Psycho

One word (or acronym to be precise): AJAX Go find a tutorial and learn how to use it. StickyMinds.com actually had a tutorial using a chat system, but I think it is only available to subscribers,

As thorpe stated, you would do that at registration. The whole point of having authentication is to prevent unauthorized access. That implies that there would be users that want to access the data who should not. So, you should not give them any information that would help infiltrate the system. With the previous logic I could find out: 1) valid length of a username, 2) valid length of a password. Plus, I could find a valid username through trial and error. By just telling the user that you were unable to authenticate their credentials you give them no information about what may have been incorrect.

I would do something like this print '<br/>[' . $var . ']<br/>';

Well, I just state that there is a lot of unnecessary validation logic in that code. Since you are trying to validate against a record that supposedly exists in the database, there is no reason to check if the username and/or password are greater than a specific length. You only need to check if there is a match in the database. Plus, your query is getting the record where the username matches and THEN seeing if the password matches the record that is retrieved. A more efficient method is to simply do a query for a record where the username AND the password match. Giving different errors based upon whether the username doesn't match or if the password doesn't match. Doing so gives a malicious user information needed to crack into your system

Be sure to define the array before the loop instead of defning it within the loop. No need to define it 40 times.

Are you sure there are no leading or trailing spaces or other "white-space" characters?

How do you know it isn't working? Echo the two values to the page and I bet they are not the same.

Here's a simple function that will truncate a string if it is over the specified number of characters (and add ellipses, or whatever characters you wish): function truncateString($string, $length, $ellipse='...') { if (strlen($string) <= $length) { return $string; } return array_shift(explode("\n", wordwrap($string, $length))) . $ellipse; } $text = "This is a long string with many, many words and it should be truncated"; echo truncateString($text, 45); //Output: "This is a long string with many, many words..."

I hear you and agree that for a site such as facebook, it probably makes sense. Because the typical formats are mm-dd-yyyy and dd-mm-yyyy, if a site such as facebook tried to use one of those formats there would be a lot of people entering the wrong date format by accident. The format yyyy-mm-dd, will prevent users from entering the date in their "natural" format by accident. However, I would guess the majority of websites are not used internationally and it would make sense to have the user enter the date according to the "normal" format. Plus, the user of a datepicker will help reduce errors as well.

OK, so you are saying you can echo the values inside the loop, but when you create the table there is nothing there. Either: 1. There is an error in the code where the values are lost (I don't see anything in the code I provided, perhaps there was something when you implemented it?) OR 2. The content is there, but there is a problem with the HTML that is causing invalid HTML causing a display problem and/or there are CSS/Style issus making the content "invisible". have you checked the HTML source code of the rendered page to see if the content is there?

If the table headers are displayed with no data, then the query is running but not returning any results. Have you checked that ther eis data in the table? Try the following which will let you know if there are no results <?php mysql_connect("localhost", "$db_user","$db_upwd") or die ("Error - Could not connect: " . mysql_error()); mysql_select_db("$database"); $query = "SELECT `host`, COUNT(`host`) as `total_hosted`, SUM(`reported`) as reported FROM `badc_mis_prog` GROUP BY `host` ORDER BY `host`"; $result = mysql_query($query) or die ("Error - Query: $query" . mysql_error()); //Create table output from results $tableData = ''; if(mysql_num_rows($results)==0) { $tableData = "<tr><td colspan=\"4\">No results returned.</td></tr>\n"; } else { while($row = mysql_fetch_assoc($result)) { $name = htmlspecialchars($row['host']); $ratio = round($row['reported']/$row['total_hosted']*100); $tableData .= " <tr>\n"; $tableData .= " <td>{$name}</td>\n"; $tableData .= " <td>{$row['total_hosted']}</td>\n"; $tableData .= " <td>{$row['reported']}</td>\n"; $tableData .= " <td>{$ratio}%</td>\n"; $tableData .= " </tr>\n"; } } ?> <html> <head> <style> td { padding-right: 5px; padding-left: 5px; } </style> </head> <body> <br /><br /><br /> <table border="1" style="align:center;"> <tr> <th>Host Name</th> <th>Hosted</th> <th>Reported</th> <th>Ratio H/R</th> </tr> <?php echo $tableData; ?> </table> </body> </html>

OK, now we are getting somewhere. Based uponn what I understand this looks like a simple solution - no JOIN needed. You want to see a row for each host with the total number of records, number of records where reported is 0, number of records where reported is 1 and then percentages based upon that. Here's some modified code that is much simpler. By the way you should rely upon CSS/Styles for adjusting presentation as opposed to non-breaking spaces. <?php mysql_connect("localhost", "$db_user","$db_upwd") or die ("Error - Could not connect: " . mysql_error()); mysql_select_db("$database"); $query = "SELECT `host`, COUNT(`host`) as `total_hosted`, SUM(`reported`) as reported FROM `badc_mis_prog` GROUP BY `host` ORDER BY `host`"; $result = mysql_query($query) or die ("Error - Query: $query" . mysql_error()); //Create table output from results $tableDate = ''; while($row = mysql_fetch_assoc($result)) { $name = htmlspecialchars($row['host']); $ratio = round($row['reported']/$row['total_hosted']*100); $tableDate .= " <tr>\n"; $tableDate .= " <td>{$name}</td>\n"; $tableDate .= " <td>{$row['total_hosted']}</td>\n"; $tableDate .= " <td>{$row['reported']}</td>\n"; $tableDate .= " <td>{$ratio}%</td>\n"; $tableDate .= " </tr>\n"; } ?> <html> <head> <style> td { padding-right: 5px; padding-left: 5px; } </style> </head> <body> <br /><br /><br /> <table border="1" style="align:center;"> <tr> <th>Host Name</th> <th>Hosted</th> <th>Reported</th> <th>Ratio H/R</th> </tr> <?php echo $tableData; ?> </table> </body> </html>

Yeah, start over. That code appears to be overly complex for what you are trying to achieve. I've read through it a few times and it hurts my head. I think you can probably get all the data you need with a single query using a JOIN of the table upon itself. You have a table of records and you are using the host name and the count of host names along with whether some of the records have a 'reported' value of 1. After that it all becomes fuzzy due to the over complication. Can you explain what you are trying to accomplish in plain English?

Why can't you just have them input it in the format you need-- --what's going on that it HAS to be input in that format? Then you don't have to mess with all the extraneous stuff...just a thought Because people talk in a different language than users. It is the job of the programmer to bridge the gap in making a systematic, tightly structured schema into a user friendly interface. For example, if I store a users permissions in a bitwise value I wouldn't give the user a single field to enter '001101' for the permissions. I would give them a selection of six checkboxes and create the binary value on the back end. In most regions people use dates in the format mm-dd-yyyy or dd-mm-yyyy, whereas computers use yyyy-mm-dd

OK, the problem is this line here: $DOB = $explode[2]."-".$explode[1]."-".$explode[0]; You never "exploded" the value. However, there are other "problems" as well: First off you should always trim() the user input unless there is a specific reason not to. Second, for each validation you have a "$success = 0;" if it fails. That is unnecessar as you could check if $message has a value or not. But, that raises another issue in that on the first error validation does not continue. So, if there are three errors the user only gets a message about the first error. Then upon resubmission would get a message about the second error. It's more user friendly to do all validations. Also, you should do a trim of the values before you do the validations. Then, only after the validations have passed would you use mysql_real_escape_string(). Because mysql_real_escape_string() could modify the values in such a way that validation might pass or fail when it shouldn't. And, you would not use mysql_real_escape_string() on a password if you are going to hash it. The act of hashing it will make it db safe. Is creation_date supposed to be the current date? If so, you could just use NOW() in the db query instead of having an extra field to work with. If validation fails you should display the form with a message for the errors and the form shoudl be repopulated with the user's values. Can't tell if you are doing that or not. I could go on, but I've invested enough time on this post. Here is some modified code if(isset($_POST['submit'])) { //Process data for validation $first_name = trim($_POST['first_name']); $last_name = trim($_POST['last_name']); $DOB = trim($_POST['DOB']); $sex = trim($_POST['sex']); $email = trim($_POST['email']); $username = trim($_POST['username']); $password = trim($_POST['password']); $agree = trim($_POST['agreed']); $creation_date = trim($_POST['creation_date']); $user_type = trim($_POST['member_type']); $access_level = trim($_POST['access_level']); $validation = trim($_POST['validation_id']); $club_user = trim($_POST['user_type']); //Perform validations $errors = array(); if(empty($first_name)) { $errors[] = "Please enter a first name"; } if(empty($last_name)) { $errors[] = "Please enter a surname"; } if(empty($DOB)) { $errors[] = "Please enter your date of birth."; } else if(!(preg_match("/^([0-9]{2})\/([0-9]{2})\/([0-9]{4})$/", $DOB))) { $errors[] = "Please enter your birthday in the format dd/mm/yyyy"; } if(empty($email)) { $errors[] = "Please enter a correct email."; } if(empty($username)) { $errors[] = "Please enter a username."; } if(strlen($password)<6) { $errors[] = "Please enter a password greater than 6 characters long."; } //Check if there were errors if(count($erros)===0) { //Prepare data for db insertion $first_name = mysql_real_escape_string($first_name); $last_name = mysql_real_escape_string($last_name); $DOB = mysql_real_escape_string($DOB); $sex = mysql_real_escape_string($sex); $email = mysql_real_escape_string($email); $username = mysql_real_escape_string($username); $password = md5($password); $agree = mysql_real_escape_string($agree); $creation_date = mysql_real_escape_string($creation_date); $user_type = mysql_real_escape_string($user_type); $access_level = mysql_real_escape_string($access_level); $validation = mysql_real_escape_string($validation); $club_user = mysql_real_escape_string($club_user); $date_parts = explode('-', $DOB); $DOB = "{$date_parts[2]}-{$date_parts[1]}-{$date_parts[0]}"; $query = "INSERT INTO Members (`first_name`, `last_name`, `DOB`, `sex`, `email`, `username`, `password`, `agree`, `creation_date`, `usertype`, `access_level`, `validationID`) VALUES ('{$first_name}', '{$last_name}', '{$DOB}', '{$sex}', '{$email}', '{$username}', '{$password_md5}', '{$agree}', '{$creation_date}', '{$user_type}', '{$access_level}', '{$validation}')"; $result= mysql_query($query) or die(mysql_error()); $url = "thankyou.php?name={$username}"; header("Location: {$url}"); exit(); } else { //Validation failed. Create COMPLETE error message using the array $errors } } //Validation failed or the form was not submitted, display form

PHP is server-side so it returns the timestamp based upon the server. To get the user's time you can use JavaScript - perhaps set a cookie that can be read by PHP or something like that.

Well, it would be helpful if you provided the error! I typically enclose variable in curly braces when using then inside a double quoted string. //Does this file already exist? if (file_exists($upfile_flv)) { echo "<h1>{$exists}</h1>\n"; echo "<input type=\"hidden\" name=\"flv\" value=\"{$_FILES['flv']}\" />\n"; echo "<input type=\"hidden\" name=\"avi\" value=\"{$_FILES['avi']}\" />\n"; echo "<input type=\"hidden\" name=\"course\" value=\"{$course}\" />\n"; echo "<input type=\"hidden\" name=\"finit\" value=\"{$finit}\" />\n"; echo "<input type=\"hidden\" name=\"lname\" value=\"{$lname}\" />\n"; echo "<input type=\"hidden\" name=\"date\" value=\"{$date}\" />\n"; echo "<input type=\"hidden\" name=\"title\" value=\"{$title}\" />\n"; echo "<input type=\"hidden\" name=\"description\" value=\"{$description}\" />\n"; echo "<input type=\"button\" name=\"overwrite\" value=\"Overwrite\"}\" />\n"; echo "<input type=\"button\" name=\"cancel\" value=\"Cancel\" />\n"; }

Here is a working example <?php function getMaskedAnswer($answer) { return strtotime("2010-1-1 +{$answer} days"); } $response = ''; //Check the user input if(isset($_POST['user_answer'])) { $u_answer = trim($_POST['user_answer']); if(getMaskedAnswer($u_answer)==$_POST['answer']) { $response = "Correct!"; } else { $response = "Sorry that was the wrong answer."; } } //Generate new question and answer $num1 = rand(1, 10); $num2 = rand(1, 10); $answer = getMaskedAnswer($num1+$num2); $question = "What is {$num1} plus {$num2}"; ?> <html> <head></head> <body> <?php echo $response; ?> <form action="" method="POST"> Please answer the following question for validation:<br /><br /> <b>Question:</b><br /> <?php echo $question; ?><br /><br /> <b>Answer:</b> <input type="text" name="user_answer" /> <input type="hidden" name="answer" value="<?php echo $answer; ?>" /> <button type="submit">Go</button> <br /> </form> </body> </html>

Well, your problem is pretty simple. You are NOT using session variables. Towards the end of the page you have this $_SESSION['UserData']['Math'][0] = rand(1,5); $_SESSION['UserData']['Math'][1] = rand(1,5); But, you never started a session, so all you did was create two local variables. When the page reloads those previously set values do not exist. When the verification is done (before those two lines) you are validating against a null value. I bet the validation will pass if you always enter 0. Personally, I see no reason to use session variables. Just store the "answer" in a hidden field but mask it in some way so a user or bot would be unable to determine the answer. I'll provide a solution in a few minutes.

I would suggest a PHP only solution. This *may* work, I've explain why it may not and an alternative solution below. 1. User submits form 2. PHP processing page determines that the file is a duplicate 3. The processing page recreates the form as hidden fields giving the user options to "Overwrite" (submits again w/ confirmation) or "Cancel" (goes back to the orginal form for user to make a different submission) However, I see one big potential problem (which would be the case for a JS solution as well). I doubt if repopulating a file input field (especially with it hidden) will work. That would seem like a huge security problem. So, another alternative is if the file is a duplicate then the processing page can save the data to a temp table and the file to a temporary location. Then give the user the option to overwrite or not. If the user chooses to overwrite then move the data and file from the temp locations to the normal ones. If the user cancels, then delete the data. That way the data is already saved and there are no security issues.

I didn't word that correctly. You would create a template ROW using the $columns variable, then have a loop using the $rows variable.

MrAdam is correct. If the computer that is displaying the page in a browser is having problems then it is not a PHP problem. But, if it is the PC where you are running the server (e.g. XAMPP) then it would be the PHP code. I do see inefficinecy in that code though. For example, there is no need to redefine those same 8 variables 40,000 times! (you also had the row and column loops reversed) I rewrote the code and it takes the page 2-3 seconds on my PC, running as both the server and client, to load the page. <html> <head> <style> ul { width:1000px; height:5px; border:0px; margin:0px; padding:0px; } </style> </head> <body> <?php $columns = 200; $rows = 200; $colors = array('#ffcc00', '#ffff99', '#cfeef6', '#b2ebc5', '#ffffff', '#d7ebff', '#dfceb9', '#b3ccc5'); for ($row=1; $row<=$rows; $row++) { echo "<ul>\n"; for ($col=1; $col<=$columns; $col++) { $bgcolour = $colors[array_rand($colors)]; echo "<li style=\"background-color:$bgcolour; width:5px; height:5px; float:left; display:inline;\"></li>\n" ; } echo "</ul>\n"; } ?> </body> </html> EDIT: You could also experiment with some alternative solutions. For example, you could create a single "template" column as a variable. Then run a loop to create each row by generating the random numbers and using printf(). WOuld be interesting to see the time differences.

Let me get out my crystal ball Hmm, the spirits are not being helpful. Why don't you tell us what the code above is supposed to do and what it is doing differently?

I do not believe JS has "access" to POSTed values on the receiving page. So, I see two options: 1. Have the values from the form sent via GET and JS can read the values from the query string. I believe I have a function that will do that. But, obviously, this isn't the most aesthetically pleasing option since the query string will be long and ugly. 2. If you still want to have the form data submitted via POST then the server-side code will need to populate the form values in a way that JS can work with them. You could store the values as JS variables or recreate the original form with the values populated. You could even make all the fields hidden so the form is invisible to the user. Then use JS to resubmit. However, I really can't think of any situation where this would make sense as there would be better solutions using server-side code. For example, on the receiving page if you are initially saving the data to a database you could write the unique ID for that record to the page and use that in the URL. When passed the processing page can reference back to the original POST data. That's just one example. If you provide more information of what you are really trying to achieve a better solution might be found.

Simple. If the GET value is not set, you are hard-coding it to "1" if (!$getid) $getid = "1"; So, I wouold say the GET value is not ever set and the page is always defaulting to 1. And, doing that, is bad from a security point of view. If you don't know who the user is, you should never assume who they are. When you access that page do you see 'id=n' as paramters in the URL? If not, you need to look at the URL the user is selecting to access this page and ensure it is included.