btherl

What I can see from what you've posted is Table teachers links to teacher_appointments on nic column school_locations links to divisions on division_id column But how does school_locations link to teachers and teacher_appointments?

Thanks, that's the right format this time. Carlito, can you please do the following: 1. Indent your code like this: if(mysql_num_rows($check_receiveraccct) != 0) { while ($row = mysql_fetch_array($check_receiveraccct)) { $amounttransact = $row['amounttransact']; $anumber = $row['anumber']; } Every time there is a "{", move the code to the right. And back to the left when you reach the "}". That will help me understand your code. 2. Can you tell me what message you see? And does any balance change? Does it say "Your transfer has been successful.", but both source and destination balance have not changed?

Can you post a dump of the request you are currently making?

The short answer is "No they can't, if your site is setup correctly". The long answer is there are many ways you could accidentally give access to your source code. But as a general rule, if you type the script name into the browser and the script gets executed instead of displayed, it's not likely that the source code can be accessed. You should pay particular attention to any code which allows users to download or view files stored on the server, and make sure that code can not allow access to your scripts, even if filenames like "../../index.php" are given. Another good general rule is to store your login credentials in a seperate directory not under the webroot, and use include() to access them from php. This further reduces the likelihood of the credentials being exposed.

1. What happens if your script dies after adding money to the target account, but before taking money from the source account? 2. When developing code you should check for errors like this: $check_senderaccct = mysql_query("SELECT * FROM members WHERE username = '".$_SESSION['username']."'") or die("Error in query: " . mysql_error()); Even better if you can echo the query as well as the error message. 3. What happens if two members transfer money to the same account at the same time? The final balance could be incorrect. To avoid problems here you should update balance like this: $result = mysql_query(""UPDATE members SET intacctbal = intacctbal - $amounttransact WHERE username = '".$_SESSION['username']."'") or die("Error in query: " . mysql_error()); 4. Some of your queries are not inside mysql_query() - this is why they are not being executed.

Try printing out the variables before you check them in an "if" condition. Eg print out the value of $failedLogins before you check if it's equal to 5.

It can't hurt to try.

Ok, so the value is 1 higher than it needs to be. You can fix that by subtracting 1 from it.

Ok. If you have 0 for failed logins the first time your code runs, then you set $chancesLeft = 5 - $failedLogins, what value is in $chancesLeft? You can echo it out like this: echo "chancesLeft: $chancesLeft <br>";

How many failed logins are there the first time your code runs? On someone who has never had a failed login before?

foreach ($xmldata as $xmldata["module"] => $key) { You shouldn't be using $xmldata["module"] here - it should be a fresh variable, such as $module. I don't know if that's the cause of the problem but fixing that would be a good start. If you don't use the key at all (I'm talking about the array key named $xmldata["module"], not the $key variable) then you can just leave it out and do: foreach ($xmldata as $key) {

Check what value is read from the database the first time this code runs, and then check how you set $chancesLeft from that value.

It should be moved into the "else" branch. ie: } else { $query = "UPDATE manager_users_logins_hacking SET failedLogins = failedLogins + 1 WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); // Invalid username and password error $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' chances left to login succesfully or the account will be locked!'); } I have also changed it to use the database column itself when updating, rather than the value read from the database. That is a little safer in case there are multiple failed login attempts at the same time, which may happen during a scripted hacking attack.

Ok, the problem is the order in which you are doing things. First you read the failed logins in: Database: 5 failed logins $failedLogins: 5 (read from database) Then you update the database Database: 6 failed logins $failedLogins: 5 Then you check if there have been 5 failed logins if ($failedLogins == 5) ... So you need to do one of the following: a) Don't update failed logins in the database once it has reached 5, or b) Updated $failedLogins variable as well as updating the database.

Ok. Do you understand why it stops at 6?

In that code you are reading the failed logins value (5), incrementing it (6), then checking to see if it's equal to 5. Because of the order of operations, failed logins will show as 6 in the database when the account is finally locked. Is that what you are seeing, or does it actually allow more login attempts afterwards?

Sorry about that - using MAX() changes the column name. Using this sql will make it fetchable as userID again: <?php // Find the highest existing userID $query2 = "SELECT MAX(userID) AS userID FROM manager_users"; $result2 = mysqli_query($dbc,$query2); echo $query2; // Fetch returned data from result set $row2 = mysqli_fetch_array($result2); // Assign query array values to variables $highestUserID = $row2['userID']; echo $highestUserID;

See this code: // Increase userId by 1 to get new userID $userID = $userID + 1; It takes $userID, and sets it to $userID + 1. The old value has to come from somewhere. So you should change it to this: // Increase userId by 1 to get new userID $userID = $highestUserID + 1;

Did you use $highestUserID or $userID when calculating the new user id?

Ok, you probably want to do this then: // Find the highest existing userID $query2 = "SELECT MAX(userID) FROM manager_users"; $result2 = mysqli_query($dbc,$query2); // Fetch returned data from result set $row2 = mysqli_fetch_array($result2); // Assign query array values to variables $highestUserID = $row2['userID']; If you have an index on the userID column, this query will be fast even if there are thousands of users. If you have tens or a few hundred users then it doesn't matter much if you have an index or not.

Which column is your auto increment column, is it "id"? If so, the userID column is being fetched before it is set. Do you want to set the new userID to be the largest old userID + 1?

Ok, the simplest way is probably like this: $csv = file_get_contents("http://www.domain.com/file.csv"); file_put_contents("file.csv", $csv);

What do you mean by "the second rows id"? Which part of the code are you talking about?

Is this CSV file available via an HTTP request?

I think you'll need to use the debugging features of rewrite rules, as mentioned here: http://blog.logeek.fr/2007/12/31/how-to-debug-rewrite-rules-with-apache Basically it'll create a log telling you how it interpreted your rewrite rules. By looking at that log you can get an idea of what needs changing.