franknu

please help

I know this a comon question but my problems is that i have somebody else make the codes for me now i fired that person and it looks like i have a problem on a code. Ok everything uploads fine. exept for the file. so here is the problem it is uploading the full path meaning /administrator/img_news/C:\Documents and Settings\Administrator\Desktop\pic1.jpg and it is not uploading the the file into the directory /administrator/img_news here is my code i know it is complicated at least to me $KT_relPath ="/administrator/img_news/"; //$KT_relPath = "../"; require_once("../includes/widgets/widgets_start.php"); // --------------------------------------------- // Pure PHP Upload version 1.1 // ------------------------------------------- if (phpversion() > "4.0.6") { $HTTP_POST_FILES = &$_FILES; } define("MAX_SIZE",300000); define("DESTINATION_FOLDER", "/administrator/img_news/"); define("no_error", "/administrator/menu_main.php"); define("yes_error", "/administrator/error/login_error.php"); $_accepted_extensions_ = "jpg,gif"; if(strlen($_accepted_extensions_) > 0){ $_accepted_extensions_ = @explode(",",$_accepted_extensions_); } else { $_accepted_extensions_ = array(); } $_file_ = $HTTP_POST_FILES['Picture']; if(is_uploaded_file($_file_['tmp_name']) && $HTTP_POST_FILES['Picture']['error'] == 0){ $errStr = ""; $_name_ = $_file_['name']; $_type_ = $_file_['type']; $_tmp_name_ = $_file_['tmp_name']; $_size_ = $_file_['size']; if($_size_ > MAX_SIZE && MAX_SIZE > 0){ $errStr = "File troppo pesante"; } $_ext_ = explode(".", $_name_); $_ext_ = strtolower($_ext_[count($_ext_)-1]); if(!in_array($_ext_, $_accepted_extensions_) && count($_accepted_extensions_) > 0){ $errStr = "Estensione non valida"; } if(!is_dir(DESTINATION_FOLDER) && is_writeable(DESTINATION_FOLDER)){ $errStr = "Cartella di destinazione non valida"; } if(empty($errStr)){ if(@copy($_tmp_name_,DESTINATION_FOLDER . "/" . $_name_)){ header("Location: " . no_error); } else { header("Location: " . yes_error); } } else { header("Location: " . yes_error); } } ?> <?php require_once('Connections/townsfinder.php'); ?><?php //initialize the session if (!isset($_SESSION)) { session_start(); $_SESSION['MM_UserName']; } // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "login.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "News"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "error/login_error.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) { $insertSQL = sprintf("INSERT INTO event (User_id, Headline, SmallContent, Body, Writer, `Date`, Picture, Category, Status) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['User_id'], "int"), GetSQLValueString($_POST['Headline'], "text"), GetSQLValueString($_POST['SmallContent'], "text"), GetSQLValueString($_POST['Body'], "text"), GetSQLValueString($_POST['Writer'], "text"), GetSQLValueString($_POST['Date'], "date"), GetSQLValueString("/administrator/img_news/". $_POST['Picture'], "text"), GetSQLValueString($_POST['Category'], "text"), GetSQLValueString($_POST['Status'], "text")); mysql_select_db($database_townsfinder, $townsfinder); $Result1 = mysql_query($insertSQL, $townsfinder) or die(mysql_error()); $insertGoTo = "menu_main.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } mysql_select_db($database_townsfinder, $townsfinder); $query_ver_usu = "SELECT * FROM `user` ORDER BY User_NameUsr ASC"; $ver_usu = mysql_query($query_ver_usu, $townsfinder) or die(mysql_error()); $row_ver_usu = mysql_fetch_assoc($ver_usu); $totalRows_ver_usu = mysql_num_rows($ver_usu); ?>

ok the database contain the user name and password that i am keyed in but i am getting the wrong password message username and/or password not found. Try again?

well now i am getting this even thought i have a user name and password that match username and/or password not found. Try again?

samething, it goes through without identification, it doesnt seem to be checking on anything or the logic is wrong but i done this many time never has this problem before

well, it is just going through without doing user identification here is my code <? $host = "localhost"; $username = "d"; $password = "asas"; $database = "asdasd"; $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['user']); $password= addslashes($_POST['password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); if (mysql_num_rows($query) > 0) { while($row = mysql_fetch_assoc($result)) { $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } ?>

i am gettin this on the line where there is a else Parse error: syntax error, unexpected T_ELSE in

it is not doing the user identification.

ok with this code it does all the opposite it goes in without verifying the user and password if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } echo"$query"; ?>

Ok, i want to create a control panel for some users to insert or update news my problem is that it it saying that there is no user with the password and user name that i am inserting but there is a user that match that criteria here is my code $conn = mysql_connect($host, $username, $password) or die ('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes ($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if (mysql_num_rows > 0) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } echo"$query"; ?>

I MADE SOME CHANGES AND NOW THE SCRIPT DOESNT DO ANYTHING, IT JUST TAKE THE USER RIGHT INTO THE CONTROL PANER WETHER THE USER AND PASSWORD MATCH OR NOT HER IS MY NEW CODE if ( isset($_POST['user']) && isset($_POST['password']) ) { $user = $_POST['user']; $password = $_POST['password']; $Query = mysql_query("SELECT * FROM news WHERE user='$user' AND password ='$password'"); if (mysql_num_rows($Query) != 0) { $Row = mysql_fetch_array($Query); extract($Row); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } } ?>

oh yes it is, i have gotten in the pass, i just dont remenber what i did to fix it.

please help, i think that it might be because some of the if statements i have there

this is whaT I GET NOW Query was empty HERE ARE THE CHANGES I MADE TO THE CODE if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = "SELECT * FROM news WHERE user='$user' AND password ='$password' "; } $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } ?> PLEASE HELP

ok i am doing a user authentication but my problem is that when i type in user name and password it is saying Query failed Query was empty here is my code <? $host = "localhost"; $username = "tdsfsdf"; $password = "abdfsdf3"; $database = "tdsfsdf"; $conn = mysql_connect($host, $username, $password) or die ('this that ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes ($_POST['headline']); $body = addslashes($_POST['body']); $writter = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = "SELECT * FROM news WHERE user='$user' AND password ='$password' "; } if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } } else { echo "Query failed<br />$query<br />". mysql_error(); exit; } ?> any idea please