is false } You need to check to see if $message exists before calling output_message function.

The following code will be prone to SQL inject attacks and is not safe to use. <?php if($_GET["regname"] && $_GET["regpass1"] && $_GET["regpass2"] ) { if($_GET["regpass1"]==$_GET["regpass2"]) { $servername="localhost"; $username="dbusername"; $password="dbpassword"; $pass = sha1($_GET['regpass1']); $conn= mysql_connect($servername,$username,$password)or die(mysql_error()); mysql_select_db("dbname",$conn); $sql="insert into oc_users (uid,displayname,password)values('$_GET[regname]','$_GET[regemail]','$pass')"; $result=mysql_query($sql,$conn) or die(mysql_error()); } else print "passwords doesnt match"; } else print"invaild data"; header("Location:http://mydomain.com/"); exit; ?> You should not have your form submit user credentials via GET. You should be submitting the form with POST method. With GET everything entered in the form will be visible in the browsers url when the form has been submitted. This is very insecure method of sending/receiving of sensitive information. First change your $_GET variables to $_POST. Second, You should never use raw user input (variables such as $_GET, $_POST, $_COOKIE) within SQL queries. Before using any user input you should always validate it, (for example making sure the email address is valid) and sanitize it, (making data safe to use). You can use mysql_real_escape_string to sanitize user input to be used in queries. This is not bullet proof but it will help to protect you from SQL Injection attacks. So change $sql="insert into oc_users (uid,displayname,password)values('$_GET[regname]','$_GET[regemail]','$pass')"; $result=mysql_query($sql,$conn) or die(mysql_error()); to $regname = mysql_real_escape_string($_POST[regname]); $regemail = mysql_real_escape_string($_POST[regemail]); $sql="insert into oc_users (uid,displayname,password)values('$regname','$regemail','$pass')"; $result=mysql_query($sql,$conn) or die(mysql_error()); Also note that the mysql_* function library is now deprecated and could be removed in future versions of PHP. I would recommend you to use the new mysql improved function library (mysqli extension) instead.

That warning is coming from your text editor not PHP. Your editor doesn't realise you have already defined it in connect-To-db.php. You can safely ignore the warning.

It should serve a different url for each day. To simulate the day changing and what url be served on that day you can this code <?php $time = time(); if(isset($_GET['time'])) $time = $_GET['time']; if(isset($_GET['next'])) $time = strtotime('+1 day', $time); if(isset($_GET['prev'])) $time = strtotime('-1 day', $time); $brokers = array ( 'www.broker1.co.uk', 'www.broker2.com', 'www.google.co.uk', 'www.phpfreaks.co.uk' ); $numbrokers = count($brokers); $dayofyear = date('z', $time); $todaysURL = 'http://'.$brokers[$dayofyear%$numbrokers]; $dateFormat = date('jS M y', $time); echo ' On <b>'.$dateFormat.'<b> url will be: <b>'.$todaysURL.'</b> <p> <a href="?prev&time='.$time.'">Previous Day</a> | <a href="?next&time='.$time.'">Next Day</a> </p>';?> As you click the links you see the url changing.

Get rid of $stmt->fetch(); before $stmt->store_result(); Also is this code being ran in a function? If it is then don't use global $mysqli; to get the mysqli object. You should pass that object to your function as an argument function myFunc($mysqli) { // mysqli object passed as argument $mysqli->query( ... ); ... etc ... } $mtsqli = new mysqi( ... ); // create mysqli object myFunc($mysqli); // pass mysqli object to function

What you should be doing is processing any input, before sending any output. you are outputting your sites page html layout etc in uploadpage.php. Then on line 227 you are including uploader.inc and setting a header on line 63 of that file. The code in uploader.inc should be ran before you start outputting anything. Output buffering is not really a solution. Also rename your uploader.inc file to uploader.inc.php. If that file is in a publicly accessible folder someone could go to yoursite.com/uploader.inc and see the raw PHP source code of that file! Always end any file that contains PHP code with .php then the raw PHP source code wont be shown. The reason your development server doesn't flag up the error is because you have output buffering enabled in the php.ini

Add $stmt->store_result(); before if ($stmt->num_rows > 0) Also change echo "Search worked"; echo "<p><b>$Accname</b>: Credit: $cred, Debit: $debit, Category: $cat</p>"; to $stmt->bind_result($cred, $deb, $cat, $Accname); // bind fields to variales while($stmt->fetch()) // loop over the results, binding fields to variables above { echo "<p><b>$Accname</b>: Credit: $cred, Debit: $deb, Category: $cat</p>"; }

My join query most probably has an error in it add echo $mysqli->error; after the $mysqli->prepare();

What are you trying to do remove it or fix it? maybe the docs for recapture may help you https://developers.google.com/recaptcha/docs/php?csw=1

I think mac_gver meant to use a join query like this SELECT t.Credit, t.Debit, t.Catagory, # get the Credit, Debit and Category from transactions table a.Accname # get the Accname from the Accounts table FROM transactions t LEFT JOIN Account a WHERE a.Accname = t.Accname # Join Account table where the Accname in Accounts table matches the Accname in transactions table WHERE a.accID = ? # Only select the Account that matches the accID from $_GET['id'] Your code would then be $id = $_GET['id']; $stmt = $mysqli->prepare('SELECT t.Credit, t.Debit, t.Catagory, a.Accname FROM transactions AS t LEFT JOIN Account AS a ON a.Accname = t.Accname WHERE a.accID = ?'); $stmt->bind_param("i", $id); if($stmt->execute()) { $stmt->bind_result($cred, $deb, $cat, $Accname); $stmt->fetch(); if ($stmt->num_rows > 0) { echo "Search worked"; echo "<p><b>$Accname</b>: Credit: $cred, Debit: $debit, Category: $cat</p>"; } else { echo "Search didnt work"; } } else { echo "QUERY ERROR: ".$mysqli->error; }