MadTechie

It's this line if (!empty($name) && !empty($score) && !empty($screenshot)) { I would guess its the !empty($screenshot) part, that deals with the file being sent, add var_dump($_FILES); to get some more info eg $screenshot_type = $_FILES['screenshot']['type']; $screenshot_size = $_FILES['screenshot']['size']; //HERE var_dump($_FILES); EDIT: look at $_FILES['screenshot']['error'] if its NOT 0 (zero) then the file failed to upload of course post that info

The error messages normally contain some insightful wisdom, would you mind sharing them ?

Are you sure its in that code ? if so, why are you sure ?

If its from a form then your need to use some Javascript.. it really depends what your trying to do,

or MySQL SELECT *,DATE_ADD(TimeStampField, INTERVAL 7 DAYS) > NOW() as Over7Days FROM tokens if($row['Over7Days']){ echo "Over 7 days"; }

I removed the redirect and added the error check to this line if (strlen($name)>=1 && strlen($comment)>=1 && strlen($rate)>=1 && $stats[4]!=$ip && empty($ERROR)){ as it validated the comment and rate but you also needed it to fail if the captcha was invalid note: && empty($ERROR) So now when the captcha is invalid, the error gets set $ERROR = "WRONG CODE"; then will fail on the write to file check

Your right its not linked.. no offence but the code really needs to be re-written, I have got it working, but I still think it need re-doing, as theirs tons of issues, and it would be probably quicker to start over.. (no offence intended, as i believe you picked this up from another site) See zip attached [attachment deleted by admin]

Okay the reason for the error is this While the code is at the top of the file, its not before any output.. as your calling the file like this <center> <?php include "review.php"; ?> </center> So anything that if outputted before the include is still output.. thus causing the error. if you move <?php session_start(); // start session if not started yet $ERROR = ""; if(isset($_REQUEST['anti_spam_code'])) { if ($_SESSION['AntiSpamImage'] != $_REQUEST['anti_spam_code']) { // set antispam string to something random, in order to avoid reusing it once again $_SESSION['AntiSpamImage'] = rand(1,9999999); $ERROR = "WRONG CODE"; }else { // set antispam string to something random, in order to avoid reusing it once again $_SESSION['AntiSpamImage'] = rand(1,9999999); // everything is fine, proceed with processing feedback/comment/etc. //PROCESS POST /* SQL stuff for adding new comment etc */ header("Location: fraserwoodhotelrate.php"); //jump to new page exit(); } } ?> from review.php to the TOP of fraserwoodhotelrate.php if should be fine

Your on 9 posts, you need 10+

Not much of a hack, no hardware lock and default password! Full story FoxNews

will affect it if your using superglobals.. you shouldn't be using them, they are deprecated in PHP5 and removed in PHP6

Yep a RegEx seams the best option of course you have an array you can loop thought!

This is a place to learn.. the fact you are willing to learn means I am willing to help however if you need some time then that's fine too I have taken the liberty of updating your script, if you added a field called loginHASH type=varcahr(32) to the table2 table this may just work <?php include("connect1.php"); session_start(); $u = $_POST['username']; $p = $_POST['password']; $logoff = $_GET['logoff']; $hack = $_GET['hack']; if($logoff){ unset($_SESSION['userid']); $message = "You have been logged off"; } if($hack){ $message = "Naughty Naughty! "; // COOL } // escape username and password for use in SQL//person said on board "looks fine" like this //to prevent sql injections $u = mysql_real_escape_string($u); $p = mysql_real_escape_string($p); // if fields username and password have contents, then... #isset isn't needed as !empty covers it if(!empty($u) && !empty($p)){ ///changed from if ($u && $p) $query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'"); $result = mysql_fetch_array($query); if($result['username']){ // if username is set, go on...username is a key for $result, and a field in the table. $message = "You have been logged in"; $_SESSION['userid'] = $result['username']; /** * Security HASH */ //SET session loginHASH to a random hash (some random hex) $_SESSION['loginHASH']= md5(uniqid(mt_rand(), true)); //Update users records in the users table with the above hash mysql_query("UPDATE table2 SET loginHASH ='".$_SESSION['loginHASH']."' WHERE username = '$u' AND password = '$p' LIMIT 0,1"); header("Location:old.mainsite.php"); // this will redirect them to the application.php page. and exit the script here. exit; }else{ $message = "You do not exist on the system"; } } ?> New file auth.php <?php session_start(); include("connect1.php"); //Check the current users session ID and HASH with the ones in the database $result = mysql_query("SELECT loginHASH FROM table2 WHERE loginHASH ='".$_SESSION['loginHASH']."' AND username = '".$_SESSION['userid']."' LIMIT 0,1"); //if not found then kick out if(mysql_num_rows($result) < 1){ session_start(); $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-86400, '/'); } session_destroy(); header("location: home.php"); //redirect home } ?> add to the start of member only pages required("auth.php");

What part are you stuck on ? is it the logic OR the actual code.. I'll try to break it down more if you like, i hope the comments make sense Oh here's the SQL in a more basic form that you are probably more used to mysql_query("UPDATE users SET loginHASH ='".$_SESSION['loginHASH']."' WHERE ID = $UserID LIMIT 0,1"); $result = mysql_query("SELECT loginHASH FROM WHERE loginHASH ='".$_SESSION['loginHASH']."' AND ID = $UserID LIMIT 0,1");

Try using cURL instead, see what errors you get

I am trying to keep it simple.. okay i have added some comments to the above, heres a example User A: logs in as BOB System: creates a new HASH and updates the users Database details with the new HASH (ie 123) User A: goes to a page System: checks the session HASH with that in the database.. they match its fine User B: logs in as BOB System: creates a new HASH and updates the users Database details with the new HASH (ie 456) User B: goes to a page System: checks the session HASH with that in the database.. they match its fine User A: goes to a page System: checks the session HASH with that in the database.. they no longer match as Users A HASH is 123 but the database now has 456.. this system kicks him out USER A & B refer people/sessions,

This is all untested and written direct so probably wrong Add a field (ie loginHASH varchar(32) ) via a DB manager ie: phpMyAdmin then find the code that checks for logins, and add a update query to add a the hash ie //SET session loginHASH to a random hash (some random hex) $_SESSION['loginHASH']= md5(uniqid(mt_rand(), true)); //Update users records in the users table with the above hash mysql_query(sprintf("UPDATE users SET loginHASH ='%s' WHERE ID = %d LIMIT 0,1", $_SESSION['loginHASH'],$UserID)); then to check.. do something like //Check the current users session ID and HASH with the ones in the database $result = mysql_query(sprintf("SELECT loginHASH FROM WHERE loginHASH ='%s' AND ID = %d LIMIT 0,1", $_SESSION['loginHASH'],$UserID)); //if not found then kick out if(mysql_num_rows($result) < 1) logout(); //logout function //wipe session of current user function logout() { session_start(); $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-86400, '/'); } session_destroy(); header("location: home.php"); //redirect home } EDIT: note that $UserID is the users ID thus probably $_SESSION['userid'] EDIT #2: added limit's (okay its not that great but you get the idea)

This should be an easier option for you If you add a random hash to the users record (in the database) when they login and keep a copy in a session, then check that session hash with the DB hash, and if they don't match then log them out.. Now if a second person logs in, the system kicks the first one out.

is it possible to attach fraserwoodhotelrate.php or PM me it (as a file) ?

you have a trailing slash..so try echo file_get_contents("http://southcoast.craigslist.org/sss".$link);

Humm.. I mainly use 1 more than 3.. But I guess its what you used to.. I use them all , it depends on the case.. i don't think speed is much of an issue since the release of PHP5,

The code i posted should "Open" it

Okay.. Here are some examples $Var = "Testing<BR />\n" echo "1 here is a quote \" and a single quote ' $Var"; echo '2 here is a quote " and a single quote \' $Var'; echo '3 here is a quote " and a single quote \' '.$Var; 1 = this uses double quotes thus i escape the double quotes inside (\") 2 = this uses single quotes thus i escape the single quotes inside (\') BUT notice that $Var doesn't get parsed, this is because variable don't get parsed inside single quotes 3 = same as 2 BUT i moved $Var outside the quotes by concatenation (the dot . joins then) I Hope that helps

Oh your need the full path echo file_get_contents("http://southcoast.craigslist.org/sss/$link"); Note: this is just an example it will just echo the contents of the pages to screen,

its the same a any HTML (moving to HTML Help) <IMG src="path/to/image.jpg">