premiso

You probably did not lose everything, but the themes may be incompatible with your version of NUKE, I have never used NUKE so I do not know. Try removing the new themes and replace them with the old.

$cmd = isset($_GET['cmd'])?$_GET['cmd']:1; Not sure, replace that line though I had it wrong earlier. See if that maybe fixes the problem.

I must be in a nice mood: <?php // Mysqlconnection needs to be started before calling the functions. Usage is at the end of the file. function retrieveOrgList($parentid=false) { $parentid = ($parentid==false)?0:$parentid; $query = mysql_query("SELECT org.id, org.company_name, rel.superior, userid, us.firstname, us.surname, us.job_title, us.job_role, us.image FROM organisations org, relationships rel, users us WHERE rel.organisationid = org.id AND rel.userid = us.id AND superior = " . $parentid) or die(mysql_error()); $numRows = mysql_num_rows($query); $orgArray = "none"; if ($numRows > 0) { $orgArray=array(); while ($row = mysql_fetch_assoc($query)) { $orgArray[$row['company_name']]['id'] = $row['id']; $orgArray[$row['company_name']]['superior'] = $row['superior']; $orgArray[$row['company_name']]['userid'] = $row['userid']; $orgArray[$row['company_name']]['firstname'] = $row['firstname']; $orgArray[$row['company_name']]['surname'] = $row['surname']; $orgArray[$row['company_name']]['job_title'] = $row['job_title']; $orgArray[$row['company_name']]['job_role'] = $row['job_role']; $orgArray[$row['company_name']]['image'] = $row['image']; $orgArray[$row['company_name']]['unders'] = retrieveCategoryList($row['userid']); } } return $orgArray; } function displayOrgs($org=false, $charDisp=0) { if (!$org) { if ($charDisp != 0) { $orgs = retrieveCategoryList($charDisp); }else { $orgs = retrieveCategoryList(); } foreach ($orgs as $org) { displayOrgs($org); } }else { echo str_repeat("_", $charDisp) . $org['firstname'] . "<br />"; if ($org['unders'] != "none") { foreach ($org['unders'] as $value) { displayOrgs($value, $charDisp+1); } } } } displayOrgs(false, 0); echo "<pre>"; // Lets just pull out a set of organizations. print_r(retrieveOrgList()); ?> And a side note: insert into `users` (`id`, `firstname`, `surname`, `job_title`, `job_role`, `image`) VALUES (4, 'jerk', '', '', '', ''); I had to add that to mysql, since you have a relationship to a user4, but no user 4.

Register_globals is off in PHP 5 by default, so any code that used GET or POST or COOKIE or SESSION data will have to be re-written to $_GET['cmd'] etc... <?php require ("config.php"); include("functions.php"); $cmd = (isset($cmd))?$_GET['cmd']:1; switch($cmd) { case 1:$file="mainpage.php"; break; case 2:$file="signup.php"; break; case 3:$file="viewprofile.php"; break; } include("header.php"); include($file); include("footer.php"); include("conclose.php"); You will probably have to do the same thing with $username etc. Anything that comes from a query string or POST data needs to be changed like I did to $cmd.

mysql_real_escape_string should only be for database entries. For emails you just need to remove the initial slashes. $left1 = stripslashes($_POST['content_left']); $right1 = stripslashes($_POST['content_right']); If, for whatever reason your server doubles up on the slashes you can call that function twice, but it should not be doing this. Can you post that code that sends the email?

Flip the strip and the escape: $left1 = mysql_real_escape_string(stripslashes($_POST['content_left'])); $right1 = mysql_real_escape_string(stripslashes($_POST['content_right'])); You want to strip them before escaping or else you run into the same problem.

Dont forget that some users, everytime their browser closes they wipe out their cookies (I do that all the time). Storing it in DB on each load is the best way to go imo. Then when that user logs in restore their shopping cart. If the user is not registered, well they should have registered.

Check to see if magic_quotes are turned on, if so you need stripslashes on the post data before running mysql_escape_string, and I think you should be using mysql_real_escape_string I think the mysql_escape_string is depreciated. The reason you get the \\\\\\ is from double escaping. You can use this function to test if magic quote are on get_magic_quotes_gpc. That came from the mysql_escape_string man page.

<?php $result=mysql_query($query) or die(mysql_error()); while($row=mysql_fetch_array($result)) { $fru_ids=explode(",",$row['fru_id']); $query1="SELECT name FROM fruits WHERE fruit_id IN($fru_id) ORDER BY fruit_id"; $result2=mysql_query($query1) or die(mysql_error()); $fruits = array(); // reset array. while ($row2 = mysql_fetch_assoc($result2)) { $fruits[] = $row2['name']; } $row['fruits'] = implode(", ", $fruits); } ?> I think that is what you want.

Send via post, not get. Get has limitations, and as far as I know Post does not (unless it is an absurdly huge text file. Like 2MBs or something)

How are you reading the data into $uploaded_files ?

I think you would be better off putting that info the DB instead of in a cookie. Either serialize the session array and put it in a DB column or make a column for each possible item in the array. I would make the DB field a text type and have the primary key be the userid, then on re-login check if they have a session in progress, if they do re-instantiate that session. EDIT: To do this you would want to update the DB each time the page is reloaded, so you have the most up to date session data stored.

I would suggest this, the reason yours was not working is because you do not have the right conditionals in the OR $allowedTypes = array("image/png", "image/jpeg", "image/gif", "image/jpg"); if (($_FILES['userfile']['size']) < 60001 AND in_array($_FILES['userfile']['type'], $allowedTypes)) { That should be much easier =)

I believe if it is not moved via the script, it will be deleted on script completetion. But not 100% sure on that.

Where is $ir['turns']; being declared/defined/set at? Can you post that code?

echo '<pre>'; $file_size = $_FILES['userfile']['size']; if ($file_size <= MAX_FILE_SIZE) { if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } } Something like that might do.

I think that filetype needs to be called on the actual file name, you already have the type apparently just be calling the $_FILES array index of ['type'] like you have shown.....

Why not try curl or for a simpler route, file_get_contents Curl is quicker, but file_get_contents is easier =)

I do not know if this is the problem or not but in your form code: <form method=post action=street.php?action=scavenge><input type=hidden name=action value=scavenge> You define "action" twice. I would remove the hidden input part, as it is not needed: <form method=post action=street.php?action=scavenge> Change it to be just that without the hidden input and see if that fixes the issue.

Usually any file over 2mb will time out the browser. I am not sure how to check this before upload (or if that is possible maybe JScript). But if the file is too big either A the browser will timeout or B the php will give an error. I do not deal with file uploads too much, but maybe someone else can shed some light on it.

"I dont think it worked" ....classic, should be added to a signature. <?php session_start(); // start sessions up here. mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("members") or die(mysql_error()); $username = $_COOKIE['ID_my_site']; mysql_query("UPDATE `users` SET `location` = 'Forest Of Death' WHERE username = '$username'") or die(mysql_error()); echo "<center>You have entered the Forest of Death. death lurks around every corner, every tree, every face... " . "</center>"; $target = $_GET['target']; $result = mysql_query("SELECT `location` FROM `users` WHERE `username` = '$username'") or die(mysql_error()); $row = mysql_fetch_row($result); $mylocation = $row[0]; $result = mysql_query("SELECT `location` FROM `users` WHERE `username` = '$target'") or die(mysql_error()); $row = mysql_fetch_row($result); $hislocation = $row[0]; IF ($mylocation == $hislocation) { echo 'Yes it still worked cause they can attack me! His Location: ' . $hislocation . ' MyLocation: ' . $mylocation; } else { echo 'Yes it still worked cause they cannot attack me! His Location: ' . $hislocation . ' MyLocation: ' . $mylocation; } if(!isset($_GET['user'])) { echo "You have not selected a user to fight!<br><br>"; $NPCS = mysql_query("SELECT * FROM `users`"); while($Show = mysql_fetch_array($NPCS)) { echo "<a href=\"AttackPlayer.php? Action=Attack&user=" . $Show['username'] . "\">" . $Show['username'] . "</a><br>"; } exit(); } $NPC = mysql_escape_string($_GET['user']); $username = $_COOKIE['ID_my_site']; if($_GET[Action] = Attack) { if($username == $NPC){echo "You cannot fight yourself! <br><br>"; exit();} $UserS = mysql_query("SELECT * FROM `users` WHERE username='$username'"); $UserS = mysql_fetch_array($UserS); $UserH = $UserS['health']; if($UserH == '0'){echo "You have no health you cannot fight! <br><br>"; exit();} $UserA = $UserS['skill']; $UserK = $UserS['kills'] +1; $UserSkill = $UserS['skill']; $UserA *= .1; $NPCS = mysql_query("SELECT * FROM `users` WHERE username='$NPC'"); $NPCS = mysql_fetch_array($NPCS); $NPCH = $NPCS['health']; if($NPCH == '0'){echo "You cannot attack someone that has no health! <br><br>"; exit();} $NPCA = $NPCS['skill']; $NPCSkill = $NPCS['skill']; $NPCA *= .1; $run = 1; While($run > 0){ $NPCH -= $UserA; if($NPCH <= 0) { $xp = $NPCSkill * .035; echo "You win and have gained " . $xp . " skill from " . $NPC . ""; $UserA = $UserSkill + $xp; mysql_query("UPDATE `users` SET skill='$UserA', health='$UserH', kills='$UserK' WHERE username='$username'"); $NPCA = $NPCSkill * .97; mysql_query("UPDATE `users` SET skill='$NPCA', health='0' WHERE username='$NPC'"); exit(); } $UserH -= $NPCA; if($UserH <= 0) { echo "You have lost"; $xp = $UserSkill * .035; $UserA = $NPCSkill + $xp; mysql_query("UPDATE `users` SET skill='$UserA', health='$UserH', kill='kill +1' WHERE username='$NPC'"); $UserA = $UserSkill * .97; mysql_query("UPDATE `users` SET skill='$UserA', health='0' WHERE username='$username'"); exit(); } } } ?> </body> </html> Now give that a try, if it does not work, report back "What is not working and How it should be working". Not just, its not working. Cause that does not tell us anything.

You can set the page to not cache using header. <?php header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past ?> So each time the page is loaded it must be refreshed....

If the spaces are at the beginning or end of the deal you can use trim on each variable to trim them out. If they are mixed in and I take "enter spaces" as a new line you can try using str_replace <?php $test = "This is a test\n of the emergency\r\n brodcast system"; $replace = array("\n", "\r\n"); $test = str_replace($replace, "", $test); ?> Either way that should help you out a bit.

Use an md5 hash using time as a salt: $uploaddir = 'C:/xampp/htdocs/project/clogos/'; $uploadfile = $uploaddir . md5(time() . basename($_FILES['userfile']['name'])); Should give you a unique hash, you could even throw the username in there too as part of the salt so it is unique to that user with the time etc.

View the source of your page in Firefox and paste the actual HTML so we can take a look at what is being outputted to the browser.