nuxy

Oh, never knew you get an "G" grade.

I think i'll try with underscores to identify functions made by me in the script. It can get rather frustrating having a function such as "stripslashes" and "strip_slashes", one that the person has made, and the other that is an built in php function. I normally, when making an OOP application use upper and lower case names. I use variables in arrays though, instead of something alike "user_name" and "user_id" I would just assign an array to it, "user[name]" and "user[id]". Some might be fluent in JavaScript where the function names are case sensitive and do it out of habit... Oh, I never knew Javascript was case sensitive, that's properly why most of my applications does not work. ):

Well, to start of, i'm 15, 5 and live in South Africa(the land of the insane and mentally retarded government). I was born in Centurion, and moved arround quite allot because of divorced mother and father. I was living with my mom until last year decmeber, when some family drama took place and I came and lived with my father and step mom, along with their four dogs, one bird who constantly tries to be a dog and a few mouses who comes to visit now and then. I speak Afrikaans fluently, as well as English, I also hate out government, changing names, stealing money, letting rapists, murderess and all types of criminals out when the president's birthday comes. I should also mention that the president has to be drained of alcohol three days before he has to do a public speech, they also think that Zuma, a well know government rapist should become president, well done south africa. I was in public school for most of my live, until grade 8 when I went over to home schooling, that was properly one of the worst mistakes I ever made in my life. I was never really a person to stay at home and be bored with simple things such as school(especially school). I'm not the sharpest/smartest kid you'll ever meet, I have really lost my intelligence with being home schooled, not constant presure the whole time made my less commuted to work, and such. I'm going to public school next year, and into grade 10, and then after school I would really like to go and study OS's(especially unix/linux). I were exposed to PHP the first time when I had to manage an website I had just purchased off of some person, this should have been the worst mistake ever, but I can't really say that, because that is when I learned PHP and MySQL. I have been playing around with programming languages such as VB6, C#, C++, Perl and a bit of Python ever since(and ofcource mentioning that I still can't remember how to do a hello world), and DBMS's such as Oracle, MSSQL and pgSQL. I have been working with php for about eleven months now. I have been making visits to the dark side for a time now, mainly I try to help people out by helping with informing them with new vulnerabilities that are found and so on, I really don't want to be criticized by this, as I know many people hate people alike me. I mainly don't exploit when I find them, I would rather contact the owner of the website and state the technical details of the exploit. I am very short tempered, so that means I get frustrated and bored quite quickly. I hate it when people try and judge people from their age, I agree that people my age are very, very annoying, but this just makes me proof that I'm more mature for my age group. And that is about it from me. (:

I really don't think that getting the most efficiency out of our web browsing is making us stupider. Though, I agree that simple things such as unit conversion done by google is making us little less informed about how to do simple tasks. If google was making me dumber every single time I used it to search something, I would be real idiotic right now. I learnt how to do many things on google, but still, I know that 70% of people still doesn't know how to search with google to get specific data. Alike real keywords such as intitle, inurl, filetype and many others.

Are you using this script within a loop of some sort? Because it seems it is executing multiple times, and not once.

Well, I hope this is the correct section to post this in. Anyways, I have been wondering, which is better/work. Like I recently saw something alike the following. Error_Reporting(E_NOTICE); Does this produce an error, or is it just someone trying to be neat/clean and making it uppercase. Also, with functions, I read somewhere, that the first character of a function/variable has to be lowercase and alphabetical. Is this true, and if so, why would scripts work with such things?

Sorry, but I have to correct you. Action Script 1.0, 2.0 and 3.0 is nothing alike PHP not C#.

Change the error reporting to something like E_ERROR. Then it will only display fatal errors produced by the script. <?php error_reporting(E_ERROR); require_once('../Connections/p2w.php'); //This is the directory where images will be saved $target = "../news/"; // strip file_name of slashes $file_name = $_FILES['photo'. $x]['name']; $file_name = stripslashes($file_name); $file_name = str_replace("'","",$file_name); if(file_exists($target. $file_name) ) echo " $file_name Exists"; else { echo 'The file you requested does not exist'; exit; } //This gets all the other information from the form $headline=$_POST['headline']; $contents=$_POST['contents']; $photo1=($_FILES['photo1']['name']); $photo2=($_FILES['photo2']['name']); $photo3=($_FILES['photo3']['name']); $title1=$_POST['title1']; $title2=$_POST['title2']; $title3=$_POST['title3']; $link=$_POST['link']; //Writes the photo to the server for ($x=1;$x<=3;$x++){ $photo ='photo'.$x; $target = "../news/" . basename( $_FILES[$photo]['name']); if (($_FILES[$photo]["type"] == "image/gif") || ($_FILES[$photo]["type"] == "image/png") || ($_FILES[$photo]["type"] == "image/jpeg") || ($_FILES[$photo]["type"] == "image/pjpeg") && ($_FILES[$photo]["size"] < 1000000)){ if(move_uploaded_file($_FILES[$photo]['tmp_name'], $target)){ //Tells you if its all ok echo "Success."; $photo=""; } } else { //Gives and error if its not ++$count; } } if ($count > 0){ echo $count .'failed to upload '; } else { //Writes the information to the database $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="preparetowin"; // Database name $tbl_name="news"; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("INSERT INTO `news` VALUES (NULL,'$headline','$contents','$photo1','$photo2','$photo3','$title1','$title2','$title3','$link')") ; print "<meta http-equiv=\"refresh\" content=\"0;URL=news_added_successfully.php\">"; } ?>

Firstly, clean your input variables, and then process them. Still, you did not answer my question, why it the user_id referring to an directory/file? <?php session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login.php'); exit; } include("config.php"); $user_id = mysql_real_escape_chars(htmlspecialchars($_GET['user_id'])); $sql = "SELECT " . $user_id . " FROM table_auth_user"; $query = mysql_query($sql); while($row = mysql_fetch_array($query)) { echo "".$row['user_id'].""; echo "<br /></div>"; } ?>

Well, if you want your script to continue executing when the file does exist, it should not exit. Try the following script. <?php error_reporting(E_ALL); require_once('../Connections/p2w.php'); //This is the directory where images will be saved $target = "../news/"; // strip file_name of slashes $file_name = $_FILES['photo'. $x]['name']; $file_name = stripslashes($file_name); $file_name = str_replace("'","",$file_name); if(file_exists($target. $file_name) ) echo " $file_name Exists"; else { echo 'The file you requested does not exist'; exit; } //This gets all the other information from the form $headline=$_POST['headline']; $contents=$_POST['contents']; $photo1=($_FILES['photo1']['name']); $photo2=($_FILES['photo2']['name']); $photo3=($_FILES['photo3']['name']); $title1=$_POST['title1']; $title2=$_POST['title2']; $title3=$_POST['title3']; $link=$_POST['link']; //Writes the photo to the server for ($x=1;$x<=3;$x++){ $photo ='photo'.$x; $target = "../news/" . basename( $_FILES[$photo]['name']); if (($_FILES[$photo]["type"] == "image/gif") || ($_FILES[$photo]["type"] == "image/png") || ($_FILES[$photo]["type"] == "image/jpeg") || ($_FILES[$photo]["type"] == "image/pjpeg") && ($_FILES[$photo]["size"] < 1000000)){ if(move_uploaded_file($_FILES[$photo]['tmp_name'], $target)){ //Tells you if its all ok echo "Success."; $photo=""; } } else { //Gives and error if its not ++$count; } } if ($count > 0){ echo $count .'failed to upload '; } else { //Writes the information to the database $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="preparetowin"; // Database name $tbl_name="news"; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("INSERT INTO `news` VALUES (NULL,'$headline','$contents','$photo1','$photo2','$photo3','$title1','$title2','$title3','$link')") ; print "<meta http-equiv=\"refresh\" content=\"0;URL=news_added_successfully.php\">"; } ?>

Why would the "user_id" ever we an value such as that, shouldn't it only be numerical? Please post the full script.

Please explain a bit more. What cant you see, the script? If so, try putting the error_reporting function in the script, it should display all the error produced. <?php error_reporting(E_ALL); require_once('../Connections/p2w.php'); //This is the directory where images will be saved $target = "../news/"; // strip file_name of slashes $file_name = $_FILES['photo'. $x]['name']; $file_name = stripslashes($file_name); $file_name = str_replace("'","",$file_name); if(file_exists($target. $file_name) ) { echo " {$file_name} Exists"; exit(); } //This gets all the other information from the form $headline=$_POST['headline']; $contents=$_POST['contents']; $photo1=($_FILES['photo1']['name']); $photo2=($_FILES['photo2']['name']); $photo3=($_FILES['photo3']['name']); $title1=$_POST['title1']; $title2=$_POST['title2']; $title3=$_POST['title3']; $link=$_POST['link']; //Writes the photo to the server for ($x=1;$x<=3;$x++){ $photo ='photo'.$x; $target = "../news/" . basename( $_FILES[$photo]['name']); if (($_FILES[$photo]["type"] == "image/gif") || ($_FILES[$photo]["type"] == "image/png") || ($_FILES[$photo]["type"] == "image/jpeg") || ($_FILES[$photo]["type"] == "image/pjpeg") && ($_FILES[$photo]["size"] < 1000000)){ if(move_uploaded_file($_FILES[$photo]['tmp_name'], $target)){ //Tells you if its all ok echo "Success."; $photo=""; } } else { //Gives and error if its not ++$count; } } if ($count > 0){ echo $count .'failed to upload '; } else { //Writes the information to the database $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="preparetowin"; // Database name $tbl_name="news"; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("INSERT INTO `news` VALUES (NULL,'$headline','$contents','$photo1','$photo2','$photo3','$title1','$title2','$title3','$link')") ; print "<meta http-equiv=\"refresh\" content=\"0;URL=news_added_successfully.php\">"; } ?>

What error?

Well, you are missing an closing bracket, I don't know if you missed that or just mistyped. <?php require_once('../Connections/p2w.php'); //This is the directory where images will be saved $target = "../news/"; // strip file_name of slashes $file_name = $_FILES['photo'. $x]['name']; $file_name = stripslashes($file_name); $file_name = str_replace("'","",$file_name); if(file_exists($target. $file_name) ) { echo " {$file_name} Exists"; exit(); } //This gets all the other information from the form $headline=$_POST['headline']; $contents=$_POST['contents']; $photo1=($_FILES['photo1']['name']); $photo2=($_FILES['photo2']['name']); $photo3=($_FILES['photo3']['name']); $title1=$_POST['title1']; $title2=$_POST['title2']; $title3=$_POST['title3']; $link=$_POST['link']; //Writes the photo to the server for ($x=1;$x<=3;$x++){ $photo ='photo'.$x; $target = "../news/" . basename( $_FILES[$photo]['name']); if (($_FILES[$photo]["type"] == "image/gif") || ($_FILES[$photo]["type"] == "image/png") || ($_FILES[$photo]["type"] == "image/jpeg") || ($_FILES[$photo]["type"] == "image/pjpeg") && ($_FILES[$photo]["size"] < 1000000)){ if(move_uploaded_file($_FILES[$photo]['tmp_name'], $target)){ //Tells you if its all ok echo "Success."; $photo=""; } } else { //Gives and error if its not ++$count; } } if ($count > 0){ echo $count .'failed to upload '; } else { //Writes the information to the database $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="preparetowin"; // Database name $tbl_name="news"; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("INSERT INTO `news` VALUES (NULL,'$headline','$contents','$photo1','$photo2','$photo3','$title1','$title2','$title3','$link')") ; print "<meta http-equiv=\"refresh\" content=\"0;URL=news_added_successfully.php\">"; } ?>

I could be wrong, but you cannot use a plain array in a string. Try this. $sql = "SELECT " . $_GET['user_id'] . " FROM table_auth_user"; And also this will work. $sql = "SELECT {$_GET['user_id']} FROM table_auth_user";

Well, it could be that you assigned a default value to that column. That means, by default it will be "The value" irrespective of whether it is aligned to be a null value. Try removing the default value of that column, and then try again inserting a null/empty value.

The login script seems fine. But I doubt the problem lays with the login or sessions script. Can you please post the script that fetches the user's data and displays it.

Where are you actually getting the Referrer variable? Check if it is not there.

Rushy, the onClick event cannot be used to execute php functions. You could however do something alike this. <?php echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">'; foreach ($_COOKIE as $name => $value) { echo '[' . $name . '] => <input type="text" name="' . $name . '" value="' . time() . '"><br>'; unset($name); unset($value); } echo '</form>'; if (!empty($_POST)) { foreach ($_POST as $name => $value) { setcookie($name, '', time()); } } ?> I have not tested this yet, but it should work. I will test it in a bit. (:

If you mean an HTML form, then yo could try this. <?php $sql = "SELECT * FROM upload2 ORDER BY `sort`"; $query = mysql_query($sql); while($row = mysql_fetch_array($query)) { echo "<div class=display>"; echo "<form action=" . $_SERVER['PHP_SELF'] . " method=post>"; echo "<label>Title:</label><input type=text name=title value=".$row['title']."><br />"; echo "<label>Description:</label><input type=text name=description value=".$row['description']."><br />"; echo "<label>Image Location:</label><input type=text name=location value=".$row['path']."><br />"; echo "<label>Buy Link:</label><input type=text name=buy value=".$row['buy']."><br />"; echo "<label>Sort Order:</label><input type=text name=buy value=".$row['sort']."><br />"; echo "</form>"; echo "</div>"; } mysql_close(); ?> Then you will need a if statement to validate and update the entry in the database. If you have any sort of id assigned in the row, then you could make it easier to update the current entries.