franknu
-
Posts
344 -
Joined
-
Last visited
Never
Everything posted by franknu
-
please help
-
I know this a comon question but my problems is that i have somebody else make the codes for me now i fired that person and it looks like i have a problem on a code. Ok everything uploads fine. exept for the file. so here is the problem it is uploading the full path meaning /administrator/img_news/C:\Documents and Settings\Administrator\Desktop\pic1.jpg and it is not uploading the the file into the directory /administrator/img_news here is my code i know it is complicated at least to me $KT_relPath ="/administrator/img_news/"; //$KT_relPath = "../"; require_once("../includes/widgets/widgets_start.php"); // --------------------------------------------- // Pure PHP Upload version 1.1 // ------------------------------------------- if (phpversion() > "4.0.6") { $HTTP_POST_FILES = &$_FILES; } define("MAX_SIZE",300000); define("DESTINATION_FOLDER", "/administrator/img_news/"); define("no_error", "/administrator/menu_main.php"); define("yes_error", "/administrator/error/login_error.php"); $_accepted_extensions_ = "jpg,gif"; if(strlen($_accepted_extensions_) > 0){ $_accepted_extensions_ = @explode(",",$_accepted_extensions_); } else { $_accepted_extensions_ = array(); } $_file_ = $HTTP_POST_FILES['Picture']; if(is_uploaded_file($_file_['tmp_name']) && $HTTP_POST_FILES['Picture']['error'] == 0){ $errStr = ""; $_name_ = $_file_['name']; $_type_ = $_file_['type']; $_tmp_name_ = $_file_['tmp_name']; $_size_ = $_file_['size']; if($_size_ > MAX_SIZE && MAX_SIZE > 0){ $errStr = "File troppo pesante"; } $_ext_ = explode(".", $_name_); $_ext_ = strtolower($_ext_[count($_ext_)-1]); if(!in_array($_ext_, $_accepted_extensions_) && count($_accepted_extensions_) > 0){ $errStr = "Estensione non valida"; } if(!is_dir(DESTINATION_FOLDER) && is_writeable(DESTINATION_FOLDER)){ $errStr = "Cartella di destinazione non valida"; } if(empty($errStr)){ if(@copy($_tmp_name_,DESTINATION_FOLDER . "/" . $_name_)){ header("Location: " . no_error); } else { header("Location: " . yes_error); } } else { header("Location: " . yes_error); } } ?> <?php require_once('Connections/townsfinder.php'); ?><?php //initialize the session if (!isset($_SESSION)) { session_start(); $_SESSION['MM_UserName']; } // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "login.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "News"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "error/login_error.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) { $insertSQL = sprintf("INSERT INTO event (User_id, Headline, SmallContent, Body, Writer, `Date`, Picture, Category, Status) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['User_id'], "int"), GetSQLValueString($_POST['Headline'], "text"), GetSQLValueString($_POST['SmallContent'], "text"), GetSQLValueString($_POST['Body'], "text"), GetSQLValueString($_POST['Writer'], "text"), GetSQLValueString($_POST['Date'], "date"), GetSQLValueString("/administrator/img_news/". $_POST['Picture'], "text"), GetSQLValueString($_POST['Category'], "text"), GetSQLValueString($_POST['Status'], "text")); mysql_select_db($database_townsfinder, $townsfinder); $Result1 = mysql_query($insertSQL, $townsfinder) or die(mysql_error()); $insertGoTo = "menu_main.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } mysql_select_db($database_townsfinder, $townsfinder); $query_ver_usu = "SELECT * FROM `user` ORDER BY User_NameUsr ASC"; $ver_usu = mysql_query($query_ver_usu, $townsfinder) or die(mysql_error()); $row_ver_usu = mysql_fetch_assoc($ver_usu); $totalRows_ver_usu = mysql_num_rows($ver_usu); ?>
-
ok the database contain the user name and password that i am keyed in but i am getting the wrong password message username and/or password not found. Try again?
-
well now i am getting this even thought i have a user name and password that match username and/or password not found. Try again?
-
samething, it goes through without identification, it doesnt seem to be checking on anything or the logic is wrong but i done this many time never has this problem before
-
well, it is just going through without doing user identification here is my code <? $host = "localhost"; $username = "d"; $password = "asas"; $database = "asdasd"; $conn = mysql_connect($host, $username, $password) or die('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['user']); $password= addslashes($_POST['password']); if (isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); if (mysql_num_rows($query) > 0) { while($row = mysql_fetch_assoc($result)) { $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } ?>
-
i am gettin this on the line where there is a else Parse error: syntax error, unexpected T_ELSE in
-
it is not doing the user identification.
-
ok with this code it does all the opposite it goes in without verifying the user and password if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } } echo"$query"; ?>
-
Ok, i want to create a control panel for some users to insert or update news my problem is that it it saying that there is no user with the password and user name that i am inserting but there is a user that match that criteria here is my code $conn = mysql_connect($host, $username, $password) or die ('there is ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes ($_POST['headline']); $body = addslashes($_POST['body']); $writer = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = mysql_query("SELECT * FROM news WHERE `user`='$user' AND `password` ='$password'"); } if (mysql_num_rows > 0) { $row = mysql_fetch_assoc($result); $NewsID= $row['NewsID']; $headline = $row['headline']; $body = $row['body']; $writer= $row['writer']; $date = $row['Keyword']; $picture = $row['picture']; } else { echo "<p><b>username and/or password not found. Try again?</b></p>"; exit; } echo"$query"; ?>
-
I MADE SOME CHANGES AND NOW THE SCRIPT DOESNT DO ANYTHING, IT JUST TAKE THE USER RIGHT INTO THE CONTROL PANER WETHER THE USER AND PASSWORD MATCH OR NOT HER IS MY NEW CODE if ( isset($_POST['user']) && isset($_POST['password']) ) { $user = $_POST['user']; $password = $_POST['password']; $Query = mysql_query("SELECT * FROM news WHERE user='$user' AND password ='$password'"); if (mysql_num_rows($Query) != 0) { $Row = mysql_fetch_array($Query); extract($Row); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } } ?>
-
oh yes it is, i have gotten in the pass, i just dont remenber what i did to fix it.
-
please help, i think that it might be because some of the if statements i have there
-
this is whaT I GET NOW Query was empty HERE ARE THE CHANGES I MADE TO THE CODE if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = "SELECT * FROM news WHERE user='$user' AND password ='$password' "; } $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } ?> PLEASE HELP
-
ok i am doing a user authentication but my problem is that when i type in user name and password it is saying Query failed Query was empty here is my code <? $host = "localhost"; $username = "tdsfsdf"; $password = "abdfsdf3"; $database = "tdsfsdf"; $conn = mysql_connect($host, $username, $password) or die ('this that ' .mysql_error()); $db = mysql_select_db($database, $conn) or die('Could not connect to database. ' .mysql_error()); $headline = addslashes ($_POST['headline']); $body = addslashes($_POST['body']); $writter = addslashes($_POST['writer']); $date= addslashes($_POST['date']); $picture = addslashes($_POST['$picture']); $user = addslashes($_POST['$user']); $password= addslashes($_POST['$password']); if ( isset($_POST['user']) && isset($_POST['password']) ) { $query = "SELECT * FROM news WHERE user='$user' AND password ='$password' "; } if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $headline= $row['headline']; $body = $row['body']; $date = $row['date']; $picture = $row['picture']; $writer =$row['writer']; $song1 = $row['song1']; $song2 =$row['song2']; $song3 = $row['song3']; $song4= $row['song4']; $song5 = $row['song5']; $picture2 = $row['picture2']; $eventhead = $row['eventhead']; $eventpic=$row['eventpic']; $eventbody= $row['eventbody']; } else { echo "<p><b>username and/or password not found. Try again? </b></p>"; exit; } } else { echo "Query failed<br />$query<br />". mysql_error(); exit; } ?> any idea please
-
please help
-
Ok, I display all the data from the database but what about if after that i want to click certain specific column in the database i have the first page working but i need some help after the user click on the link to see more info about that column here is code for page1 $sql="SELECT * FROM messages WHERE BusinessName='$BusinessName' "; $result=mysql_query($sql); while($row=mysql_fetch_assoc($result)) { $messageID = $row['messageID']; $date = $row['date']; $from = $row['from']; $status = $row['status']; $subject = $row['subject']; $message =$row['message']; echo"<tr>"; echo" <td>"; echo' <input type="checkbox" name="checkbox" value="checkbox"></td>'; echo" <td> $date </td>"; echo" <td> $from </td> "; echo"<td> $status </td>"; $ms= $row['subject']; echo"<td><a href='message_display.php?$subject=$ms'>$ms </a></td>"; and here is my code for page2 if(isset($_GET['message'])) { $sql="SELECT * FROM messages WHERE message='$message' "; $result = mysql_query($sql) or die (mysql_error()); $row = mysql_fetch_assoc($result); $messageID = $row['messageID']; $date = $row['date']; $from = $row['from']; $status = $row['status']; $subject = $row['subject']; $message = ($row['message']); echo" <table >"; echo" <tr> "; echo" <td ><span class='style1'>Mail Center </span></td>"; echo" </tr> "; echo" <tr> "; echo" <td>Date</td>"; echo" </tr> "; echo"<tr>"; echo " <td>$date </td>"; echo " </tr>"; echo" <tr>"; echo" <td>$from</td>"; echo"</tr>"; any idea how i can make the second code display the continue values
-
ok, thank u
-
ok that works but it only giving me the date, i also want the time on the same input
-
any idea how to set it up, i really dont know how to set it up because it did date=NOW(); and i am getting an error
-
so i have to do date=NOW();
-
Ok, I have to question in one code the first is. i have this code that at soon as the visitor goes to the page it sent a message i one want them to send a message if the submit the code for some reason, it is not doing that and the other question is how do i insert actual date and time in the page when the user hit submit here is my code $from = addslashes($_POST['from']); $status= addslashes($_POST['status']); $subject= addslashes($_POST['subject']); $message= addslashes($_POST['message']); $BusinessName= $_SESSION['BusinessName']; if(Submit) { $query = "INSERT INTO `messages` (`BusinessName`,`date`,`from`,`status`,`subject`,`message`) VALUES ('".$_SESSION['BusinessName']."','".$date."','".$from."', '".$status."','".$subject."', '".$message."')"; $result = mysql_query($query); echo mysql_error(); } if($result) { echo " Your Message have been sent. We will get back to you. <br>"; } ?>
-
Now, i am not displaying any values any idea why
-
ok, i want to select values from the colum name BusinessName, date from, subject and message from database named messages that are equal to $_SESSION['BusinessName']." basicly, here is my error message Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in and here is my code that is driving nut $sql="SELECT * FROM messages WHERE BusinessName='".$_SESSION['BusinessName']." "; $result=mysql_query($sql); while($row=mysql_fetch_assoc($result)) { $date = $row['date']; $from = $row['from']; $status = $row['status']; $subject = $row['subject']; $message =$row['message']; echo"<tr>"; echo" <td>"; echo' <input type="checkbox" name="checkbox" value="checkbox"></td>'; echo" <td> $date </td>"; echo" <td> $from </td> "; echo"<td> $status </td>"; echo"<td><a href='message_display'> $subject </a></td>"; echo"</tr>"; } ?>
-
ok this is who it should be select from message where BusinessName="$_session['BusinessName'] that will be the easy way