KevinM1

I loved Ubuntu during the short stint I had with it a couple years ago. I don't remember which editor I used, though. It did have code highlighting, which was nice.

PHP errors tend to happen on the lines before the one specified by the error itself. Your best bet is to post everything relevant to the process (I'm guessing an object's constructor) so we can see what's happening.

Since when has Windows been more secure than OSX? When has IE ever been considered more secure than FireFox or Opera? I like Macs. I really do. I used an iBook in college to take class notes and write simple web pages, and it was simple to use and stable as hell. But, in regards to web development, they're not any more capable than a Windows machine. Or a *nix machine, if you're comfortable using The GIMP as your graphics editor.

That's a bit of a long-winded approach to doing something as easy as checking a zipcode. Ideally, you should use regular expressions when validating fields like these. What are regular expressions? They're essentially expressions that represent a pattern that you want to test a value against. In this case, a 5-digit code, potentially followed by a hyphen and a 4-digit code. With regEx, this is simple to do. Even better, JavaScript has built-in regEx functionality. Your script should look like: <script type="text/javascript"> window.onload = function() // we do this to ensure the HTML is all loaded before the script { /* put the rest of your validation code in here, too */ function validateZip(field) { var zip = field.value; var regEx = /^\d{5}(-\d{4})?$/; if(!zip.match(regEx)) { alert("The zipcode you entered is wrong. It must contain 5 digits, with an optional hyphenated 4 digit component (ex: 12345-1234)"); return false; } else { return true; } } } </script>

That doesn't really tell me anything. Let me rephrase: is $state's value derived by the script, or is it supplied by the user?

Where does $state come from?

Your index page should look something like... index.php: <?php $page = strtolower($_GET['page']); // <-- this is the name of the page, forced to be all lowercase, but now you need to append '.php' to the end $importedPage = $page . '.php'; // <-- we just added the '.php' extension to the end if($page == "main" || $page == "contactus" || $page == "joinus" || $page == "news") { require_once($importedPage); // <-- and now we just imported that file } ?> To break down the process further, consider the following URL: www.somesite.com/index.php?page=contactus The part we're interested in is the 'contactus' portion of the link. That's supposed to serve up the Contact Us content to the user. So, that little chunk of text is obtained by the first line of code: $page = strtolower($_GET['page']); $page is a variable - a named container that can hold any kind of value. In this case, it holds the text 'contactus' (without the quotes). We turn it all into lowercase letters by using the strtolower() function. That way, we don't have to check if someone accidentally put a capital letter in the link. Next, we create another variable - $importedPage - and store within it the actual file name that the script should look for: $importedPage = $page . '.php'; The . between $page and '.php' is an operator, much like + or -. In PHP, the . appends (adds) text, so we're literally adding the file extension to the page name. Why did we create a new variable for this? We could've simply added the file extension to $page by writing: $page = $page . '.php'; /* This is the same as */ $page .= '.php'; But, we need to make sure that whatever values for the content that comes into the script are legit, so we need to test the incoming page names with what we expect them to be. This is most easily done by keeping $page clean of the file extension and testing it against the names of the acceptable pages. This is done here: if($page == "main" || $page == "contactus" || $page == "joinus" || $page == "news") { /* ... */ } This is a conditional. It literally says "If $page equals main, OR $page equals contactus, OR...." then execute the code between the brackets. That code is to deliver the content of the appropriate file to the user, and is done by simply writing: require_once($importedPage); That's about as step-by-step as it gets.

Do you have a specific element that you're writing to in the popup window?

its friggin easy. if youve learnt .htaccess coding youll know what i mean, its about as "hard" as that There is no such thing as .htaccess coding. It's just a configuration file. Besides, learning about the syntax is the easy part. You need to learn about methodology and application design as well to be a good programmer. Not to mention database design and normalization, which I'm admittedly shaky with.

You should double-check your conditionals, and make sure they're all lined up, so-to-speak. Make sure that when a valid login occurs, the process doesn't continue to show the login form. To help you in this, you might want to comment out all of the code not related to an error state. That way you know you're just dealing with the simplest case - a legit user.

Nope, actually the opposite. So long as the header file is included in the pages that need session access, you're fine.

Where's session_start()? Remember, you need to put that function at the beginning of every file you want to have session access. If those options are dependent on the session data, they won't show unless you have session_start() invoked.

Well, the 'simplest' thing to do would be to ensure that your Set_criteria() function returns a mysqli_result that mysqli_num_rows() can read. What does Set_criteria() do?

You've come to the right place then Don't tell them that! The next thing you know, they'll bring friends. I think you're quite safe there - I don't have any friends. Hehe.

Well, your major problem is this line: if(isset($_POST['login_form'])) { You don't check against the form name. Instead, you check against the name of the input that actually submits the form, which, in this case, would be the image input named 'submit.' In other words: if(isset($_POST['submit'])){ Also, you shouldn't need any JavaScript for an image input to submit a form. They should do it automatically, according to the HTML form spec: http://www.w3.org/TR/html401/interact/forms.html#h-17.4.1

lol I fail to see how that is less of a headache...more code = more chance to mess up = larger headache??? But it probably works, so yea. To each their own. Slightly more code, which is, IMO more readable, that's separated from the markup entirely. Much like how it's generally accepted that HTML and CSS should be separate, the same goes for HTML and JavaScript. By compartmentalizing each tier of a web app, you encapsulate functionality, thereby reducing bugs and making it easier to squash the ones that do crop up. In other words, instead of the OP having to search through lines of code for that one magic echo statement that contains the JavaScript which submits the form, it's all in the head element, where it should be (if not in an external file). But, this is an argument for another time. If you're interested in why I find this method of coding JavaScript to be preferable to other methods that mix and match script code with markup, then you should look at some of the trainwrecks that get posted in the JavaScript section of the board. Yeesh. EDIT: Mind posting the code of your latest attempt?

You've come to the right place then Don't tell them that! The next thing you know, they'll bring friends.

If you're using JavaScript to submit the form, why not do it the unobtrusive, and less headache-inducing, way like so: <html> <head> <title>Login</title> <script type="text/javascript"> window.onload = function() { var imageSubmit = document.getElementById('imageSubmit'); imageSubmit.onclick = function() { document.forms['login_form'].submit(); } } </script> </head> <!-- code up until the actual image that's used as the submit --> <?php echo '<input type="image" src="images/login.png" id="imageSubmit" name="submit" />'; ?>

I don't understand why you're starting off with sessions. Do you really want to keep all login attempts as a session, even the failed ones? What you should do is: 1. Obtain the login input: session_start(); if(isset($_POST['submit'])) { if(!empty($_POST['username'])) { $tmpUsername = stripslashes($_POST['username']); } if(!empty($_POST['password'])) { $tmpPassword = stripslashes($_POST['password']); } 2. Then, check those values against what's in the database, and if the user attempting to login is legit, then you set the session variable: $query = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($tmpUsername) . "' AND password = '" . mysql_real_escape_string($tmpPassword) . "'"; $result = mysql_query($query) or die(mysql_error()); if(result && mysql_num_rows == 1) //just to double-check against duplicate entries { $_SESSION['username'] = $tmpUsername; } You don't want to store a user's password in a session.

The error message is pretty clear in its meaning. In order to use mysqli_num_rows(), the first argument passed into it must be a mysqli_result. What is that? The result of a database query. What does your Set_criteria() function do? I'm willing to bet it doesn't return a mysqli_result.

Hmm...Almost sounds like homework. Have you tried something like: <?php if(isset($_GET['submit'])) { if(isset($_GET['system']) && isset($_GET['genre'])) { /* load the content specific for that system and genre */ } else { /* error? */ } } /*if the info HASN'T been submitted yet */ ?> <html> <head> <title>Blah</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="get"> <select name="system"> <!-- all of the 'system' options go here --> </select> <select name="genre"> <!-- all of the 'genre' options go here --> </select> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>

The host name needs to be the host of the MySQL database server. You should first try using 'localhost.' A couple of other things jump out immediately: 1. In your first if-conditional, you use the bitwise OR operator |. You should be using the logical OR operator ||. 2. You need to add <?php before the else-statement that sets the cookie.

Hmm...have you tried using 'this', or 'this.a'?

You do not want to use document.write. That function rewrites the document (i.e., the web page) from the beginning. So, instead of having the form fields' values added to the end of the page, all you'd get as output would be those values and nothing else. I'm not sure why you'd want to use JavaScript for this, at least, with the way you're describing what you want to do. Since you're waiting for the form to be submitted, you gain nothing by printing the values to the screen using JavaScript. There's still that page load/reload when the form is submitted that you have to take into account. Unless you're using AJAX, there really isn't much of a point using JavaScript instead of PHP for this.