Ch0cu3r

Oh yeah the regex should of been /^([\d\.()\:\- ]+)(ext(ension)?:\s+\d+)?$/i Yes. you can test it out here http://www.regexr.com/38p1e

That should output the value stored in $Message. Where is that line in your code? Also when coding make sure you have error reporting enabled. Such as make sure you have these settings are in your php.ini display_errors = On error_reporting = E_ALL

Umm, downloaded that script and had a bit of play with it. Try adding this regex to the Validation regex field for the phone number field ^([\d\.()\:\- ]+)(ext(ension)?:\s+\d+)?$ Then in the "Regex fail message" field type in your error message for when the phone number is not valid. If the user enters are non validating phone number the form should not submit and the error message should appear

Give each image the name of the state. eg Alabama.png, Ohio.png etc. You'd set up your dropdown menu like State: <select name="state"> <option>Alabama</option> <option>Alaska</option> <option>Arizona</option> ... <option>Wyoming</option> </option> You'd then link to the image using something like this if(isset($_POST['state'])) { // load the state images stored in site.com/images/states into an array $state_images = glob('images/states/*.png'); // get the associated image if(in_array($_POST['state'] . '.png', $state_images)) { $state_image_path = '/images/states/'.$_POST['state'].'.png'; } // display the associated image echo 'State Selected: ' . $_POST['state'] . '<br />State Image: <img src="'.$state_image_path.'" />'; }

You are overwriting the original value of $tags twice in the foreach loop. You'll need to use a different variable name. <?php $id = $_POST['id']; $tags = $_POST['tags']; foreach( $id as $n ) { $tag_list = $tags[$n]; echo '<br><br>'.$tag_list .'---'.$n.'<br>'; $tag_list_array = explode(", ", $tags_list); $num=count($tags); echo "$num<br>"; foreach( $tag_list_array as $tag ) { print "ID: ".$n." --- tag: ".$tag." <br>\n"; } } ?>

You have a left of the semi-colon at the end of the second line $cities = array("New York", "London", "Sydney", "Paris", "Brisbane"); // <-- missing semi-colon

No need for that, mysqi->escape_string will escape the quote anyway.

You sure you're using the correct database table in your queries? In index.php for processing the login you're using the Members table but in register.php you're using the Users table in your queries?

Oh, I didnt see you were including register.php in index.php as part of a modal. What I recommend you to do then is to move the registration form out of register.php <form action="register.php" method="post"> <div class="input-group"> <span class="input-group-addon" style="min-width: 106px;"><i class="fa fa-user"></i> Username</span> <input type="text" class="form-control" name="user" placeholder="Username"> </div> <br> <div class="input-group"> <span class="input-group-addon" style="min-width: 106px; text-align:left;"><i class="fa fa-envelope"></i> Email</span> <input type="text" class="form-control" placeholder="name@example.com"> </div> <br> <div class="input-group"> <span class="input-group-addon" style="min-width: 106px;"><i class="fa fa-link"></i> Password</span> <input type="password" class="form-control" name="pass" placeholder="Password"> </div> <br> <button type="button" class="btn btn-info" data-dismiss="modal">Close</button> <input type="submit" class="btn btn-success" value="Register" /> </form> And put it into its own file, call this file register_form.php. Now in index.php on line 188 you'd include register_form.php instead of register.php <?php include"register_form.php"; ?> And then in place of the form in register.php you'd now include register_form.php

No, $db is not defined. This line $stmt = $db->prepare($query); Is trying to use a method called prepare from an the $db object. The variable $db is in fact defined in config.php. So after line 1 in register.php you'd include that file include 'config.php';

Your cryptPass() function generates a random salt each time it is called. This is fine for hashing the users password upon registering. But it is not fine however for when you go to authorise the user. Because the function wont generate the same password hash as it did when the user first registered due to the random salt being generated. In order for the same hash to be generated you need to instead crypt the password with the original salt that function used for hashing the password. This salt should be stored in your database along with the hashed password. However this now makes the password weaker, because in a worst case scenario if an attacker did get access to your database they not only have the hashed password but they now have the salt too. So they can now do a brute-force attack with the salt. This is why using your own password hashing method can be dangerous. Instead I recommend you to use PHP's new password hashing functions for handing users passwords. If you do not have PHP5.5 then use ircmaxwell's password compatibility library instead.

In register.php n line 104 the forms action should be set to register.php <form action="register.php" method="post">

mysqli->escape_string() wont convert the quotes to ' . Something else before hand is mostly likely converting your quotes to its html entity. Maybe try decoding the entities before escaping the title, eg $escapedTitle = $db_connection->escape_string(html_entity_decode($title, ENT_QUOTES));

Okay looking further at your code it does appear to be index.php is reprehensible for processing the login. So first delete the duplicated login code on lines 132 to to 161 in index.php. <?php if(isset($_POST["submit"])) { $user=$_POST['user']; $pass=$_POST['pass']; $con=mysql_connect('localhost','root','') or die(mysql_error()); mysql_select_db('User_Management') or die("cannot select DB"); $query=mysql_query("SELECT * FROM login WHERE username='".$user."' AND password='".$pass."'"); $numrows=mysql_num_rows($query); if($numrows!=0) { while($row=mysql_fetch_assoc($query)) { $dbusername=$row['username']; $dbpassword=$row['password']; } if($user == $dbusername && $pass == $dbpassword) { session_start(); $_SESSION['sess_user']=$user; /* Redirect browser */ header("Location: member.php"); } else { echo "Please fill in the fields!"; } } else { echo "Invalid username or password!"; } } ?> Now delete the else on line 44 else{ print('<div class="alert alert-danger">Login failed!</div>'); $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); } And then change line 140 to <?php if(isset($login_ok) && $login_ok == false): ?> <div class="alert alert-danger">Login failed!</div> <?php endif; ?> <h1>Hello, world!</h1> Does the error message now display in the correct location?

Okay.. Which file is processing the login? index.php appears to be processing the login in two different places (on lines 4 - 36 and lines 121 - 148). Why? There is also a file called member.php which also processes the login. You should only have one instance for processing the login.

because you have hard coded the last users name here function setUser() { document.getElementById("user_label").innerHTML='<?php print $user ?>'; } $user will always be the very last user defined in white loop. Instead what you need to do is pass the users name to the setUser javascript function for the onmouseover event. Eg $thumb = '<img src="' . $row["thumbnail"] . '" class="thumb" onmouseover="setUser(\''.htmlspecialchars($user).'\')" onmouseout="removeUser()" </img>'; Now change the setUser javascript function to function setUser(name) { document.getElementById("user_label").innerHTML = name; } When hovering over the users thumbnail, it should display the associated username.

If you want the login error message to appear in the large grey area, then you need to output the Login Failed error message inside the HTML for for the Jumbotron element.

PHP code never reaches the browser. So the console wont be able to tell you the value of $sqlCommand. Instead you echo $sqlCommand in your code. $sqlCommand = "SELECT city_id AS id, city_name AS title FROM city WHERE city_name LIKE '%$searchquery%'"; echo $sqlCommand; // output the SQL query

in connect.php you're using mysqli to connect to mysql. But in search.php you're using the old mysql_* functions. These function libraries are not compatible with each other. You need covert the code in search.php to use mysqli_query, mysqli_num_rows and mysqli_fetch_assoc

It is defiantly a file path issue. So the code you posted is from index.php? which is located at the root of your site? and you're wanting to access files located in the resources directory but PHP is unable to?

The problem is most likely to do with the forward slash ( / ) at the start of the file paths. Having the forward slash at the start of file paths does not mean the root of your websites document root, but the root of the servers storage device. This is normal strickly off limits to you, unless you own the server. Try replacing the / with $_SERVER['DOCUMENT_ROOT'] instead eg define('SITE_ROOT', $_SERVER['DOCUMENT_ROOT']); $pagetitle = "Front Page!!"; $navbar = SITE_ROOT . "/resources/navbar.php"; $page = "main.php"; $footer = SITE_ROOT . "/resources/footer.php"; // Load complete layout include SITE_ROOT . '/resources/layout.php/'; Because we now prepend the file paths with the document root path, PHP will now try to load the files from there.

No, idea. Usually a blank page means php has encountered an unrecoverable error. Either check your servers error log or add the following two lines at the top of your script to force php to display errors ini_set('display_errors', 1); error_reporting(E_ALL); Post the error messages in in full and the corresponding code.

So phpMyAdmin is also not showing the correct results? to me that sounds like some email address stored in the email_address field may also contain some extra characters, such as white space (spaces, newlines etc), before and/or after the users email address which is causing the WHERE clause to fail.

As long as those two lines are the top of the script and is within php tags, it should display the errors. Alternatively you could look at your servers error log instead.

Thats the problem. Why are your dates in this format? You're making it harder for yourself with them being this way. Because they are not in a standard format which php's built in date functions will be able to understand. If you they were in a standard format like YYYY-MM-DD HH:MM:SS then you can just pass the date to a built in date function such as, dateTime and reformat the date into the 12 hour clock format. In order for you to do this you're now going to have to come up with a way to parse your dates so they are presented in a standard format which PHP can then understand.