MadTechie

not sure about what the $_SESSION[valid] == "yes" is for but the rest looks fine code note: $_SESSION[ip] = $ip; should be $_SESSION['ip'] = $ip; same for the useragent and valid session

$in = imagecreatefromgif("http://www.habbo.co.uk/habbo-imaging/avatarimage?user=$habbo[0]&action=std&direction=4&head_direction=3&gesture=sml&size=l&img_format=gif"); should be $in = imagecreatefromgif("http://www.habbo.co.uk/habbo-imaging/avatarimage?user=$text&action=std&direction=4&head_direction=3&gesture=sml&size=l&img_format=gif"); But without knowing the errors i can't say!

function process_includes should return $filestuff, otherwise its pointless.. your need to look at the start_skin and change the echo/prints to sets ie echo "<title>test</title>"; to $contents = "<title>test</title>"; then return echo $contents; or use ob_start to capture the output

try somethingk like this **untested <?php //dbConnect.php function ConnectTo($db2con) { $hostName = "localhost"; $dbName = "nnyserve_".$db2con; $userName = "nnyserve_username"; $password = "password"; $link = mysql_connect($hostName, $userName, $password) or die("Unable to connect to host $hostName"); mysql_select_db($dbName, $link) or die( "Unable to select database $dbName"); return $link; } ?> <?php //main script $today = date("Y/m/d"); $unixtime = date("U"); // connection information include_once("../dbConnect.php"); $reports = ConnectTo("reports"); $query = mysql_query("SELECT * FROM v2breakdown WHERE DATE_FORMAT(FROM_UNIXTIME(`entrydate`), '%Y/%m/%d') = '$today'", $reports) or die(mysql_error()); // connection information $stats = ConnectTo("stats"); while ($row = mysql_fetch_assoc($query)) { //SQL injection problem mysql_query("INSERT INTO v2ActsMTD (gendate, store, region, spnew, sp12, sp22, nxnew, nx12, nx22) VALUES ('$unixtime', '".$row['store']."', '".$row['region']."', '".$_POST['spNew']."', '".$_POST[sp12Mo]."', '".$_POST['sp22Mo']."', '".$_POST['nxNew']."', '".$_POST['nx12Mo']."', '".$_POST['nx22Mo']."')", $stats) or die(mysql_error()); } ?>

can you post the process_includes function

on a v.quick look shouldn't if (preg_match("/^x10exchange/", '$data')) { be if (preg_match("/^x10exchange/", $data)) { (no single quotes on $data)

When you use Sessions you get a session key, this is stored in a cookie or the URL, this key links the clients browser to a set of varibles on the server, while this works well a problem exists where as another use may sniff the transaction or by whatever means find out the key, their can then edit/create their own cookie/get request with the same key and thus spoofing your transactions, (look up "session hijacking"), regenerate session id, will assign a new key to that member, thus reducing the chances of it beening hi-jacked, other things you should also do are store the members IP and Agent in a session and compare them to check they are the same as the users.. hope that makes sense

$puser = $array['Username']; should probably be $puser = $array['username'];

Oh as a note:~ you might want to change strpos to stripos, (case-insensitive) to make your ban list shorter

Well $C=$_GET['c']; should be $c=$_GET['c']; apart from that its fine

erm.. something like this would do it.. <?php $message = "this is my test, of bad words"; $foundBadWord = filter($message); if($foundBadWord) { header("Location: ban.php"); exit; } echo $message; function filter($message) { //Get contents from file $Ban = file_get_contents ("filter.txt"); //Get contents from string(for testing) #$Ban = "tests\ntesting"; //put into a array $BanWords = explode("\n",$Ban); foreach($BanWords as $B) { //check for bad word if (strpos($message,$B)) { //found one return false; } } //none found return true; } ?> but remember the rules that come with header.. also i think just replacing the bad word with ***** would work better!

would need to see some code, your probably filtering it, relly you should use urlencode/urldecode

i'm not sure what your asking here if you want the option to send via site or email you could change <input type=\"hidden\" name=\"type\" value=\"2\" class=\"text_box\"> *theirs a few! to <input type=\"radio\" name=\"type\" value=\"1\" class=\"text_box\" alt=\"Click here if you are sending your message outside this site via email\" title=\"Click here if you are sending your message outside this site via email\"> Email <input type=\"radio\" name=\"type\" value=\"2\" checked class=\"text_box\" alt=\"Click here if you are sending a message within this site and NOT via email!\" title=\"Click here if you are sending a message within this site and NOT via email!\"> Private Message <br>

update while ($row = mysql_fetch_assoc($result)) to while ($row = mysql_fetch_assoc($results)) note the s on $results, my fault really

change <?php if (mysql_affected_rows() == 1) { // If it ran OK. // Send the email. $headers = "From: \"blah\" < noreply@blah.com >\r\n"; $headers .= "Reply-To: noreply@blah.com\r\n"; $body = "$first_name $last_name,\n"; $body .= "You account has been activated.\n\n"; $body .= "blah.com"; mail($email, 'Registration Confirmation', $body, $headers); } else { echo ' Account could not be activated. We apologize for any inconvenience.'; } ?> to <?php while ($row = mysql_fetch_assoc($result)) { // Send the email. $headers = "From: \"blah\" < noreply@blah.com >\r\n"; $headers .= "Reply-To: noreply@blah.com\r\n"; $body = "{$row['first_name']} {$row['last_name']},\n"; $body .= "You account has been activated.\n\n"; $body .= "blah.com"; mail($row['email'], 'Registration Confirmation', $body, $headers); }?>

change <?php default: $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND status = 'unread' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); echo "You have {$msg['msgs']} new messages"; $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '{$_COOKIE['ELv2']}' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); echo "You have {$msg['msgs']} messages!"; ?> to <?php $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '{$_COOKIE['ELv2']}' AND status = 'unread' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); echo "You have {$msg['msgs']} new messages"; ?>

mail($email, 'Registration Confirmation', $body, $headers); <--add the ;

this code <?php default: $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); echo "You have {$msg['msgs']} messages"; ?> update $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND `site` = '$Z' "; to this for unread messages $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND status = 'unread' AND `site` = '$Z' "; EDIT: also update echo "You have {$msg['msgs']} messages"; to echo "You have {$msg['msgs']} NEW messages"; EDIT #2: infact replace <?php default: $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); echo "You have {$msg['msgs']} messages"; ?> with <?php default: $query = "SELECT count(*) as msgs FROM `messages` WHERE `to` = '$u' AND status = 'unread' AND `site` = '$Z' "; $sql = mysql_query($query) or die("MySQL Error in query: ".$query."<br />".mysql_error()); $msg = mysql_fetch_array($sql); if($msg['msgs'] > 0) { echo "You have <b>{$msg['msgs']}</b> new messages"; } ?>

as i said you could tweak it from lists.. it was just a starting base!

Maybe somthing like this Test if the file does not exists then use it <?php $FILE_NAME = "test.jpg"; $FILE_DIRECTORY = "/path/php5/"; if (preg_match('/(^.*?)+(?:\((\d+)\))?(\.(?:\w){0,3}$)/si', $FILE_NAME, $regs)) { $filename = $regs[1]; $copies = (int)$regs[2]; $fileext = $regs[3]; $fullfile = $FILE_DIRECTORY.$FILE_NAME; while(file_exists($fullfile) && !is_dir($fullfile)) { $copies = $copies+1; $FILE_NAME = $filename."(".$copies.")".$fileext; $fullfile = $FILE_DIRECTORY.$FILE_NAME; } } echo $FILE_NAME; ?>

you missed one case "sview": $update = mysql_query("UPDATE `messages` SET status = 'read' WHERE `id`='$id' AND `site`= $Z"); to case "sview": $update = mysql_query("UPDATE `messages` SET status = 'read' WHERE `id`='$id' AND `site`= '$Z'");

Sounds like a AJAX job, see Dynamic DropDown PHP/AJAX for and example of a drop down you would tweak to do lists

rhodesa seams better, he also included some SQL injection protection

well i assumed it was a int but if its not working then its probably a string thus last post should fix it

two lines have UPDATE `messages` SET `status`='read' WHERE `id`='$id' AND `site`=$Z update to UPDATE `messages` SET `status`='read' WHERE `id`='$id' AND `site`='$Z' $Z to '$Z' I don't know where $Z is set but this should fix it