PFMaBiSmAd

It's not exactly clear what problem you are describing, but I suspect that once someone enters the correct captcha value, they can keep submitting values to your form processing code? You need to unset or clear $_SESSION["key"] in the form processing code so that a different correct captcha value must be entered for each submission. You must also test if $_SESSION["key"] is set (see the isset function) and that the value equals what was entered in the form field (a lot of people make the mistake of just testing if it is equal to what was entered in the form field, but if you visit their form processing code without visiting the form and enter nothing, nothing does equal nothing and the captcha test passes.)

Because magic_quotes_gpc is ON, your function does not escape the data. Therefore, any data that did not come from a post/get/cookie will not be escaped at all and any special sql characters in it, such as a ', will break the sql syntax and prevent a query from working. Your function needs to be rewritten anyway, because you should actually use stripslashes() to remove any escaping if magic_quotes_gpc is on, then unconditionally use mysql_real_escape_string() on any string data put into a query. You function should also only be used on any post/get/cookie data put into a query. You should directly use mysql_real_escape_string() on any other string data put into any query.

There's no code in your code to execute the UPDATE query. Adding a mysql_query() statement would be your best bet.

NOW() returns a string and there is no need to put single-quotes around it in the query.

Or see this link for a php built-in function that will also highlight the code - highlight_string

mysql_query() does not support multiple queries separated by semi-colons because too many people where not validating user supplied input being put into queries to prevent sql injection.

Try the same but with the header() statement uncommented (so that the code should attempt to output the header.)

The problem is because @rank is initially a NULL value it won't ever be anything but a NULL. You need to execute the following query first - SET @rank := 0

Wouldn't it make sense that you need to process the password identically when they register and you save a representation of the entered password and when you attempt to compare the entered password with the values that have been saved? Kind of like comparing apples to apples rather than apples to oranges

For debugging, try the following - echo "<pre>",print_r($row,true),"</pre>";

That would imply there is something wrong with your form. You would need to post it to get help with what it is doing.

And how would anyone be able to help you with that error or find what is causing it unless you post the error.

The code is in a file Statistics.inc. It is likely that this has been included/required into another file that is in a different folder. The fopen() is relative to the main file, not the included/required file. Is this the case? You either need to form a correct relative path, an absolute file system path (using $_SERVER['DOCUMENT_ROOT'] concatenated with the path/file information would make this easy), or alter the current working directory (CWD) to be that of where the alltime.txt file is located.

Cookies (regular and session id) are domain specific for security reasons. There's no pre-made script to do what you are asking because you must bypass security that is buit-in in the browser and on the server. To get this to work, you must both get the browser to pass a pieces of unique identifying information back and forth between domains (the only way to accomplish this is to pass it as part of the URL) and make each domain have access to the matching information on the server(s) (you must either make a shared file location that is accessible to both domains or use a database that is accessible to both domains.)

http://www.phpfreaks.com/forums/index.php/topic,277545.msg1313105.html#msg1313105

You must pass it on the end of the URL. I've got to ask why you want to share sessions between different domains, because browsers don't pass the session id using a cookie between domains so you must do this yourself in any link that your form that goes to one of your other domains.

Then either your code is not being executed at all or the mysql extension is not enabled on your server. What is your complete code, including the form that is submitting the data and have any mysql_ instructions executed correctly on your server?

Making a separate table for each user is bad and will cause you grief at every step. echo mysql_error(); after that line of code to find out why the query is failing.

Your session save handler would need to chmod the file with permissions that allow all user accounts to access it.

The query that is failing is the one later on the page containing the following term because there is no code setting $row - chat_mask_user_user_id != {$row['ID']} The reason for the mismatch in information being outout is because you are echoing $query then getting the mysql_error() output from a following die() instruction. As previously written (long long ago...), what trigger_error() does is dependent on error_reporting/display_errors/log_errors settings and should not be used in a debugging environment unless accompanied by instructions that would cause its output to become visible. Since we don't really know what you intended by the chat_mask_user_user_id != {$row['ID']} term, it will be a little hard to help with what it should be.

Perhaps if you posted all the code in the file. xxxxx out any sensitive information.

The query that is failing is NOT the one you have been posting or modifying.

I'll bet that the actual value in the cookie also includes single-quotes as part of the value.

There is no php.ini setting because the permissions for the session data files are set to the user that php is running under when each session data file is created. This prevents a script one site from being able to read the session data files of a different site. You would need to insure that the user account that the web server/php is running under was either the same for all the sites or you need to set the permissions on the folder so that it is accessible by all user accounts or create a specific folder where you have set the permissions as so that all user accounts can fully access it. The alternative is to change the session save handler from the default file save handler to a custom save handler that uses a database. There are several such php scripts posted about on the Internet.

You likely have a header error due to how the .php file is saved or something before the <?php tag. Add the following two lines of code immediately after the first opening <?php tag and temporarily comment out the header() statement - ini_set("display_errors", "1"); error_reporting(E_ALL);