PFMaBiSmAd

You have single-quotes around your column names (three places), thereby making them strings instead of column names. The WHERE clause is FALSE because you are testing if the string 'account_number' is the same as what is in the $account_number variable. Unless $account_number contained the string 'account_number', the WHERE clause is false and the query is not even being executed.

If you use mysql_error in the error checking and error reporting logic in your code, mysql will tell you at what point it found a problem in the query. The only apparent thing I see is that your DateStart value is a negative number.

For something like a menu, where you have multiple variable-size lists of choices, you would typically store the choices somewhere (database, array) and write some general-purpose code to take the correct choices and output the information the way you want (something like using a query to get a specific set of data that you need.) <?php // define menus $menu = array(); $menu['user_typeA'] = array("<a href='$page.php?films'>Films</a>","<a href='index.php?webseries'>Webseries</a>","<a href='index.php?company'>Company</a>"); $menu['user_typeB'] = array("<a href='$page.php?contact'>Contact</a>","<a href='index.php?faq'>FAQ</a>","<a href='http://store.makethemoviehappen.com'>Store</a>"); $menu['user_typeC'] = array("<a href='$page.php?donate'>Donate</a>","<a href='$page.php?contact'>Contact</a>","<a href='$page.php?faq'>FAQ</a>"); // logic to determine which menu to use if(isset($_SESSION['myusername'])){ $type = 'user_typeA'; } elseif(isset($_SESSION['myusername2'])){ $type = 'user_typeB'; } else { $type = 'user_typeC'; } // produce and output the correct menu foreach($menu[$type] as $item){ echo "<div class='tab'>"; echo $item; echo "</div>"; } ?>

The link I posted stated that a leading / on a file system path refers to the root of the current hard disk. Do you know what the root of the current hard disk means? If your $_SERVER["DOCUMENT_ROOT"] contains http://www, then who ever setup the virtual host configuration on your server didn't know what they should set it to.

See this post - http://www.phpfreaks.com/forums/index.php?topic=336242.msg1583862#msg1583862

Your submit button is named - name="update-field". You would to test that same named $_POST variable. You have $_POST['update_field'], which does not match the name of your form field.

A setcookie() statement must exactly match the parameters (name, path, domain, secure, and httponly) of an existing cookie, otherwise you are actually trying to set a different cookie. For the record, the only way to actually 'delete' a cookie is to physically delete the cookie file on the client computer (for cookies that were set with a non-zero expire time) or to close all instances of the browser (for a cookie that was set with a zero expire time.) Once a cookie has been set, the only thing a web-server-side script or client-side javascript can do to it is to change the value or change the expire time, by setting the same cookie again with a new value or expire time. To 'delete' a cookie in this way, you are actually either setting the value to something that will cause the cookie to be 'ignored' by code using that value or to an expire time in the past so that the browser won't send the cookie to the server with the page request. @Nosbod, if your session id cookie was originally set without a domain parameter, the setcookie() statement that matches that cookie would also need to have no domain parameter.

Here is some functional database driven code that demonstrates what I suggested and is completely independent of the actual number of stories or chapters. I used different file names for the pagination images from what you used (simply change them back to your names) and I fixed one logic problem in the pagination code. <?php // connect to database server and select database here... mysql_connect('localhost','your_user','your_password'); mysql_select_db('your_db'); function pagination($total,$story,$chapter){ $next = $previous = ''; if($chapter > 1){ // not at the first one, first and previous are active $first = "<a href='?story=$story&chapter=1'><img src='/images/start.gif' alt='First chapter' title='Go back to the first chapter'></a>"; $previous = $chapter - 1; $previous = "<a href='?story=$story&chapter=$previous'><img src='/images/prev.gif' alt='Last chapter' title='Skip to the previous chapter'></a>"; } else { // at the first one, first and previous are not active $first = '<img src="/images/start.gif" alt="First chapter" title="Go back to the first chapter">'; $previous = '<img src="/images/prev.gif" alt="Last chapter" title="Skip to the previous chapter">'; } if($chapter < $total){ // not at the last one, next and last are active $next = $chapter + 1; $next = "<a href='?story=$story&chapter=$next'><img src='/images/next.gif' alt='Next chapter' title='Skip to the next chapter'></a>"; $last = "<a href='?story=$story&chapter=$total'><img src='/images/end.gif' alt='Latest chapter' title='Skip to the newest chapter'></a>"; } else { // at the last one, next and last are not active $next = '<img src="/images/next.gif" alt="Next chapter" title="Skip to the next chapter">'; $last = '<img src="/images/end.gif" alt="Latest chapter" title="Skip to the newest chapter">'; } return $first . $previous . "<a href='?story=$story'><img src='/images/toc.gif' alt='Table of contents' title='Table of contents'></a>" . $next . $last; } // produce main menu, as needed... $top_nav = "<a href='?toc'>List The Available Stories</a>\n"; // if story is not set, list toc of all the stories (gotten from the story table information) // if story (id number) is set, get the story info (title, author, other, ...) // if the requested story does not exist, clear url and request the base page $story = isset($_GET['story']) ? (int)$_GET['story'] : ''; // non-int parameter gives a zero value and redisplays the toc (via redirect to base page) if(is_numeric($story) && $story >= 0){ // get story info (if exists) and get requested chapter (if exists) $query = "SELECT title FROM stories WHERE id = $story"; $result = mysql_query($query); if(!mysql_num_rows($result)){ // requested story was not found header("Location: {$_SERVER['SCRIPT_NAME']}"); // clear the url exit; } else { // story was found, fetch the story information (title) and get the requested chapter information // if the chapter number is not set, display the chapters (gotten from the table information) // if the chapter is a number, get and display the chapter title and content // if the chapter number is not valid, clear the chapter and display the list of chapters $story_info = mysql_fetch_assoc($result); $page_title = "{$story_info['title']}"; //---- start chapter section --------------------------------------------- $chapter = isset($_GET['chapter']) ? $_GET['chapter'] : ''; // non numeric chapter/not empty - remove chapter from the url if(!is_numeric($chapter) && !empty($chapter)){ header("Location: {$_SERVER['SCRIPT_NAME']}?story=$story"); // clear the url exit; } // chapter will be numeric or an empty string at this point if(is_numeric($chapter)){ // get chapter info (if exists) $query = "SELECT title,content FROM chapters WHERE story_id = $story AND chapter = $chapter"; $result = mysql_query($query); if(!mysql_num_rows($result)){ // requested chapter was not found header("Location: {$_SERVER['SCRIPT_NAME']}?story=$story"); // clear the url exit; } else { // chapter was found, fetch the chapter information (title,content) $chapter_info = mysql_fetch_assoc($result); $page_title .= ", {$chapter_info['title']}"; $main_content = "<p>{$story_info['title']}, {$chapter_info['title']} -</p>\n<p>{$chapter_info['content']}</p>\n"; // get count of chapters for pagination $query = "SELECT count(*) as num_chapters FROM chapters WHERE story_id = $story AND chapter > 0"; $result = mysql_query($query); $row = mysql_fetch_assoc($result); $bottom_nav = pagination($row['num_chapters'],$story,$chapter); } } else { // chapter was not set, get toc $query = "SELECT chapter,title FROM chapters WHERE story_id = $story ORDER BY chapter"; $result = mysql_query($query); if(!mysql_num_rows($result)){ // no chapters found $toc_content = "<p>{$story_info['title']} -</p><p>Sorry, there are no chapters for this story!</p>\n"; $page_title .= " - no chapters!"; } else { // found one or more chapters, build toc $toc_content = "<p>{$story_info['title']} -</p>\n<ol>\n"; while($row = mysql_fetch_assoc($result)){ if($row['chapter'] == 0){ $toc_content .= "<a href='?story=$story&chapter={$row['chapter']}'>{$row['title']}</a>\n"; } else { $toc_content .= "<li><a href='?story=$story&chapter={$row['chapter']}'>{$row['title']}</a></li>\n"; } } $toc_content .= "</ol>\n"; } } //--- end chapter section ---------------------------------------------- } } else { // story was not set, get main toc $query = "SELECT id,title FROM stories ORDER BY title"; $result = mysql_query($query); if(!mysql_num_rows($result)){ // no stories found $toc_content = "<p>Sorry, there are no stories!</p>\n"; $page_title = "Sorry, there are no stories!"; } else { // found one or more stories, build toc $toc_content = "<p>Stories -</p>\n<ol>\n"; while($row = mysql_fetch_assoc($result)){ $toc_content .= "<li><a href='?story={$row['id']}'>{$row['title']}</a></li>\n"; } $toc_content .= "</ol>\n"; $page_title = "List of Stories"; } } ?> <!DOCTYPE HTML> <html> <head> <meta charset="UTF-8"> <title><?php echo isset($page_title) ? $page_title : ''; ?></title> <style type="text/css"> </style> </head> <body> <?php echo isset($top_nav) ? $top_nav : ''; // main navigation menu ?> <?php echo isset($toc_content) ? $toc_content : ''; // if no story selected, display the list of stories or if no chapter selected, display list of chapters ?> <div id="storyText"> <?php echo isset($main_content) ? $main_content : ''; // story title, chapter title, chapter content ?> </div> <?php echo isset($bottom_nav) ? $bottom_nav : ''; // chapter navigation ?> </body> </html> The stories table has an id (int) and title (varchar) columns (you would add any other things you need, such as author, published date,...) The chapters table has an id (int), story_id (int), chapter (int), title (varchar), and content (varchar) columns. I don't think you are going to find any tutorials that would directly help (other than the basics, here is how you connect to a database server, select a database, form a query that selects the data you want in the order that you want it, execute a query, fetch the result from the query, and use the result the way you want to) because this is all pure programming. You define what you want to accomplish, what you want it to look like, and what data you need and then write and test the code until you are done. Edit: Please excuse any of the un-needed double-quotes that are around php variables with nothing else inside of the quotes. I originally had some literal text as part of those strings, but removed it and then left the quotes as is.

Edit to the above: No matter where your web site and email server are hosted at relative to each other, you need an SPF record that indicates that the actual sending mail server is authorized to send email for the domain in the From: address. The receiving mail servers at most of the major ISP's check for a valid SPF record and that it matches up the domain in the from address with the sending mail server and vote email as spam when it does not find an SPF record (they usually discard an email when the SPF record exists but doesn't match the sending mail server.)

The separator characters between each header statement should be "\r\n". Does that From: email address actually exist on the sending mail server? Assuming that the domain name being used in the From: email address is actually hosted somewhere different from where the sending mail server is at, do you have an SPF record at the name server where your site is being hosted at that indicates that the actual sending mail server is authorized to send email for your domain name? See this link - http://www.openspf.org/

This is slightly off-topic, but you should be using a database or some other data structure, such as an array to define the story/chapter relationship so that you DON'T need to go into your program and edit the logic every time you add a story or add a chapter to an existing story. The logic in your code should be general purpose so that it can operate on any amount of data, simply by changing the amount of data. Also, you should be storing the contents itself in a database so that you can use ONE page, with your existing URL's, so that you don't need to keep creating new .php files for every piece of content that makes up your site. By having one page, with only one set of page markup/css, you keep all the page formatting in one place so that you will have a consistent looking site and if you decide to change the appearance or formatting, you only have to change it once instead of on every actual page/file you have created. Short-answer: You are using a programming language, let php do the work for you, instead of you manually editing files to add/change switch/case statements and continually copy/paste files and editing the content in them.

You actually need to use the password in the mysql_connect() statement.

So, you would need to go through all the data you have stored that is related to that pilot and update the id in it just because his hub changed? That doesn't sound like an very efficient RDBMS design. Wouldn't you rather just assign a fixed permanent id to each pilot and have a column in the pilot information table that holds the id of the hub he is based at? ^^^ Doing that would make ALL your code and queries simpler and faster and if the hub changed, all you would need to do is update one piece of data, the 'hub' column for that pilot.

So, what happens in your current scheme when a pilot relocates to a different hub?

How do you know that it did not change?

What makes you think that the file isn't being moved/overwriting an existing file?

The mysql CURDATE() function returns a string (they way you are using it), so it does not get enclosed by single-quotes inside the query. Enclosing it in single-quotes makes it a string, made up of the following characters - C, U, R, D, A, T, E, (, and )

Is your score column an integer data type? If you would post a .sql dump of your table,with the table definition and data, someone could try to duplicate the result to determine why it is not working.

Using and storing the week number is ambiguous. You also need the year that the week occurred in. You should instead store the actual DATE (YYYY-MM-DD) when something occurs. Then you can simply query for the matching data for any time period, such as a specific year/week or a range of year/weeks...

You would use GROUP BY name and use COUNT(*) to get a count of the number of rows in each group - http://dev.mysql.com/doc/refman/5.0/en/group-by-functions.html#function_count

Your form isn't even submitting any values for $_GET['team_id'], so you would need to start by making the form submit the data that your form processing code is expecting.

In the mysql_affected_rows documentation, a failed query means one that failed due to an error when the query was tried (sql syntax error, wrong table/column names, problem with the database connection...) Zero affected rows means that the query executed, without any errors, but no row was affected.

For item #2. Near the start of your code, you are executing the following four lines of code - $query = "SELECT * FROM manager_users WHERE username = '$username'"; $result = mysqli_query($dbc,$query); // Count number of returned results from query if (mysqli_num_rows($result) > 0) { // Fetch returned data from result set $row = mysqli_fetch_array($result); The above code is matching the posted username against the username in the manager_users table and is fetching that row from the table when there is a match. All the rest of your code, down to the }else{ statement that terminates the above if(){ statement, can use the data that you fetched in the above code. Just assign all the variables from that data once and eliminate all the extra queries selecting from that table - $statusID = $row['statusID']; $userID = $row['userID']; $firstName = $row['firstName']; $lastName = $row['lastName']; $passwordDB = $row['password']; $passwordDB2 = $row['password2']; Doing this will greatly simplify and reduce the code from the // Escape post data comment through to the }else{ terminating statement. Your existing code between those two points would become - <?php // Escape post data $password = mysqli_real_escape_string($dbc,$_POST['password']); // not sure why you are escaping this since it is not being put into a query and is also being hashed // Assign hashed password to variable $regenFromPostPW = reGenPassHash($password, $passwordDB2); // Comparing the database password with the posted password if ($passwordDB == $regenFromPostPW) { $query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'"; $result2 = mysqli_query($dbc,$query2); // Assign user data into an array $loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName); // Assign user data array to new session $_SESSION['user_data'] = $loggedinUserDataArray; // See if the remember me checkbox was checked if (isset($_POST['remember'])) { // Sets an expiration time for the cookie $myExpiration = time()+60*60*24*100; // Sets the cookie for the username setcookie("username", $username, $myExiration, "/"); } // Successful login complete $output = array('errorsExist' => false, 'message' => 'You have been logged in, please allow a moment while we load your account data!'); } else { // Login unsuccessful // Add to number of tries $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1; // Take numberOfAttempts and compare it if ($_SESSION['numberOfAttempts'] >= 5) { // Retrieve IP Address of user trying to hack into account $hackerIPAddress = $_SERVER['REMOTE_ADDR']; // Update database after account getting hacked and run query $query = "UPDATE manager_users_logins_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); // Email user new registration account function my_domain_name() { $my_domain = $_SERVER['HTTP_HOST']; $my_domain = str_replace('www.', '', $my_domain); return $my_domain; } $sender_email = "noreply@kansasoutlawwrestling.com"; $reply_to = "noreply@kansasoutlawwrestling.com"; $recipient_email = $email; $email_subject = "KOW Manager Account Locked"; $email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team'; mailSomeone($email, $sender_email, $email_subject, $email_body); // Account locked error $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!'); } else { // Calculate how many chances the user has to login before account gets locked $chancesLeft = 5 - $_SESSION['numberOfAttempts']; // Invalid username and password error $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' chances left to login succesfully or the account will be locked!'); } } } } } else {

Take a look at the code at the following link (it will work as well with a single database table column) - http://www.phpfreaks.com/forums/index.php?topic=336392.msg1584836#msg1584836

I did look at some of your code and here are some hints - 1) The following code - $query = "SELECT * FROM manager_users_logins WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); $row = mysqli_fetch_array($result); // Login successful $numberOfLogins = $row['numberOfLogins']+1; $query2 = "UPDATE manager_users_logins SET numberOfLogins = '".$numberOfLogins."', lastOnline = CURRENT_TIMESTAMP"; $result2 = mysqli_query($dbc,$query2); Can be replaced by the following (you don't need to select data in order to update it and you had an error in the update query in that it was updating every row in your table because it didn't have a WHERE clause to cause it to match a specific row) - $query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'"; $result2 = mysqli_query($dbc,$query2); 2) You are executing a select query: SELECT * FROM manager_users WHERE ... 3 or 4 different times in that code, but all of them after the first one (the first one tests username in the where clause, the rest test the userID that the first one retrieved) are inside of conditional logic that is only true when the first one matched the username in the table. Just use the data that the first query returned instead of executing a query several more times to get data that you already have. 3) You are using a session variable to store the number of log in attempts. That won't work because A) It requires that the bot script attempting to log in even supports sessions and B) all you have to do to bypass your logic is to drop the session id and get a new session and you can keep making attempts. You must keep track of the number of log in attempts in a database table. 4) And I just saw in your Login successful code that you are setting $_SESSION['user_data']. You would probably want test that same session variable in your code that checks if someone is not already logged in. The following - if(!isset($_SESSION[$loggedinUserDataArray])) { should be - if(!isset($_SESSION['user_data'])) {