Psycho

You need to learn simple debugging techniques. Add some debugging code to figure out what is going on. Pick one point in the process to see if what is happening is what you expect and that values are what you expect. If yes, the problem if further down in the process. If no, then the problem exists at that point or before. The first step is to ensure the function showUser() is getting called AND that you are passing the right value. So, add an alert as the first line of code in the function such as alert(str); If the alert does not display then you know the function isn't running. If it does alert, but not the right value, then you know the value isn't getting passed as you think it is. If all performs as expected, then try the next significant step in the process.

What do you mean by "Select" the user? You just stated you are echoing out the list of users and you want a button next to each. There is no "selection". Just make each button an individual form which includes a hidden field with the id of the user. while($row = $sth->fetch(PDO::FETCH_ASSOC)) { echo "Username: {$row['username']} "; echo "<form action='ban.php' method='post'>"; echo " <hidden name='id' value='{$row['user_id']}'>\n"; echo " <button type='submit'>Ban user</button>"; echo "</form><br><br>"; }

I have no idea what that URL you posted is supposed to be. It doesn't say anything about what the username and password are. Can you not be bothered with doing a var_dump() on the values used in the query and the values in the database? How do you "see" the values in the database? I assume you are using PHPMyADmin or some other database utility and are looking at the values displayed on the screen. What if a value had an extraneous space, or other non-printable character, at the beginning or end? Do you think you would "see" it? You are asking for help from people that do not have access to your code and database. You need to be sure to give us every opportunity to help you by providing as much relevant information as possible.

There is nothing in that code that even uses the salt. You need to include the salt when generating the hash. Plus, the hashing algorithm is flawed. It first generates an MD5 hash and then does a SHA hash. Lastly, the login code never even uses the password. It appears to only be looking for a match on the username/email.

I tested the function before I posted it, so it does work.

This seems to work for your scenario function filterMyDataset($mydataset) { //Create temp array to remove non-unique values and sort $tempArray = array(); foreach($mydataset as $subArray) { sort($subArray); $tempArray[] = implode(',', $subArray); } sort($tempArray); //Convert back to sub arrays for output $outputArray = array_unique($tempArray); foreach($outputArray as &$subArray) { $subArray = explode(',', $subArray); } return $outputArray; }

Per the manual: In your function, I don't understand why you have a parameter for $array, but on the very first line you then define $array as an empty array - thereby overwriting any data that may have been passed in the function. I'm sure there are better solutions, but one approach would be to implode the data, sort it, then explode it back out.

There are several problems with that code. Line 22: There is an else statement that is NOT associated with any if() statement. The two previous if() statements were closed right after they were started. So, that else statement is out of context. Line 24: There is a closing bracket for the else condition, directly followed by raw HTML code. Line 29: There is a closing PHP tag, but the code that it follows is HTML <div class="container"> <div class="header" align="center"> <nav> <ul> <li><a href="#">Home</a></li> <li><a href="#">Databases</a> <ul> <?php $mysqli = new mysqli('localhost','*****','*****','*****'); if ($mysqli->connect_error) { die("Connection failed: " . $mysqli->connect_error); } $sql = 'show tables from osiris1q_mtg'; $result = $mysqli->query($sql); if(!$result = $mysqli->query($sql)){ die('There was an error running the query [' . $mysqli->error . ']'); } // output data of each row while($row = $result->fetch_assoc()){ echo "<li><a href='#'></a>"$row"</li>"; } } else { echo "<li><a href='#'></a>0 results</li>"; } </ul> </li> </ul> </nav> </div> <!-- end .header --> ?>

Do this: Execute the query without the "AND password=". Then get the record returned and do a var_dump() on the password from the DB results and do a var_dump() on the value of $password in your script. Post the results of both in this thread.

How are we to do that when you haven't provided any code as to what you are doing now? Are you getting the data from a database, getting it from an external source, generating it yourself? All of these scenarios would require a different type of solution.

From the manual http://php.net/manual/en/language.basic-syntax.phptags.php

Issam, As was already stated multiple times, session has nothing to do with IP address. When you initiate a session a cookie with be placed on the user's machine that identifies the session ID. So, if one users hits the site and no session ID exists on their PC, the a new one will be created. So, if a second user accesses the site, they will not have the session ID of the first, therefore a new session will be created. (Session IDs can be passed via GET rather than in cookies, but that is not the norm from what I have seen). So, different PCs behind the same public IP will not share sessions. But, you last question is now asking about how to get the IP address. You can find that in the $_SERVER super global, but it is not to be relied upon since it can be spoofed.

Anything is possible. It depends on what the effort is vs. the benefit. I would think any solution you create is still going to require some hand holding due to environmental issues such as firewalls. XAMPP is fine for a dev environment, but it not advised for a production environment. But, if that is the way you want to go, then just grab a copy of the XAMPP zip file. Then put the files for your application in the htdocs folder within the zip file. You can change the zip file in a self extracting executable (i.e. exe). However, if they choose a location that is not at the root of a drive, there are additional configuration options to make Apache work. As for your application, you would want a script that is executed the first time the site is accessed. You could have a test to see if the site has been configured. E.g. if(file_exists('db_config.php')) { include('first_run.php'); } . . . or you could test if a configuration file that you create during the first time setup exists. That file can allow the user to enter the DB connection info and a database name to use. Then it will connect to the DB. If successful, save the credentials to a configuration file that will be used by the application. Then it will create the DB and run the initial scripts to create the necessary tables and default data. Then, you might have a process to create the "admin" user for the application. Once setup has been completed, the test to run the first time setup should be skipped based on whatever logic you implemented. This is all very high level. Any "automated" setup would still likely need someone with some technical skills. And, really, it might make more sense to just host the applications yourself and create different "accounts" in your database. That way you also have some protection from your code being distributed to others.

Also, I think it may be slow to get the data from the APIs each time your page is requested. You might want to consider implementing logic that will get the current data from the APIs and then save it to a database. Then, update that data every X minutes (whatever makes sense for your needs). Then create the output by getting the data from your database. That way the performance will be quick and your site will not have issues is there are errors or delays in getting the current data from the APIs.

You know that code is invalid, right? There is no closing quote for the query definition. If you want the last item added, then you should be using a timestamp field to determine that and not the id field. I'm guessing 'iid' is the id field? Assuming all you have is the id field (and you aren't going to fix it), it might look something like this SELECT * FROM portafolio INNER JOIN imagenes ON imagenes.work = portafolio.idp WHERE iid = (SELECT MAX(iid) FROM portafolio) ORDER BY iid DESC

No, it is not required. There are good reasons to leave it off - such as the dreaded "Headers already sent error". As you may know, some commands will fail if any content has already been generated for display in the browser - such as a header() command. If you include multiple files into a script that *may* use a header() command later you cannot have any of those include files generate output if you will later invoke the header() function. If you do use "?>" then you cannot have any characters following the closing tag. Else, it will be considered output for the browser. By leaving the "?>" off, then all of the content of the file is considered PHP code.

What is the LAST() keyword in the query? I've never seen that and don't see any reference for it in the MySQL manual. If you are trying to query the last record that was generated then you are doing it the wrong way. You will create a "race condition" where two users could submit at almost the same time and then when they get to the confirmation page it would pull up the information for one user for both of them. Instead, on the page that you INSERT the data into the database you should capture the last insert ID and store that as a session value. Then, on this page, query the data by that ID.

If it is a file, why do you need to store it in the database? If you are going to store in the DB, then you would want to store the data in separate fields for username, offername, etc.

I don't see that your form has a method defined - or even an action. I think it typically defaults to GET if you don't define it as post. Even if you want to post to itsself, at least add the action attribute with an empty value. Try <form action="" method="post"> Second, you have this <?php $selected = $_POST['selectto']; if(isset($selected)) $selected will ALWAYS be set because you set it on the line right before you check it! Try <?php if(isset($_POST['selectto'])) { $selected = $_POST['selectto']; echo "something in selected<br />"; foreach ($selected as $idx => $item) { echo "selected: {$idx}: {$item}<br>\n"; } } ?>

Sorry to say, there are still a couple bugs bug. I was able to select the same value twice one time and I'm also able to "disable" the unselected value - "--". Not sure about the first one as I was only able to get it to occur one time. But, for the second issue, if you select a number, then select the "no selection" value ("--"). Then, any other select list with a number already selected will set the "--" option to disabled. That option should never be disabled. I think this resolves that. I moved the code to re-enable the previously selected value in other select lists outside the if() condition. Then I added an additional check in that if() condition to only diasable the currently selected value in other select lists if it is not the empty value. <script type="text/javascript"> $().ready(function() { $(".sel").change(function() { var curID = $(this).attr("id"); var chosen = $(this).val(); var curr = $(this).data('curr'); //Itterate over each select list $(".sel").each(function(i,v) { //Set child for the "prev" selected value to enabled $(v).children("option[value="+curr+"]").attr("disabled", false).removeClass("highlight"); if (v.id != curID && chosen) { //Set child for current selected value to disabled $(v).children("option[value="+chosen+"]").attr("disabled", true).addClass("highlight"); } }) $(this).data('curr', chosen); }) $("#btnReset").click(function() { $("option").attr("disabled",false).removeClass("highlight"); this.form.reset(); }) }) </script>

Never rely upon client-side functionality for computations or validations. It can break if JS is not working or there is a compatibility issue and it can be easily overridden by the user to submit values you don't want to allow. Sure, it might not be an issue in the context of your app, but it's not good process. I would allow the user to change the measurement type and, once submitted, save that value in a cookie and use it to auto-select the measurement type on each successive page load.

Where is your current code? My code above works, so something in your current code is likely causing a JS error.

OK, but you know you still need to add validation on the server-side too, right? Client-side validation is a great tool, but it should never be relied upon since it can be easily circumvented. In your code above, you are referencing "frmContact" in the function, but it is not defined. You can pass the form reference in the onsubmit call. Also, you should trim the value to ensure it doesn't pass with just spaces entered. <html> <head> <script> function Blank_TextField_Validator(formObj) { //Trim the value in the field formObj.id.value = formObj.id.value.trim(); // Check the value of the element named text_name // from the form named text_form if (formObj.id.value == "") { // If empty display and alert box alert("Please fill in the text field."); // Place the cursor on the field for revision formObj.id.focus(); // return false to stop further processing return false; } // If text_name is not null continue processing return true; } </script> </head> <body> <form name="frmContact" id="frmContact" method="POST" action="index.php" onsubmit="return Blank_TextField_Validator(this)"> <input type="text" name="id" id="id"> <button type="submit">Submit</button> </form> </body> </html>

You mean three queries as in one for each field? If so, then, yes, that can be improved. You can run one select query to get the data as to which fields are duplicated or not. SELECT SUM(username = ?) as usernameDupe SUM(email = ?) as emailDupe SUM(phone = ?) as phoneDupe FROM staff WHERE username= ? OR email = ? OR phone = ? Of course you would need to bind two sets of the values to the query. You could remove the WHERE clause and only have to bind one set of values. You would get the same results, but I think it would be inefficient with large datasets. SELECT SUM(username = ?) as usernameDupe SUM(email = ?) as emailDupe SUM(phone = ?) as phoneDupe FROM staff You will get one record in the result set with three fields: usernameDupe, emailDupe & phoneDupe. The value for each field will be 0 (no duplicates) or >= 1 (there are dupes). The value should only ever be 0 or 1. But, it could be greater than 1 if any dupes already exist in any field for the tested value.

I see two solutions: 1. JavaScript only: Run one query to get all the messages for the user (with the content). Then display the list of messages in the top div. You should put them in DIVs, or a list (<li>), or some other container. Those containers should have an onclick event which calls a function and passes the ID of the record. Now, in the bottom DIV, you will create the output for the content of ALL the records. But, you will put each in it's own container with an ID that contains the ID of the record and the containers will have a default style of "display:none". The onclick function will take the record ID passed in call, make all the content DIVs display=none and then make the container for the selected record to display=inline 2 The other option is to use AJAX (JavaScript + PHP). Just, populate all the records in the top DIV and include an onclick even to pass the record ID. When the onclick function is called it will do a call to a PHP page (passing the record ID). That page will look up the content of the record and return it to the calling JavaScript function. That function will then populate the content into the DIV. Since you are already getting all the records to populate the top DIV, I would go with option 1.