rcorlew

Here is the script I use. It should be much of what you want. <?php session_start(); $HOST = 'localhost'; $USER = 'username'; $PASS = 'password'; $NAME = 'database_name'; $searchterm = $_GET["searchterm"]; $searchword = $_POST["searchword"]; $page = $_GET["page"]; $row_max = 10; if(isset($searchword)) { $searchterm = $searchword; } if(!isset($page)) { $page = 1; } if($page == 1) { $pagein = 0; } if($page > 1) { $pagein = $page * $rowmax - $rowmax; } if(isset($searchterm)) { // Connect to MySQL database $con = mysql_connect($HOST, $USER, $PASS); if (!$con) { // Since the entire script depends on connection, die if connection fails die("Error connecting to MySQL database!"); } mysql_select_db($NAME, $con); $cleansearch = mysql_real_escape_string($searchterm); $query = "SELECT * FROM table_name WHERE text LIKE '%$cleansearch%' LIMIT $pagein, $rowmax"; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ //Results here } if(!isset($_SESSION['number'])) { $query2 = mysql_query("SELECT * FROM table_name WHERE text LIKE '%$cleansearch%'"); $num_rows = mysql_num_rows($query2); $_SESSION['number'] = $num_rows; } $num_rows = $_SESSION['number']; $pagecount = ceil($num_rows / $rowmax); $resultinput = $pagein + 1; $resultsoutput = $pagein + $rowmax; if($resultsoutput > $num_rows) {$resultsoutput = $num_rows;} if ($pagecount > 1) { echo"<div align='center'><div style='width: 350px;'>"; echo "Page "; $x = 1; $y = $pagecount; for( $i = $x; $i <= $y; $i++ ) { print " <a href='search.php?searchterm=$osearch&page=$i'><b>[$i]</b></a> "; } echo "</div></div>"; } echo "<p align='center'>There were $num_rows results.<br />"; if($pagecount > 1) { echo "You are on page <b>$page</b><br />"; } echo "Viewing results $resultinput through $resultsoutput.</p>"; } if(!isset($searchterm)) { if(isset($_SESSION['number'])) { unset($_SESSION['number']); } echo "<form method='POST' action='search.php'> <input type='text' name='searchword' size='20' maxlength='20'> <input type='submit' name='submit' value='Search'> </form>"; } I use sessions variables to save server load from doing the same query multiple times. The only thing that my script does not do is to limit the pages to display, but that should be the easy part.

Are you using a db or different files for the different languages? If you are using a db with the text in different language, you could create multiple connection files for the db and then use a session stored variable to connect to the db in the preferred language.

Upload scripts are a pandoras box to getting hacked. The reason most are complicated to limit file types, directories and permissions. What exactly are you looking for? Images uploads are the most common, but you can upload anything given your server allows them and what size it will allow.

I used radar's solution, works great, tweaked my code a little and presto.

Let me start off by saying that the code works perfectly, the only thing is that I would like the users to be able to use more than one image format for their pictures. Currently the script only accepts jpg, but I would like to allow png and gif. Here is my code: if ($_FILES['userfile']['type'] != 'image/jpg') I am also using an array to detect images in the directory that works fine, I have not figured out how to use an array as the image/$type. $file_t = array('jpeg', 'jpg', 'ico', 'png', 'gif', 'bmp'); Any help would be mucho appreciado.

Personally, I use private directories for each user. Then I create sub-directories and so on. Then one benefit of that is if you keep track of logins and pageviews and stuff for each user/page, you can do some house cleaning every month by generating reports as to which file has not been seen in 6 months, which user has not logged in for over a year. Once you have that info, you can simply delete said user/directory and bingo, more space. Space costs money, the delete key is free, hahaha.

It is possible to echo images, first thing is the image has to be in the web server root, second all you have to do is this: echo "<img src='images/mypic.jpg' width='200' height='200' alt='My Pic' />"; Make sure you escape " with \" if you are used to doing echo(s) that way.

As for the graphics including gradients, working on them now, thanks for the spell check heads up. I am currently only 60-70% done with the site, so much more to come. The site is going to be a cross between webmd styled medical and a myspace styled community site. It is by far the most ambitious undertaking I have done yet to date, and I am doing it for myself as well as the people who suffer from various colorectal disorders. I am trying to build a collaboration between patients and doctors as well as with those who have gone through such things. Not trying to change the subject, but the scope of those disorders if life altering in so many ways, it is a personal crusade of mine so to speak. Thanks for the compliments, this is my first attempt at making a serious site instead of a fun site, I hope the design works well with the content, which I am working on tweaks to do just that.

That looks correct. Here is what your query would look like: <?php $result = mysql_query("UPDATE users SET login_time = CONCAT(COALESCE(login_time, ''), ' , $time)"); ?>

That would be in the user table. You would have a field that would track their login times, I just used the name login_time to make it easier to follow.

I am wondering if in theory, it more secure to create multiple users with different privileges to secure the database. One could be used for unregistered users, more than likely just internet surfers who can only view data. Another to be able to update but not delete such as a user login page that will track their logins. And finally a super user with all privileges.

What I do is to only track logins. You have to concate the the time of login into a mysql field using a common delimiter to separate time entries. When the time of login is checked you can simply manipulate the $row['login_time'] by exploding it into an array. $log_times = explode(",", $row['login_time']);//If you use a comma as the delimiter You could then count the array using: $log_check = count($log_times -1); Php starts arrays at position 0, this will get you current login Now you can use the exploded array along with the array count to display the current login, if you want to you can use other variables to get various logins by manipulating the math formula on $log_check: $last_log = "$log_times[$log_check]"; echo "$last_log"; I hope that gets you going in the right direction.

My suggestion mirrors AXISS, some rollover effect on the nav would be nice. Is this site live and ready, my brother is a Superman freak and I would like to send him a link if it is.

Thank you for all the replies, as always I try to incorporate all the suggestions, why else would someone ask for critique. I am going to press forward with the project now that the template is done, as usual, small tweaks will be made as the need arises after all the functions are in place. I also appreciate compliments, after looking at some of the sites we are asked to judge/comment on, I tried to make sure that the template was as finished as it could be before asking.

Ok I changed that. My only concern with smallish font sizes is one with accessibility and how it will look when it is printed. I am trying to keep all visitors in mine, given the targeted audience will vary greatly. I am also going to have different language versions hopefully in the future.

I think I may have made some adjustments you may like. Have a lookey now.

Yes built it myself. Why pay for something you have to chop up and redo to suit your needs anyway.

Let me start off by saying this is basically just a template as it is now, but the content will be added shortly after the template is finished. Second, I feel that a brief description of the site's purpose would also be nice. The site is a place where people with cololrectal disorders will come to share their experiences with others. We will also have people in the c-r field like doctors and nurses write articles as well as people in the research field to share information. The users will have the ability to create personal pages and stories to share with other users. There will also be a forum and private messaging system. All of these items will only be available to registered users, while the forum will be able to be browsed by anybody as well as most of the content minus the user pages and messaging systems. So the look I am going for is a clean and professional look as well as being straight forward to easily be able to retrieve information there. So without further a due, here is the link. http://www.mycrdisorder.org Comments appreciated.

Ok try changing this: <?php echo (!$style)?'default':$style ?> To this: if($_COOKIE[style] == null) {$style="blue";} if($_COOKIE[style] != null) {$style="$_COOKIE[style]";} <?php echo "$style" ?>

Another think I like to do is to use: $_SESSION['userid'] = "$userid"; //Nothing new there $scheck = (md5($userid)); $_SESSION['log'] = "$scheck"; Now here is one way to prevent spoofing: if($SESSION[log] == (md5($_SESSION[userid])) { //Do user's stuff here } else { echo "Oops, an error occured, please try logging in again"; unset($_SESSION['userid']); } It checks the hash of the userid against a newly created hash of the $_SESSION id, if they don't match, $_SESSION id is unset and the person will have to login in again, this will deter most curious hackers and crackers... On another note, please do not store $_SESSIONS in the default /tmp directory, make a folder above your public html folder and give it a name that will not lead one to beleive there is anything of value in there.

To me, it sounds like you maybe should restructre your databse. It looks like you are asking a series of true and false questions, and want to retreive the true answers from the database. You might want to think about making the structre like this: mysql row = id, username, true_answers Then have your form set up to only pass a variable when you field is checked. The from field would like shomething like this: <input type="radio" name="Lesson Planning" value="1"> Then only the fields that are true would be passed to the form processor. Then you would be able to put the options from the form into a string something like this: $string = "$var1 $var2 $var3"; Then you would insert those variables into the true_answers column. When you run your sql query to get the usernames true answers you would only have to pull out the string like this: $query = mysql_query("SELECT * FROM table_name WHERE username='$username'"); Then you would have a query that would only show true answers. In order to trim out any whitespaces in the string you would just have to do something like this: $mystring = "row[true_answers]": Then just present the true answer like this: $username, you picked $mystring.

Try moving the timeout to the top of the page, you are not setting it until the end and by then the default timeout is already set. You can also try chaning it to a number vastly greater than what you have.

try using 200000 instead of 200M on your ini_set

Yeah, post a small amount of code if you will, I think the prob is you are not using a variable to set the Pprice amount.

Is this the type if inromation you are trying to retreive: [table][tr] [td]User Answered $username $answer If it is then frost's post would work, if not show us a little more of the direction you are trying to go and we can try to help you out more.