PFMaBiSmAd

Someone just posted a basic log in script using a session - http://www.phpfreaks.com/forums/index.php/topic,290377.msg1376236.html#msg1376236

Since you are attempting to use a single page, the following basic code will work - Any page you would like to protect - <?php require 'login.php'; // prevent access unless logged in // remainder of the code and content on the protected page goes here... echo "<p>$logout_link</p>"; echo "<p>you are logged in and can access the rest of this page -<p>"; ?> login.php code - <?php // Simple (demo) log in code. Minimal functional code with no error checking, validation, etc... // This code is designed to be included at the start of any page that you want to protect so that only logged in visitors can view the protected content on the page. // The code is all or nothing. If the visitor is not logged in, the log in form is displayed and nothing else. If the visitor is logged in, the remainder of the protected code and content on the page is displayed. // The log in uses a session and is valid until the current browser session ends. // The log in form submits to the current page and the username/passwords are hard-coded in an array. // You would need to provide a menu/links as necessary to navigate to any other page. // detect direct access to included/required file if(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){ die('No Direct Access'); } session_start(); // start/resume session $auth = array(); // array of username/passwords $auth['user'] = 'pwd'; // add an entry for each permitted visitor, key = username, value = password // get the host name and script name of the current page (used in redirects to clear the end of the URL.) $host = $_SERVER["HTTP_HOST"]; $file = $_SERVER["SCRIPT_NAME"]; // make a log out link (can be used in on the main page) - $logout_link = "<a href='http://$host$file?logout'>Logout</a>"; // process any log out request if(isset($_GET['logout'])){ unset($_SESSION['loggedin']); header("Location: http://$host$file"); // redirect to the current page, without any GET parameters on the URL die(); // prevent the remainder of the code on the page from being executed } // process any log in request if(isset($_GET['login']) && !isset($_SESSION['loggedin'])){ // any validation, redisplay of entered values... not included in this demo code $form_errors = array(); // array to hold all form errors if(isset($auth[$_POST['username']]) && $auth[$_POST['username']] == $_POST['password']){ $_SESSION['loggedin'] = $_POST['username']; // indicate logged in header("Location: http://$host$file"); // redirect to the current page, without any GET parameters on the URL die(); // prevent the remainder of the code on the page from being executed } else { $form_errors[] = 'The username/password was not correct<br />'; } } // check if not logged in if(!isset($_SESSION['loggedin'])){ // the current visitor is not logged in // display any form error messages - if(!empty($form_errors)){ foreach($form_errors as $error){ echo $error; } } echo "You are not logged in, enter your username and password -"; ?> <form action="?login" method="post"> Username: <input type="text" name="username"><br /> Password: <input type="text" name="password"><br /> <input type="submit"> </form> <?php die(); // prevent the remainder of the code on the page from being executed } // at this point you are correctly logged in ?>

Just use php's built in error logging to do this for you - You would set error_reporting to E_ALL, display_errors to OFF, log_errors to ON, and error_log to the file you want to use. If your web sit is functional, the file system will be operational and you will be able to write to a log file. The same is not true of a database. The database server might be experiencing problems, which is causing the errors you would like to see and trying to log the resulting errors to the database won't work.

You would test and prove any changes on an off line copy of the site/database running on a development system first. You would also have a known good backup copy of the live database before you implement the actual changes on line. What do these numbers represent? What are the expected range of values? Also, INT(11) is the largest integer (you could use a BIGINT if you were only dealing with integer values), but you are correct that using an INT data type would drop the decimal parts. There are FLOAT and DECIMAL data types that would be the correct choice for storing decimal values.

That's the whole point of displaying the URL of the actual site you are on, to prevent people from being able to trick visitors into thinking they are on a different site. If it was possible to do what you are trying, there would be fake phishing sites all over the place.

The problem is that the code is almost 8 years out of date. It relies on register_globals to 'magically' populate program variables from the form's $_POST data. Register_globals were turned off by default in php4.2 in the year 2002. No new code, books, tutorials, or web hosting should have been written that relied on them or had them turned on after that point in time. Don't turn on register_globals on your development system to get your code to work because register_globals have been completely removed in upcoming php6. Register_globals also 'magically' let hackers set your session and program variables by simply setting same name GET parameters on the end of the URL and a lot of web sites have been taken over. Learn to use the correct $_GET, $_POST, $_COOKIE, $_SESSION, $_FILES, $_SERVER, and $_ENV variables in your code. If your code uses session_register(), session_is_registered(), or session_unregister(), you will need to make additional changes to eliminate those function calls and use the $_SESSION variables. If any of the code on the site you maintain also relies on register_globals to work, you will eventually need to update that code.

Here is the query that is failing - $getad = $db->query("SELECT * FROM D3_boxes_scroller WHERE uid =".$qid." order by theorder"); It's your code, were is $qid supposed to be set from?

That's not the syntax for an UPDATE query -

It's a php code error. The variable being put into the query is not defined or set anywhere in the code.

Since you have marked this as solved, I'll guess you found the problem, but the posted code cannot be your actual code because it has an extra single-quote that would cause a fatal parse error. Once that problem was fixed, your code worked for me as expected.

The 'code' you just posted does not have any php tags around the lines setting $type and produces this output - If you put php tags around the php code, it works as expected and produces -

echo ' $type["$city"] '; Variables inside of single-quotes are not parsed and replaced by their actual value (i.e. the initial and final single-quotes.). Also, if the only thing inside of a string is a variable, no need for any quotes (i.e. the double-quotes around $city.) echo $type[$city];

Since it is unlikely that your code or the problem that you need help with is exactly the same as the original poster's (OP), adding your question onto the end of his (unanswered) thread probably won't get you many more responses than the OP received. You need to A) Start your own thread for your problem, and B) ask a specific question about your code or an error your code is producing. Programming help forums can only address specific problems or questions, one at a time, in the few hundred words that would be written in the responses. As to the reason the OP did not get any responses. No one likely wanted to tackle the problem of figuring out which of the 167 lines of the posted code (which was posted with line numbers and not inside of the forum's tags, making it hard to read and unlikely for anyone to take, alter, and post a solution) was actually relevant to the problem and what the problem actually is (beyond here is my code, change it to do what I want.)

The relevant php code that is producing the query would have been nice to see (i.e you are asking someone else to tell you what is wrong with your code without ever seeing your code.) Best guess is you have a php variable that is supposed to supply the uid = _____ value, but the variable is either empty or not set at all and your validation logic did not test if it had a value before putting it into and attempting to execute the query.

The php code on that page does not set up a 'log in' that persists beyond the page request when the form is first submitted. It is just some authentication code. Your first step would be to modify that code so that it starts a session and sets a session variable that indicates the current visitor is logged in. You can then start (resume) a session on any page and test that session variable to see if the visitor is logged in or not.

The second $headers line is missing a concatenation dot ., so the first line is being completely replaced - $headers .= "Reply-to: $FFirstName <$FEmail>\r\n";

The From: address in the header must be a valid mail box at the sending mail server. I'm guessing the email that is the problem is the 'copy' you are sending to the visitor? If so, the $headers variable being used for it should probably just be the same as that being used in the main email that is being set to you (without the multipart/mixed; boundary= being used to attach the uploaded file to the email.)

It works and produces the $Source string found in php code in the the attached .zip file. The $Soruce string in your first post is both not long enough (the size should be approximately double the original file) nor does it start with the expected characters. [attachment deleted by admin]

Assuming the HTTP request that AJAX makes does send the correct value/id, you would need to use that value in a WHERE clause in your query so that only the corresponding row would be returned and output in the AJAX response. What method does your AJAX use to send values, GET or POST, and what is the name of the get/post parameter that is used?

I used my own image for testing. The actual image you just posted results in the following output from your 1st code and does work in the second code - $Source = "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCAClAGUDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDz77CksaTSFI1CLgbevFatrqNhFp7Wv2WB5B9yUoOPrWk+jm90WzEcYLMijcDnjA5rOPhudnVFDeVuwCB1oAh0+GyujKJlhDlvlIAArf0/wpAJGl8mNkONrYBFVI/DMEJOxmd8+nU102m3NzYSQW6wLJbqRvyM5NS720GrX1NxPCtkunRyDT7clh8x8pf8Kpnw9ZlsfYIP+/S/4VozW9xe2s2oaTcS2t1Gf9SzDYR6AH6Vjt4i8SzLeywaY7PbxnaxKCNR3Y/3mHpmkpW0ZTV9UXP7G0KzGb0WMGDgh41z+WK1rWfwdZsYXTSpE8veJFRGz6g8cdq4fw9o2v8AjW7kW/kkgs0ZmaSRCRu/urn3966+Twn4c8JaDfxybp5LqEgmbkt3AA7cirfkSvMr6v4q8IWoKW1pph3D75gQ7T9MV5R4l1e21TU4ns4IVgjUfKsQTJ75x1rPW1jnuTGSsYXOSTWnoNlH/acZjhW4dZBsR+Fx6n/CmkS2UDo9zbwRz3FjJHFL9x3jIDfQ0fY48f6tfyr0Dx94gutQuk0uPYbe1ALbB/Fjv/KuO8skYAJIHYVSEYV9AiFMIBnPQUVb1VFUxbTnIOePpRSY0eheFHj/ALGDWjgkQjckh6HHUVStvE1ul28c7ICrEBB/DjvVrw5aW954Zns7dzBLLAMSFuc46VgReCbeGRpLzUGWQDI2AkKff1qRm6det7dIppgixghlJ4J5wR/WrieONBVX8uUBly2GTr9K4ptOs9VvRb3evySuPkjbyiFHpnNVNU8Hapo8RuJo1kt92BNG24GiyA6SL4hXDaurGUixeTDLjkjIrUm8a/2vqSaFYACwkdd2BtMgByRn39a80SEZAIxVmEPG4eN2RgcgqcEUcqC7Pdf+E5s9PmSxtrWMwpGNoRwNvrzXmOpeKJtS1ua6uRNLAWJii80/J6YrES2uHQFmO0nqTzViOADHFUoibKhi3ys+3G4k1YiDRsrAkMpyCOuasCHBqRVMbBl+8pyKZJ1GkfD7WdWspdQnfyN6Fo0f78p7cdh7mqTSyeG7a40yWBXnd8yvGQw244GfY9RUE/ifxBdPtS/mDMoTbGTyACOn4mqV7b3EMvmLHMgkUAlhgknr+oNF9bFct43MDWHMkiPsC7ixwBgdqKNXDI8asCpGcg/hRSYkbNp4jktnjSyKG3CpuXHzcDmun+zXmoWqTRWpPnMGIkfHy5zg8d65XTLNrG2NyZLVIvLUrExDs5PPA7Vrp4i1CSz8tSIixHzKfmwKlopOzuUZtMKyu623kvG53D0rW0jWTATBdbPJk+8knzIfqKyWLStukJc9yxzQqgdFH5UDbu7nX3Fh4S1qEJcy2llMFwk0LBR/wIdKwtT8J6LbaeZbLX7We5U8RoDhh9ecGs/AA6dKXGKBFQGVU8sxk7T1HSnIjBfmRh+VWCOe1B7elO4rEXIH3f1pDu44AzUzIy4LKQD0pm3nI5ouwsS6def2dcmY28c7j7pckbfpz1q34lvZbmKwnzsEkZYqp4BBrMI7D8alvLoXFrbW3l/8e6ld2c7snPTtRcLGBrM01xJG8rtI3PJ59KKdq6IPJwoHXp+FFFwsadoP9Fi4/gH8qs7eelZPl6g9uGtZ1SOOEOwYDpj6e1JZ2mq3ZJF6uFIyvIzmkM2DhRliAPUmm/aIB/y1jH1YVVWy+dkuXWZOmOcfrSXHhuxiuFQGTawBxnpSGWWvLUHm4iH/AAMU1tSsQcfaY8n0NJH4YsPthiIcqHxgn/61Kvh3T1Vz5TfdOCTyP8/4+lMRItzE+ApJ3dDtIqXJBAjTfK5xGnqfU+wqGS3tbVInjiAIQZI6knsPet7TrWTTNMm1aaESXPlkqh6Io6ClcpI56+0XU/D7fappTdRXHMwHr7ehHanRSpKoZH3I3Kv6/UdjWm3iW7vfKgnggaG5IDJt6ZI96zNV0yXQrtnRTJaSH51Xt7j3FAhSMGq11cx2qtJIcD271OH3IpDBlcbkYD7w/wAa5/xJIxnij/h27se+aYhupapbTlAiyfLnOV+lFXfECBbDTDEgyYznHHZaKAsy9pyYsLpwSwa2GPm9FPftTtPn8uGZWbBLDGXz2rqvDPg+OHQ4xdOs32iMN3AAIzjio9S+HUV7P5kFwlqvTaseSfqTSuVY5W6BmCCOZfvLlAevNdFcWonaOQMo2KM/OOa5O5stQ0HU7izSGKVomx5u37w9Rk0n9pasepjH1Yf40gOw+zFb4TB4yhbJJcevp6f4Cq14q2sRJlBBHJzkgdyf89c+tcq+oakVw1xGv0kQVo+H5ZdQuRa3GxwvzuS3LAGi4WNfSdPmuLn7XcoVt0AFvG3Un+8a6e9jE9m9u7MokUq2D2xUSFZSkYAwBxgUuo6paWyrHcXUcZH8AO5vyFAGRbeGrZJYW8yVvKOVweuMdeK6G6sBNpckc2G8xehGQD61i2fiLR/tIWSefavdYWOT9MVrLqmnaiFisbyGRif9WflbH0PNAHAahp0+g3LFg0tpKcnH8J9R6EelZWv2skwimUhgEypA++p5yP8ACvUrmyjvNPngkTcWUhS3ZuxrzbWJW0y9WymnFwYsZjXGE46ZxTuFi3cPE+k6eZMfcbGfworBv9W84RKsbKqZwN30oosF2ei6f41tItMgUQlvKhRWJkAA4x/OpZPHsCrGfsqfvBlCZxzzj09a4q1ggXQA4aN5ZDGHjz90A5BJz35/Kq1+AsdoAkYVbdTw3+2TxzSsO4viPUTq95NfKnlNKm7huQOBisqG3JUcdq1rXS3vrCWbeFSOJFwep3H/AOtWtH4QuRdS7pUVI1Cg4ODxmkrFO5xwmB6Ia6Dwq7vqcHGMMSDnkDHIrFa2kh2hkOCeT2re8MJt1G2I7sRSGjuinm2zbTtYI3KnB4FcXNPbi88tSd+/G3HU9fWutdxBBuZjko4x+FcEHU6+S0iBfO+7t5+79KtGTLFt5CaqAJmMiyyDb5Y69xmpIPKa5YB9zJIxwQBgiqqyq2vMPMA3XEmAE55x3xRDIkeqSJvzmWQYCAc/WgD09BvgzIcA8qBWZrmm2ljolzqUdpC9yWDlpE3clgD+lXrm4VYFQbecckdKg1lvM8HXJc8+WTg+zf8A1qllo4HUZWura1mMcCFt/CxKo6j0FFRXDZ0+09i/8xRVEFm00+8Ol7UtQS5iYYb7ygEk9feoNUsr1LSKQ2wEccKoWz0OWyOv0rqdDdLfw3YpwZEjBbBz6msi/wBXjvBPbRyB2DgRoOuOM4HfvzUpluJV0u4KaZLGVwXeJcZ9ya7qVi9u8m8Y2nI/CuJs9JuIQpneFSJEY5fkKK2brXrW1ieFWeYnIxGvr7nipW5b21OaeMGFznjB4o0e8a3uYTFD55j3Fhu2gcHqe1V5pGCMOUXHPGTTjM8VqrReRFH1Clhlz6nvVRg1uTOaexfu/FF2AYozE2Ac4U4GfesY3+5vMYor5zlIxnP1qtLMpvC6MzFwC2AOKY00S98565rQyLJ1ALJ5gdt5Od3Q59akS6eVi4di2c5zk1nNcKR2/wC+adDPJI2xWbPYYoEdlo2uFx9kvnL5OUldiTn0NXfEGtrZ6H9jjkDmfKuueU5zn6GuAZ3DlfNKuD3NWLu+kkhVokxvj2yNjO7pn6dKlopMme+jNrChPKsxxnscUVj+ZgDLEfhRQB1EVrqaWsXlC4EWwYwDjGKn0TTWtZpJ5IXWUn5WdeAK27GfdZQKGY4jXnqOgp8ryDPP4EUuUfMc5q+rRw6kBMrvHF0jRtu4+5/pVK68UvcbEW2SJYwQu0DOSeT/ACo1bSryS8eeK2Z97ZJB4zWcNH1Fs4s3GO5qloS3cZJcSy5Jckd+eKrtI3Aya0IdGvHYb0Kr3wRnFTjw/KGy0qoD2xk0rgY4yTkKTRtc9FArfOj28Q/eSNJ9OKlhtLOJATChA7tzS5kOxz8dtNL9zn2FWo9J1CMpKkZyemDzW7vjQful2DsQBUMl5KH5YcUuYLGYdGv5vmaII38W5hVqPQpvKCySL9NxxU7agM5ByKZ9uckMWOaTbDQpX+lpbFBvT5s+vtRS6jMzshbA68flRTV7AdlBcolhbkkpiJeQfaoZNXjiQMI/M92PWuciuHNsmXJwBgelPjd5HUMCAenvQ5BY2zr9wYgkYRe+FFU572Uj95KSW7HoBVaKMIw3scA8e49afcSjeqovQdcVDkykiSK6G35Wp/mfJleTz+FUiy8Oc56YzR5zEcZBBxyOtICd3ClSzdRzznFQkicbAcDvxShySOVOOCTR8mSSuQfTPNFwsQeXIsfyAkEc1GVAQ4XA9SKtkbV+R+gyapTO2MKVOeQccimmFiBnIXOAfoKPMwcKQM9QaU2/DYYsajKhT8+QcfWqFYjumZtu5hnniimzsNqZO088UU0Imh1C3UKHLYwAcCpTq1vnOXOOnFReGdOt9U12K2uiogEcsz7n2giONpMEjoDtxn3rfh0TSm1eWeWCxSy/sz7XG4mnazJ8wR7j0mC5yu3lt+O1PlQXMf8AtmDaBlzj1UU3+1LUMWMkhPb5f/r1vNZeFNK1XUItQt1ZGe2+yZjmliCvFvdgVlQ7SWQrli20/dJzWVL4V2w6vcy3KQDSbiSG7ijjLCNt22MISfmDMCMkjAGTnuuRBzMrf2ra5P3zxwSKlTVbEqA8kgwOQE4zUF/Z6enhXS761ilW4mubiG4aR8hiiQkbQOg/eH3569MbWp6Rotvc3MQ06VU0rVo7CT7PIzSXiESZOGJAYmLjaAPnHHFPkQcxQj1XTQTveQ+hCU9da07yyrSS8DC4jA496nm8Ox6vf2NhZWCWeoMJXvLWzZ7jyYlwVOCzN5n3wUB7LwCao+MdFGja8tvDp11ZQS2tvLFFcK2/LRIX5PU7ywOOhBHGMUuRD5mSrqukg7maZiTz8nQVFJqenOuwNIqn/YyV9/etQWHh64tbS9exW1gi1WOC6hied5o4fnLCYN/GQhIMYxw2cHAqO6s9GuLrTr3TtJFzZ3PnxJbW6TRvJOiqcOGlc7RvQ5VhkZ6GjkQczMk3un7mAkkxuOG2Y4qrNcwliUlJ9Dtwa6iz0Gx1a81Cw0+Kxhun0uMyL5++C2nN3Ep2SMSfuEZwTyzKCaht/DmnX2lWVgt28F5Lq91aW8j2eGmbZAFWT5sooYn+9gueOtPlQrnNT3SS7TkkjqcdaKp0U7Bcms7y4sLuO6tZDHNGcq2AfY5B4II4IPBq7/wkeqfb/tnnx+Z5Xk7Ps8fleX12eVt2bc84xjPPWiimIfF4o1iK4nnF0jvOyu4lgjkUMowpVWUhSBwCoGBwKhj17VIojEt22xvNLqyqfMMgw5bI+YnA5OcYGMUUUAVXvJ3sYrJpM28MryomBwzhQxz15CL+X1rR/wCEq1oT2s/2tfMtHEkbeRHy4GAzfL87YGMtk0UUAVdR1e61Xy/tKWi+Vnb9ns4YM5x18tVz075x+NQXV5cXsyzXEm+RY44gcAYVECKOPRVA/CiigDQn8U61cywyvebZIZROHjiSNmkHR3KgF268tk8n1NKvirV0vEukmt1aOJ4ljFnD5QV/vDy9uznucZNFFAEFxrt/ctOWNvF9ogEEq29pFCrIHEgGEUDO5VOevGM44q3/AMJjr2x1+2qd8jSljbxlg7IqFw23IYqi/MDnqc5JyUUAYlFFFAH/2Q==";

You didn't exactly state what results you get. Your code worked as expected for me.

The ['error'] element will be a zero value if a file was selected and uploaded successfully. Nothing else really makes sense. The ["name"] element can be set, but there can still be upload errors and the ["tmp_name"] element will never be the string "none".

$_FILES["userfile"] will be an array. The php.net upload documentation shows what elements it contains - http://us3.php.net/manual/en/features.file-upload.php About the only time it would be NULL would be if uploads are not enabled on your server or the HTTP request for your page was not the result of a valid upload form with a form field by the name "userfile". You can also see what is in the array using the following code - echo "<pre>",print_r($_FILES,true),"</pre>";

Unfortunately, there is a gap between the actual defined and registered mime types (which were originally defined for SMTP email) http://www.iana.org/assignments/media-types/ and what each browser does (for example the x- types are non-standard and are not registered.) http://en.wikipedia.org/wiki/Internet_media_type Best bet is to test actual files in the target browsers.

Your code has no error checking or error reporting logic in it to get it to tell you why it is failing, so it will also be a little hard for anyone on a forum to tell you why either. For debugging purposes, echo mysql_error(); on the next line after your mysql_query() line to get php/mysql to tell you why the query is failing.