iarp

Hey, For some reason, my script on http://moha.iarp.ca/login.php stopped working properly and asks me to login twice before getting actully logged in. Can anyone see anything wrong? login.php <?php # Script 13.8 - login.php // This is the login page for the site. // Set the page title and include the HTML header. $page_title = 'Login'; $YAH_title = 'Login'; include('./includes/header.php'); if (isset($_POST['submitted'])) { // Check if the form has been submitted. require_once ('./includes/mysql_connect.php'); // Connect to the database. // Validate the email address. if (!empty($_POST['username'])) { $un = escape_data($_POST['username']); } else { echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>'; $un = FALSE; } // Validate the password. if (!empty($_POST['pass'])) { $p = escape_data($_POST['pass']); } else { $p = FALSE; echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>'; } if ($un && $p) { // If everything's OK. // Query the database. $query = "SELECT user_id, username, first_name, userlevel, vote_allowed FROM " . DB_USERS . " WHERE (username='$un' AND password=SHA('$p')) AND active IS NULL"; $result = mysql_query ($query); if (@mysql_num_rows($result) == 1) { // A match was made. // Register the values & redirect. $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); // Close the database connection. $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[2]; $_SESSION['userlevel'] = $row[3]; $_SESSION['username'] = $row[1]; $_SESSION['vote_allowed'] = $row[4]; // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST']; // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/admin/'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p><font color="red" size="+1">Either the username and password entered do not match those on file or you have not yet activated your account.</font></p>'; } } else { // If everything wasn't OK. echo '<p><font color="red" size="+1">Please try again.</font></p>'; } mysql_close(); // Close the database connection. } // End of SUBMIT conditional. ?> <h1>Login</h1> <form action="login.php" method="post" class="contact_login"> <p><label>Username:</label> <input type="text" name="username" size="20" maxlength="40" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?><?php if(isset($_GET['username'])) echo $_GET['username']; ?>" /></p> <p><label>Password:</label> <input type="password" name="pass" size="20" maxlength="20" value="<?php if(isset($_GET['temppassword'])) echo $_GET['temppassword']; ?>" /></p> <div align="center"> <input type="submit" name="submit" value="Login" /><br /> <small><a href="../forgot_password.php">Forgot Password</a> | <a href="../register.php">Register</a></small> </div> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('./includes/footer.php'); ?> header.php <?php //start output buffering ob_start(); //start a session session_name('MOHA'); session_start(); require_once ('session.php'); require_once('/homepages/31/d204952132/htdocs/moha/includes/mysql_connect.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta name="Description" content="Unofficial Website for the MOHA" /> <meta name="Keywords" content="MOHA, Minor Oaks Hockey Association, Oakville, Hockey" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo siteName(); ?> <?php echo $page_title; ?></title> <!-- ADDS AUTOMATIC PAGE TITLE TO THE TOP BAR OF BROWSERS WITH "MOHA - " FIRST --> <!-- CSS PAGE --> <link rel="stylesheet" type="text/css" href="/css/style.css" /> <link rel="stylesheet" type="text/css" href="/css/testmenu.css" /> <!--[if IE]> <style type="text/css"> #nav ul {display:inline-block;} #nav ul {display:inline;} #nav ul li {float:left;} #nav {text-align:center;} </style> <![endif]--> <?php echo $header; ?> <!-- JAVASCRIPT SHEETS DON'T EDIT THESE --> <script type="text/javascript" src="/css/dropdowntabs.js"></script> <script type="text/javascript" src="/css/chrome.js"></script> <script type="text/javascript" src="/css/external.js"></script> <script type="text/javascript" src="/css/popup.js"></script> </head> <body> <a name="top"></a> <!-- ALLOWS A LINK AT THE BOTTOM OF PAGES TO LINK TO THE TOP OF THE PAGE QUICKLY. Used alot on the Code of Conduct page. --> <div id="container"> <!-- MAIN HEADER --> <div id="header"> <h1>MINOR OAKS HOCKEY ASSOCIATION INC</h1> <h3>1026 SPEERS ROAD, UNIT 8-9, OAKVILLE, ON L6L 2X4 905-338-9220 FAX 905-338-9677 www.moha.on.ca</h3> </div> <!-- TOP NAVIGATION BAR --> <div id="navigation"> <?php //include('menu.php'); getMenu(); ?> </div> <!-- END TOP NAVIGATION BAR --> mysql_connect.php <?php #mysql_connect.php DEFINE ('DB_USER', 'username'); DEFINE ('DB_PASS', 'password'); DEFINE ('DB_HOST', 'host'); DEFINE ('DB_NAME', 'name'); if ($dbc = mysql_connect(DB_HOST, DB_USER, DB_PASS)) { if (!mysql_select_db(DB_NAME)) { trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); include ('footer.php'); exit(); } } else { trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); include('footer.php'); exit(); }

Solved. SELECT con.page_name, cat.cat_url, con.page_id, con.content FROM MOHA_content AS con, MOHA_page_cat AS cat WHERE con.page_name = '$parts2[2]' AND (con.page_cat_id = cat.cat_id) AND (cat.cat_url = '$parts2[1]') seems to be working just fine now.

I hate bumping, just bit short on time. If theres a way to just grab the cat_url(where MOHA_cat.cat_id = MOHA_content.page_cat_id) and page_name so that i could use it in the original code i posted that'd be great.

lol i guess that would help... This was the original pages coding $navString = $_SERVER['REQUEST_URI']; $parts = explode('/', $navString); if (empty($parts[1])) { $parts[2] = 'home'; } $query = "SELECT page_id, content FROM " . DB_CONTENT . " WHERE folder1='$parts[1]' && page_name='$parts[2]'"; $result = mysql_query($query); $num = mysql_num_rows($result); $content = mysql_fetch_array($result, MYSQL_ASSOC); As as it was for this script, each entry in the MOHA_content table had a value for folder1 and page_name. folder1 referred to the part between the main domain and the ending page.... i.e. http://moha.iarp.ca/league-info/faq/ So in the database for the page named faq, the value in folder1 was league-info. After adding alot more links(and a ton more to come) i realized using folder1 in this fashion was a bad idea, so i remember you could join tables and decided to make MOHA_page_cat table that consists of cat_id, cat_name, cat_url (1, League Info, league-info). Then just refer to 1 in a new column in MOHA_content i named page_cat_id. So now in order to get the above script to work, i needed a script to grab the MOHA_content row information, and then grab the corresponding cat_id(and cat_url)... and then i got lost even thinking up how to do that.... and here we are Hope thats more useful.

$query = " SELECT cat.cat_name, con.page_id, con.content FROM MOHA_content AS con, MOHA_page_cat AS cat WHERE con.page_name='$parts[2]' && ( SELECT cat.cat_id, con.page_cat_id FROM MOHA_content AS con, MOHA_page_cat AS cat WHERE cat.cat_id = con.page_cat_id ) = '$parts[1]' "; Is that written correct? I've never done it before. Basically i have 2 tables MOHA_content with 'page_cat_id' contains the relating id number for 'cat_id' in MOHA_page_cat CREATE TABLE `MOHA_page_cat` ( `cat_id` int(10) unsigned NOT NULL auto_increment, `cat_name` varchar(90) NOT NULL default '', `cat_url` varchar(60) NOT NULL default '', PRIMARY KEY (`cat_id`) ) TYPE=MyISAM AUTO_INCREMENT=8 ; -- -- Dumping data for table `MOHA_page_cat` -- INSERT INTO `MOHA_page_cat` VALUES (1, 'home', ''); INSERT INTO `MOHA_page_cat` VALUES (2, 'League Info', 'league-info'); INSERT INTO `MOHA_page_cat` VALUES (3, 'Calendar', 'calendar'); INSERT INTO `MOHA_page_cat` VALUES (4, 'Rep Rangers', 'rep-rangers'); INSERT INTO `MOHA_page_cat` VALUES (5, 'House League', 'house-league'); INSERT INTO `MOHA_page_cat` VALUES (6, 'Links', 'links'); INSERT INTO `MOHA_page_cat` VALUES (7, 'Contact Us', 'contact-us'); CREATE TABLE `MOHA_content` ( `page_id` int(10) unsigned NOT NULL auto_increment, `page_name` varchar(60) NOT NULL default '', `page_cat_id` int(2) NOT NULL default '0', `title` varchar(90) NOT NULL default '', `content` longtext NOT NULL, `sidebar` longtext NOT NULL, `sidebar_active` tinyint(1) NOT NULL default '0', `editor` varchar(20) NOT NULL default '', `last_edited` varchar(40) NOT NULL default '', `created` timestamp(14) NOT NULL, `active` int(1) NOT NULL default '1', PRIMARY KEY (`page_id`) ) TYPE=MyISAM AUTO_INCREMENT=31 ; -- -- Dumping data for table `MOHA_content` -- INSERT INTO `MOHA_content` VALUES (1, 'menu', 0, '', '<!-- START SECONDARY NAVIGATION BAR, CHROME -->\r\n <div class="chromestyle" id="chromemenu">\r\n <ul>\r\n <!-- <li><a href-"LINK_LOCATION" rel="NAME">NAME</a></li> - This is the basic template for a link on the second row. rel="NAME" replace NAME with whatever you want. Read on down for more info -->\r\n <li><a href="../rep_rangers/" rel="rep_rangers">Rep Rangers</a></li>\r\n <li><a href="../house_league/" rel="house_league">House League</a></li>\r\n <li><a href="../league_info/" rel="league_info">League Info</a></li>\r\n <li><a rel="events">Events</a></li>\r\n <li><a href="../forms/" rel="forms">Forms</a></li>\r\n <li><a href="../news/" rel="news">News</a></li>\r\n <li><a href="../MOMS.php">Minor Oaks Moms</a></li> <!-- MOMS does NOT have a rel="" because there''s no other pages for that section -->\r\n </ul>\r\n </div>\r\n\r\n <!-- if you look above at the Rep Rangers link, you''ll see rel="rep_rangers". This area below is what causes the drop down box. -->\r\n <!-- REP RANGERS --> \r\n <div id="rep_rangers" class="dropmenudiv_a"> \r\n <a href="../TR_Coaches_07_08.php">Ranger Coaches 07/08</a>\r\n <a href="../rep_rangers/richard_bell.php">RB Xmas Tourn.</a>\r\n <a href="../rep_rangers/clinics_dev.php">Development</a>\r\n </div>\r\n\r\n\r\n <!--HOUSE LEAGUE --> \r\n <div id="house_league" class="dropmenudiv_a">\r\n <a href="../house_league/HL_Division.php">HL Divisions</a>\r\n <a href="../house_league/awards_week_2008.php">Awards Week 2008</a>\r\n <a href="../house_league/HL_news.php">HL News</a>\r\n <a href="../house_league/HL_Key_Contacts.php">HL Key Contacts</a>\r\n <a href="../house_league/HL_sponsors.php">Sponsors</a>\r\n <a href="../house_league/HL_Tournaments.php">HL Tournaments</a>\r\n <a href="../house_league/awards_week_2007.php">Awards Week 2007</a>\r\n <a href="../house_league/timbits_ip.php">Timbits IP</a>\r\n <a href="../house_league/HL_playing_rules.php">Playing Rules</a>\r\n </div>\r\n\r\n <!-- LEAGUE INFO -->\r\n <div id="league_info" class="dropmenudiv_a">\r\n <a href="../league_info/faqs.php">FAQ''s</a>\r\n <a href="../league_info/moha_gym_time.php">MOHA Gym Time</a>\r\n <a href="../league_info/07_08_registration.php">Registration(07/08)</a>\r\n <a href="../league_info/oakville_arenas.php">Oakville Arenas</a>\r\n <a href="../league_info/clinics.php">Clinics</a>\r\n </div>\r\n\r\n <!-- EVENTS -->\r\n <div id="events" class="dropmenudiv_a">\r\n <a href="../events/toy_drive.php">Toy Drive</a>\r\n <a href="../events/toy_drive_pics.php">Toy Drive Pics</a>\r\n <a href="../events/calendar.php">Calendar</a>\r\n </div>\r\n\r\n <!-- FORMS -->\r\n <div id="forms" class="dropmenudiv_a">\r\n <a href="../forms/RIC_role.php">RIC Role</a>\r\n </div>\r\n\r\n <!-- NEWS -->\r\n <div id="news" class="dropmenudiv_a">\r\n <a href="../news/calendar_draw.php">Calendar Draw</a>\r\n <a href="../news/questions.php">Questions ?</a>\r\n </div>\r\n\r\n <!-- LEAVE THIS -->\r\n <script type="text/javascript">\r\n cssdropdown.startchrome("chromemenu")\r\n </script>', '', 0, 'Ian', '', '20080723153343', 0); INSERT INTO `MOHA_content` VALUES (3, 'Home', 1, 'Home', '<p>Welcome, to the Minor Oaks Hockey Association (MOHA) Web Site. We hope that our site provides enough information to answer your questions either about our association or what is happening. Please take some time to "look around" and feel free to provide us with your <a href="contact.php">feedback</a></p>\r\n<p align="center"><strong> <a class="new" style="color: black" href="forms">MOHA 2008/09 Registration Form</a><br /> <a style="color: navy;" href="../calendar">February Calendar Draw Winners</a><br /> <a style="color: red" rel="external" href="http://www.ohfatomaaa08.ca">MOHA to Host Atom AAA OHF - April 08</a><br /> <a style="color: green;" href="league-info/clinics">MOHA to Host Pilot combined CHIP / NCCP Coach / Speak Out Clinic</a><br /> <a style="color: blue;" href="league-info/clinics">Mitron Pre-Tryout Hockey School</a><br /> <a class="new" style="color: blue" href="TR%20Spring%20Tryouts.htm">2008 / 09 Town Rep Ranger Try-out Schedule</a> </strong></p>\r\n<h2>A word from our President</h2>\r\n<p>The Minor Oaks Hockey Association or MOHA is Oakville''s community based hockey association.<br /> <br /> We are a non profit volunteer driven organization that ices 250+ teams. The MOHA provides both a Rep and House League program starting with the Initiation Program and continuing right up to Juvenile. In Town Rep, we have teams in the "A", "AA", "AAA" and "AE" classifications. For the 2007/08 season we also plan on expanding the highly successful AE Teams to include two additional entries, separate Minor Atom and Atom teams and a Minor Midget AE subject to participant interest at that level. AE teams will now play in Minor Midget, Bantam, Minor Bantam, Peewee, Minor Peewee, Atom and Minor Atom to increase the development opportunities for our Oakville players.<br /> <br /> The Rep teams are all single age groups from Novice to Minor Midget. Only the Midget teams are a two year mixed age group. <br /> House League is broken down into Red, White and Blue divisions with Major and Minor groups in each age through Midget. Our red divisions plays contact starting at Minor Peewee. White and Blue are non contact throughout. For 2007/08 our House League again plans to provide separate Minor Midget and Midget divisions (as introduced in 2005/06) with the Major Midgets and first year Juveniles playing together.<br /> <br /> For more information about the Minor Oaks Hockey Association, please contact our office at 905-338-9220 or <a href="contact.php">e-mail us here </a>.<br /> <br /> We look forward to an exciting season and wish everyone a safe and prosperous year.<br /> <br /> Best Wishes,<br /> Mike Zardo<br /> <em>President, MOHA</em></p>', '<p><a href="../votes.php">Enter votes here.</a></p>\r\n<p><strong>Upcoming Dates</strong><br /><strong>May 22</strong> - <a href="../MOHA_AGM">MOHA AGM</a><br /><br />MOHA’s Annual General Meeting will be held at Holy Trinity High School<br /><br /><strong>April 3</strong> - <a href="../download.php?uid=14">08/09 Registration Form</a> <br /><br />Blank copy available for download - pdf format<br /><br /><strong>April 1 - Registration Starts</strong><br /><br />2008/09 Registrations will be available April 1. Forms will on the web site and mailed in late March to current Players at address on file.</p>', 1, 'Ian', 'Jul/23/08', '20080723170733', 1); INSERT INTO `MOHA_content` VALUES (11, 'Development', 4, 'Development', '<h1>Hockey Development Focus</h1>\r\n<p><a href="../league/clincs">Current Clinics</a><br /><br /> Hockey Development for our volunteers is a key commitment of the MOHA. We believe that more aware, informed and educated volunteers are critical to the development and safety of our players.<br /><br /> As an example of this commitment, MOHA provides a variety of OMHA recognized clinics and has established Mitron as a component of our Town Rep development program.</p>\r\n<dl> <dt><strong>Mitron</strong> </dt><dd>Mitron as a system represents a training process for developing and conditioning hockey players. This training process is based on twenty years of experience with scientific principles and sport philosophies from Western, Eastern and European cultures.</dd> <dd>The mastery of hockey skills and systems is a long term process entailing various phases of learning according to the age and the proficiency of the athlete. The Mitron High Performance Hockey System was created to facilitate the technical, tactical, physical and mental development of hockey players in order to bring their hockey to the highest performance level they are capable of achieving.</dd> <a href="#top">Back to top</a> <dt><strong>NCCP and CHIP training and certification</strong> </dt><dd>The NCCP and CHIP Coaching Programs offered by the OMHA are designed to provide volunteer coaches with the tools necessary to improve athlete development. Whether it is certifications programs, specialty clinics, mentorship or high performance, ultimately the goal is to provide the player with the best possible experience. Coaches are encouraged to continually hone and build on their current skills by taking an NCCP certification course, Coach Refresher Clinic, finding a Coach Mentor, or taking specialty courses within their local association</dd> <a href="#top">Back to top</a> <dt><strong>HTCP Hockey Trainer programs</strong> </dt><dd>The HTCP is a risk management and safety education program for the volunteer hockey trainer. The ultimate goal of the program is to have all Hockey Trainers implement effective risk management on their own teams, where safety is the first priority at all times, both on and off the ice. All Hockey Trainers should utilize a proactive, preventative approach to safety while being prepared to react in the event of accidents, injuries or medical emergencies.</dd> <dd>The HTCP is designed to educate people in the prevention, recognition and treatment of hockey related injuries. The HTCP offers three levels of certification, which are designed to assist the individual trainer as his or her experience grows. Program content, administration and policies are established through the HDCO Trainers Committee and through consultation with Hockey Canada''s National Trainers Committee. </dd> <a href="#top">Back to top</a> <dt><strong>PRS Speak Out programs</strong> </dt><dd>The Prevention Services "Speak Out" Clinic on abuse and harassment prevention is available to any OMHA or OHA member association or team. This clinic is 3.5 hours in length and can be hosted locally by any member association. The clinic requires a minimum of 25 and a maximum of 50 participants and is conducted by OMHA instructors who have been prepared and certified by the Canadian Red Cross.</dd> <dt><strong>Speak Out! "It''s More Than Just a Game" is a four-hour interactive workshop focused on the prevention of harassment and abuse in the game of hockey. Topics include:</strong> </dt><dd>Definitions of abuse and harassment</dd> <dd>Responding to disclosures</dd> <dd>Prevention guidelines for coaches</dd> <dd>Showers and locker rooms</dd> <dd>Dressing for sports</dd> <dd>Transporting of participants</dd> <dd>Injured and ill children</dd> <dd>Road trips</dd> <dd>Integrated teams</dd> <dd>Prevention guidelines for playing</dd> <dd>Prevention of harassment and abuse during competition</dd> <dd>Fair Play Codes</dd> <dd>While focused towards team officials, this program is an excellent opportunity for parents to gain an appreciation of some of the challenges and difficult situations facing today''s volunteer.</dd> <a href="#top">Back to top</a> </dl>', '', 0, 'Ian', 'Jul/23/08', '20080723153343', 1);

Topic solved. New download script: <?php # Script 12.10 - download_file.php // This pages handles file downloads through headers. // Check for an upload_id. if (isset($_GET['uid'])) { $uid = (int) $_GET['uid']; } else { // Big problem! $uid = 0; } require_once ('./includes/mysql_connect.php'); // Connect to the database. include ('./includes/header.php'); if ($uid > 0) { // Do not proceed! // Get the information for this file. $query = "SELECT file_name, file_type, file_size FROM " . DB_UPLOADS . " WHERE upload_id=$uid"; $result = mysql_query ($query); list($fn, $ft, $fs) = mysql_fetch_array ($result); // Determine the file name on the server. $the_file = './files/' . $fn; $the_file2 = './files/' . $uid; // Check if it exists. if (file_exists ($the_file)) { // Send the file. output_file($the_file, $fn, $ft); } else { // File doesn't exist. $page_title = 'File Download'; include ('./includes/header.html'); echo '<p><font color="red">The file could not be located on the server. We apologize for any inconvenience.</font></p>'; include ('./includes/footer.html'); } } output_file(); function output_file($file, $name, $mime_type='') { /* This function takes a path to a file to output ($file), the filename that the browser will see ($name) and the MIME type of the file ($mime_type, optional). If you want to do something on download abort/finish, register_shutdown_function('function_name'); */ echo "<br><br>file: $file <br>name: $name <br> mime: $mime_type<br><br>"; if(!is_readable($file)) die('File not found or inaccessible!'); $size = filesize($file); $name = rawurldecode($name); /* Figure out the MIME type (if not specified) */ $known_mime_types=array( "pdf" => "application/pdf", "txt" => "text/plain", "html" => "text/html", "htm" => "text/html", "exe" => "application/octet-stream", "zip" => "application/zip", "doc" => "application/msword", "xls" => "application/vnd.ms-excel", "ppt" => "application/vnd.ms-powerpoint", "gif" => "image/gif", "png" => "image/png", "jpeg"=> "image/jpg", "jpg" => "image/jpg", "php" => "text/plain", "rtf" => "application/msword" ); if($mime_type==''){ $file_extension = strtolower(substr(strrchr($file,"."),1)); if(array_key_exists($file_extension, $known_mime_types)){ $mime_type=$known_mime_types[$file_extension]; } else { $mime_type="application/force-download"; }; }; @ob_end_clean(); //turn off output buffering to decrease cpu usage // required for IE, otherwise Content-Disposition may be ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); header('Content-Type: ' . $mime_type); header('Content-Disposition: attachment; filename="'.$name.'"'); header("Content-Transfer-Encoding: binary"); header('Accept-Ranges: bytes'); /* The three lines below basically make the download non-cacheable */ header("Cache-control: private"); header('Pragma: private'); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // multipart-download and download resuming support if(isset($_SERVER['HTTP_RANGE'])) { list($a, $range) = explode("=",$_SERVER['HTTP_RANGE'],2); list($range) = explode(",",$range,2); list($range, $range_end) = explode("-", $range); $range=intval($range); if(!$range_end) { $range_end=$size-1; } else { $range_end=intval($range_end); } $new_length = $range_end-$range+1; header("HTTP/1.1 206 Partial Content"); header("Content-Length: $new_length"); header("Content-Range: bytes $range-$range_end/$size"); } else { $new_length=$size; header("Content-Length: ".$size); } /* output the file itself */ $chunksize = 1*(1024*1024); //you may want to change this $bytes_send = 0; if ($file = fopen($file, 'r')) { if(isset($_SERVER['HTTP_RANGE'])) fseek($file, $range); while(!feof($file) && (!connection_aborted()) && ($bytes_send<$new_length) ) { $buffer = fread($file, $chunksize); print($buffer); //echo($buffer); // is also possible flush(); $bytes_send += strlen($buffer); } fclose($file); } else die('Error - can not open file.'); die(); }

I changed header ('Content-disposition: attachment; filename=' . $fn . '\n'); to use single quotes and list ($fn, $ft, $fs) = mysql_fetch_array ($result); i changed ($result, ASSOC); now all the names are _n

oops.... that was from me screwing around with it before posting here. <?php # Script 12.10 - download_file.php // This pages handles file downloads through headers. // Check for an upload_id. if (isset($_GET['uid'])) { $uid = (int) $_GET['uid']; } else { // Big problem! $uid = 0; } require_once ('./includes/mysql_connect.php'); // Connect to the database. if ($uid > 0) { // Do not proceed! // Get the information for this file. $query = "SELECT file_name, file_type, file_size FROM " . DB_UPLOADS ." WHERE upload_id=$uid"; $result = mysql_query ($query); list ($fn, $ft, $fs) = mysql_fetch_array ($result, MYSQL_NUM); // Determine the file name on the server. $the_file = './files/' . $uid; // Check if it exists. if (file_exists ($the_file)) { // Send the file. header ("Content-Type: $ft\n"); header ("Content-disposition: attachment; filename=\"$fn\"\n"); header ("Content-Length: $fs\n"); readfile ($the_file); exit(); } else { // File doesn't exist. $page_title = 'File Download'; include ('./includes/header.php'); echo '<p><font color="red">The file could not be located on the server. We apologize for any inconvenience.</font></p>'; include ('./includes/footer.php'); } } include ('./includes/header.php'); $first = TRUE; // Initialize the variable. // Query the database. $query = "SELECT upload_id, file_name, ROUND(file_size/1024) AS fs, description, DATE_FORMAT(date_entered, '%M %e, %Y') AS d FROM " . DB_UPLOADS . " ORDER BY date_entered DESC"; $result = mysql_query ($query); // Display all the URLs. while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) { $bg = ($bg == '#eeeeee' ? '#ffffff' : '#eeeeee'); // If this is the first record, create the table header. if ($first) { echo '<div style="text-align: center;"><small>To use the links below, right click the File Name, Copy link location.<br />When dowloading files, you must SAVE the file with it\'s proper name.</small></div>'; echo '<table border="0" width="100%" cellspacing="3" cellpadding="3" align="center"> <tr> <td align="left" width="20%"><font size="+1">File Name</font></td> <td align="left" width="40%"><font size="+1">Description</font></td> <td align="center" width="20%"><font size="+1">File Size</font></td> <td align="left" width="20%"><font size="+1">Upload Date</font></td> </tr>'; $first = FALSE; // One record has been returned. } // End of $first IF. // Display each record. echo " <tr bgcolor=\"' . $bg . '\"> <td align=\"left\"><a href=\"./download.php?uid={$row['upload_id']}\">{$row['file_name']}</a></td> <td align=\"left\">" . stripslashes($row['description']) . "</td> <td align=\"center\">{$row['fs']}kb</td> <td align=\"left\">{$row['d']}</td> </tr>\n"; } // End of while loop. // If no records were displayed... if ($first) { echo '<div align="center">There are currently no files to be viewed.</div>'; } else { echo '</table>'; // Close the table. } include ('./includes/footer.php'); ?>

Well on the test page, it pulls that info from the db... heres the info anyways CREATE TABLE `MOHA_uploads` ( `upload_id` int(10) unsigned NOT NULL auto_increment, `file_name` varchar(30) NOT NULL default '', `file_size` int(6) unsigned NOT NULL default '0', `file_type` varchar(30) NOT NULL default '', `description` varchar(100) default NULL, `date_entered` timestamp(14) NOT NULL, PRIMARY KEY (`upload_id`), KEY `file_name` (`file_name`), KEY `date_entered` (`date_entered`) ) TYPE=MyISAM AUTO_INCREMENT=5 ; -- -- Dumping data for table `MOHA_uploads` -- INSERT INTO `MOHA_uploads` VALUES (1, 'MOHABylaw.pdf', 73431, 'application/pdf', 'MOHA', '20080521021044');

<?php # Script 12.10 - download_file.php // This pages handles file downloads through headers. // Check for an upload_id. if (isset($_GET['uid'])) { $uid = (int) $_GET['uid']; } else { // Big problem! $uid = 0; } require_once ('./includes/mysql_connect.php'); // Connect to the database. if ($uid > 0) { // Do not proceed! // Get the information for this file. $query = "SELECT file_name, file_type, file_size FROM " . DB_UPLOADS ." WHERE upload_id=$uid"; $result = mysql_query ($query); list ($fn, $ft, $fs) = mysql_fetch_array ($result, MYSQL_NUM); // Determine the file name on the server. $the_file = './files/' . $uid; // Check if it exists. if (file_exists ($the_file)) { // Send the file. header ("Content-Type: $ft\n"); header('Content-Disposition: attachment; filename="' . $ft . '"\n'); header ("Content-Length: $fs\n"); readfile ($the_file); exit(); } else { // File doesn't exist. $page_title = 'File Download'; include ('./includes/header.php'); echo '<p><font color="red">The file could not be located on the server. We apologize for any inconvenience.</font></p>'; include ('./includes/footer.php'); } } include ('./includes/header.php'); $first = TRUE; // Initialize the variable. // Query the database. $query = "SELECT upload_id, file_name, ROUND(file_size/1024) AS fs, description, DATE_FORMAT(date_entered, '%M %e, %Y') AS d FROM " . DB_UPLOADS . " ORDER BY date_entered DESC"; $result = mysql_query ($query); // Display all the URLs. while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) { $bg = ($bg == '#eeeeee' ? '#ffffff' : '#eeeeee'); // If this is the first record, create the table header. if ($first) { echo '<div style="text-align: center;"><small>To use the links below, right click the File Name, Copy link location.<br />When dowloading files, you must SAVE the file with it\'s proper name.</small></div>'; echo '<table border="0" width="100%" cellspacing="3" cellpadding="3" align="center"> <tr> <td align="left" width="20%"><font size="+1">File Name</font></td> <td align="left" width="40%"><font size="+1">Description</font></td> <td align="center" width="20%"><font size="+1">File Size</font></td> <td align="left" width="20%"><font size="+1">Upload Date</font></td> </tr>'; $first = FALSE; // One record has been returned. } // End of $first IF. // Display each record. echo " <tr bgcolor=\"' . $bg . '\"> <td align=\"left\"><a href=\"./download.php?uid={$row['upload_id']}\">{$row['file_name']}</a></td> <td align=\"left\">" . stripslashes($row['description']) . "</td> <td align=\"center\">{$row['fs']}kb</td> <td align=\"left\">{$row['d']}</td> </tr>\n"; } // End of while loop. // If no records were displayed... if ($first) { echo '<div align="center">There are currently no files to be viewed.</div>'; } else { echo '</table>'; // Close the table. } include ('./includes/footer.php'); ?> // Send the file. header ("Content-Type: $ft\n"); header('Content-Disposition: attachment; filename="' . $fn . '"\n'); header ("Content-Length: $fs\n"); readfile ($the_file); exit(); This is where i'm having trouble. filename="' . $fn . '"\n'); doesn't output the files name properly. When you go to download an item, it shows up as download.php (the pages name) Something i'm doing wrong? test script: www.moha.iarp.ca/download.php EDIT: forgot to add, if i hard code a file's name into filename="" it shows up as w/e i set it to.

After a bit of editing i got it to finally work: $query = "SELECT page_name, page_url, main_nav FROM " . TBL_CONTENT; if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { while ($row = mysql_fetch_assoc($result)) { if ($row['main_nav'] == TRUE){ echo '<li'; if ($url == "/?id=" . $row['page_url'] . ""){ currentPage($url); } echo ">"; echo '<a href="/?id='. $row['page_url'] . '">' . $row['page_name'] . '</a></li>'; } } } } Solved, thanks.

i get: Array ( [page_url] => contact ) Using mysql_fetch_assoc() and echo '<pre>', print_r($content, 1), '</pre>'; Shouldn't: $query = "SELECT page_url FROM " . TBL_CONTENT; $result = mysql_query($query); $content = mysql_fetch_assoc($result); //$content = $content['page_url']; Grab every row?

I don't understand why it only returns 1 row of values(and echos them twice) All i get is "HomeHomehomehome" ahla: $query = "SELECT page_name, page_url FROM " . TBL_CONTENT; $result = mysql_query($query); $content = mysql_fetch_array($result); //echo $content['page_name']; foreach ($content as $msg) { echo $msg; }

What's located in 20080718-3c1f6feb98bad1e3ffbb0105e41e6bbf.lib.php ? It's being included and is where the errors coming from.

DEFINE ('TBL_CONTENT', 'IARP_content'); CREATE TABLE `IARP_content` ( `id` int(10) unsigned NOT NULL auto_increment, `page_name` varchar(90) NOT NULL default '', `page_url` varchar(90) NOT NULL default '', `content` longtext NOT NULL, `editor` varchar(20) NOT NULL default '', `last_edited` varchar(60) NOT NULL default '0000-00-00 00:00:00', `created` datetime NOT NULL default '0000-00-00 00:00:00', `parent` varchar(25) NOT NULL default '', `active` tinyint(1) NOT NULL default '0', PRIMARY KEY (`id`), UNIQUE KEY `page_url` (`page_url`) ) TYPE=MyISAM AUTO_INCREMENT=14 ;

<div id="menu"> <ul id="main"> <li<?php if ($_SERVER['REQUEST_URI'] == "/"){ currentPage($_SERVER['REQUEST_URI']); } ?>><a href="/">Homepage</a></li> <li<?php if ($_SERVER['REQUEST_URI'] == "/?id=services"){ currentPage($_SERVER['REQUEST_URI']); } ?>><a href="/?id=services" title="Services Offered">Services & Pricing</a></li> <li<?php if ($_SERVER['REQUEST_URI'] == "/?id=solutions"){ currentPage($_SERVER['REQUEST_URI']); } ?>><a href="/?id=solutions" title="Tech Solution's"> Free Solutions </a></li> <li<?php if ($_SERVER['REQUEST_URI'] == "/?id=contact"){ currentPage($_SERVER['REQUEST_URI']); } ?>><a href="/?id=contact" title="To reach us">Contact Us</a></li> <?php if (!isset($_SESSION['user_id'])){ echo "<li"; if ($_SERVER['REQUEST_URI'] == "/?id=register") currentPage($_SERVER['REQUEST_URI']); echo "><a href=\"/?id=register\" title=\"To register\">Register</a></li>";} ?> </ul> </div> The above code is what i had as my navigation but wanted to make it easier to change rather then editing the header page. I tried the code below, but all i get back is 'HHhh' $query = "SELECT page_name, page_url FROM " . TBL_CONTENT; $result = mysql_query($query); $content = mysql_fetch_array($result); //echo $content['page_name']; foreach ($content as $msg) { echo $msg['page_name']; } I've never been good with arrays and foreach statments. Theres a reason why it isn't just grabbing all the page names and urls but i don't know why. Any helps appreciated.

Basically index.php recieves the ?id=contact pulls the info from the database and displays it. When a form is filled out, it becomes ?id=contact&action=contact-form which then activates contactForm() index.php <?php require_once('includes/session.php'); if (isset($_GET['id'])) { $id = $_GET['id']; } else { $id = 1; } $page_name = getPageName($id); require ('includes/header.php'); include_once ('./includes/captcha/securimage.php'); $securimage = new Securimage(); echo '<div id="wrapper"> <!-- start page --> <div id="page"> <!-- start content --> <div id="content">'; switch ($_GET['action']) { case 'contact-form': contactForm($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['comments']); break; case 'logmein': login($_POST['username'], $_POST['pass']); break; case 'logout': logout(); break; case 'register': register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['first_name'], $_POST['last_name'], $_POST['email'], $_POST['captcha_code']); break; default: break; } getContent($id); echo ' </div> <!-- end content --> '; editPage($id); require ('includes/footer.php'); ?> getContent($id); function getContent($contentid) { if (is_numeric($contentid)) { $query = "SELECT content FROM " . TBL_CONTENT . " WHERE id=$contentid"; } else { $query = "SELECT content FROM " . TBL_CONTENT . " WHERE page_url='$contentid'"; } $result = mysql_query($query); $content = mysql_fetch_array($result, MYSQL_ASSOC); echo $content['content']; } contactForm(); function contactForm($name, $email, $subject, $comments) { //start errors array $errors = array(); //Check for name. if (empty($name)) { $errors[] = 'your name.'; } //Check for e-mail if (empty($email)) { $errors[] = 'your e-mail address'; } //Check for subject if (empty($subject)) { $errors[] = 'a subject.'; } //Check for comments if (empty($comments)) { $errors[] = 'a comment.'; } if (empty($errors)) { //if everythings ok //Send e-mail with comments $body = "Name: " . $name . "\nE-mail: " . $email . "\n\n" . $comments . " "; mail ('iarp@cogeco.ca', '[iARP.ca Website] '.$subject, $body, 'From: '.$email); echo '<h1>Thank-you!</h1><p>Your message was successfully sent,</p><p>If you had any questons we will try to respond ASAP.</p><br /></p>'; } else { echo'<div id="error-contact"><h1>Error!</h1>You forgot to enter:<br /><br />'; foreach ($errors as $msg) { echo "$msg<br />"; } echo '</p>Please try again.</div><br /><br />'; } }

I pulled it off the page, felt it was kinda stupid to even have it (been using this script quite a while now). But if anyone does have the answer for it, please reply thanks @Daniel0 : The source matched my [ code] input in my first post.

Hey, if you view www.iarp.ca/?id=contact you should see a drop down selection. For some reason the php coding is showing in source code of the page this is the coding: <select name="QaC" tabindex="4" class="box-contact"> <option value="">Select One</option> <option value="qu" <?php if ($QaC == "qu") {echo "selected";} ?> >Question(s)</option> <option value="co" <?php if ($QaC == "co") {echo "selected";} ?> >Comment(s)</option> <option value="ge" <?php if ($QaC == "ge") {echo "selected";} ?> >General Idea(s)</option> <option value="dl" <?php if ($QaC == "dl") {echo "selected";} ?> >Dead Link(s)</option> </select><br /> Now is this happening because it's being called from a database table? Like all the info on that page is from a database. If so how can i fix this?

Works, thank-you.

/index.php /includes/ (contains header, footer, session... etc.) /cp/ /cp/admin/ /cp/admin/edit_page.php In this fashion, i can't use . .. and just plain / to get includes & requires from /includes/ from the page /cp/admin/edit_page.php. And the only way i could see to fix this was to put in the $_SERVER....... so that it would go back to the domain root www.iarp.ca. http://".$_SERVER['HTTP_HOST']."/includes/header.php That echo's out http://www.iarp.ca/includes/header.php

Hey, I think for some reason my named session stops working because i started using $_SERVER['HTTP_HOST'] in some of my pages My server is setup as such / /iarp /iarp/index.php /iarp/includes/ (contains header, footer, session... etc.) /iarp/cp/ /iarp/cp/admin/ /iarp/cp/admin/edit_page.php In order for edit_page.php to each anything in '/iarp/includes/' i needed to add $_SERVER['HTTP_HOST'] so that it would add the starting URL. But now the page doesn't work at all, like sessions are no longer set on that page that i'm using $_SERVER['HTTP_HOST']. At this time i've only used it on the header, i also changed the header to suit it. edit_page.php <?php $page_title = 'Edit Page'; $header = '<script language="javascript" type="text/javascript" src="../includes/tinymce/jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> tinyMCE.init({ // General options mode : "textareas", skin : "o2k7", theme : "advanced", plugins : "safari,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template", // Theme options theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,styleselect,formatselect,fontselect,fontsizeselect", theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor", theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen", theme_advanced_buttons4 : "insertlayer,moveforward,movebackward,absolute,|,styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,pagebreak", theme_advanced_toolbar_location : "top", theme_advanced_toolbar_align : "left", theme_advanced_statusbar_location : "bottom", theme_advanced_resizing : true, // Drop lists for link/image/media/template dialogs template_external_list_url : "../includes/tinymce/examples/lists/template_list.js", external_link_list_url : "../includes/tinymce/examples/lists/link_list.js", external_image_list_url : "../includes/tinymce/examples/lists/image_list.js", media_external_list_url : "../includes/tinymce/examples/lists/media_list.js",}); </script>'; require_once ('http://' . $_SERVER['HTTP_HOST'] . '/includes/header.php'); if ($_SESSION['userlevel'] >= "9"){ //checks if the user is an admin, if not it skips everything below and forwards them to the login page. //check for a valid id via GET or POST. if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = $_POST['id']; } else { echo '<h1 id="mainhead">Page Error</h1><p class="error"> This page has been access in error. </p><p><br /><br /></p>'; include ('./includes/footer.php'); exit(); } if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['page_name'])) { $errors[] = 'You forgot to enter the page name.'; } else { $pn = escape_data($_POST['page_name']); } if (empty($_POST['content'])) { $errors[] = 'You forgot to enter the content!.'; } else { $con = escape_data($_POST['content']); } $le = date("M/d/y",time()); $e = $first_name; if (empty($errors)) { $query = "SELECT id FROM " . TBL_CONTENT . " WHERE page_name='$pn' AND id != $id"; $result = @mysql_query($query); if (mysql_num_rows($result) == 0) { $query = "UPDATE " . TBL_CONTENT . " SET page_name='$pn', content='$con', last_edited='$le', editor='$e' WHERE id=$id"; $result = mysql_query($query); //run the query if (mysql_affected_rows() == 1) { // if it ran ok //print a message echo '<h1> Edit page</h1><p> the page has been edited.</p>'; } else {// if it did not run ok echo '<h1> System error</h1> You didn\'t make any changes!'; //echo'<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; include ('./includes/footer.php'); } } else {// already registered. echo '<h1> Error </h1>'; } } else { //report the errors echo '<h1> Error</h1> <p class="error"> The following errors occured:<br />'; foreach ($errors as $msg) { //print each error echo " - $msg<br />\n"; } echo '</p><p>Plese try again.</p><p><br /></p>'; } // end of if(empty($errors)) if. }//end of submit conditional. //always show the form. //retrieve the user's information. $query = "SELECT page_name, content, editor FROM " . TBL_CONTENT . " WHERE id='$id'"; $result = mysql_query($query); //run the query if (mysql_num_rows($result) == 1) { //vaild user id, show the form. //get the user's information. $row = mysql_fetch_array($result, MYSQL_NUM); //create the form. echo '<div style="text-align: center; font-weight: bold; font-size: 14px;">Edit page</div> <form action="edit_page.php" class="edit_page" method="post"> <h3>Title</h3><input type="text" class="edit_name" name="page_name" size="15" maxlength="15" value="' . $row[0] . '" /> <br /><br /> <textarea name="content" class="edit_content">' . $row[1] . '</textarea><br /> <p>Last Edited By: ' . $row['2'] . '</p> <input type="submit" name="submit" value="Submit" /> <input type="hidden" name="submitted" value="TRUE" /> <input type="hidden" name="id" value="' . $id . '" /> </form>'; } else { // not a valid page id./ echo '<h1> Page error</h1><p class="error"> Page accessed in error.</p><p><br /><br /></p>'; } require('http://' . $_SERVER['HTTP_HOST'] . '/includes/footer.php'); } else { //end the admin checking, if the are not an admin, the script below forwards them to the login page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST']; // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; header("Location: $url"); exit(); // Quit the script. } ?> header.php <?php ob_start(); session_name('iarp'); session_start(); require ('session.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta name="generator" content="EditPlus" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <?php echo $header; ?> <script type="text/javascript" src="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/link.js"></script> <script type="text/javascript" src="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/external.js"></script> <script type="text/javascript" src="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/lytebox.js"></script> <link rel="stylesheet" href="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/lytebox.css" type="text/css" media="screen" /> <link rel="stylesheet" href="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/style.css" type="text/css" /> </head> <body> <script type="text/javascript" src="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/includes/vaildate.js"></script> <div id="container"> <div id="header"> <h1><a name="top"></a><img src="<?php echo "http://" . $_SERVER['HTTP_HOST']; ?>/images/home.gif" alt="" /></h1> <div id="navigation"> <ul> <li><a href="/" title="To The Bridge Captain">Home</a></li> <li><a href="/?id=networking" title="Networking Solutions">Networking</a></li> <li><a href="/?id=projects" title="Current projects">Projects</a></li> <li><a href="/?id=solutions" title="Tech Solution's"> Solutions </a></li> <!-- <li><a href="/?id=events" title="Event's going on... if any at all">Events</a></li> --> <li><a href="/?id=contact" title="To reach us">Contact Us</a></li> <li><a href="/blog/" title="My Blog">Blog</a></li> <?php if (isset($_SESSION['user_id'])) { echo '<li><a href="/?action=logout" title="Log Me Out">Logout</a></li>';} else { echo '<li><a href="/?id=login" title="Log Me In">Login</a></li>';} ?> </ul> </div> </div> <div id="content"> P.S: I used this script for the longest time to redirect someone $url = 'http://' . $_SERVER['HTTP_HOST']; if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } $url .= '/index.php'; header("Location: $url"); I'm now in FF3 and it no longer redirects... it just stays on the page showing nothing. What's changed?

Yes it does work, i unno, i picked it up from a php book i read. BTW the ob_start and flush fixed the problem, it works as i need it now thanks.

Hey, I use this script on 3 different websites, all on the same host just different domains. This login.php page logins, sets the session variables and then forwards the user to the main page. For some reason, it's just stopped working on one of the sites and the user just sits on a blank page. It makes it to "exit(); // Quit the script." but for some reason won't forward the user as it does on the other sites. The only different between all the sites is the .htaccess RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] RewriteRule \.(css|jpe?g|gif|png)$ - [L] but that just adds www. in front of the url. login.php <?php $title = 'Login'; include('./includes/header.php'); if (isset($_POST['submitted'])) { // Check if the form has been submitted. require_once ('./includes/mysql.php'); // Connect to the database. // Validate the email address. if (!empty($_POST['username'])) { $un = escape_data($_POST['username']); } else { echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>'; $un = FALSE; } // Validate the password. if (!empty($_POST['pass'])) { $p = escape_data($_POST['pass']); } else { $p = TRUE; echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>'; } if ($un) { // If everything's OK. // Query the database. $query = "SELECT user_id, first_name, userlevel FROM " . TBL_USERS . " WHERE (username='$un') AND active IS NULL"; $result = mysql_query ($query); // or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_num_rows($result) == 1) { // A match was made. // Register the values & redirect. $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; $_SESSION['userlevel'] = $row[2]; // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST']; // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p><font color="red" size="+1">Either the username and password entered do not match those on file or you have not yet activated your account.</font></p>'; } } else { // If everything wasn't OK. echo '<p><font color="red" size="+1">Please try again.</font></p>'; } } // End of SUBMIT conditional. ?> <h1>Login</h1> <form action="login.php" method="post" class="contact_login"> <p><label>Username:</label> <input type="text" name="username" size="20" maxlength="40" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?><?php if(isset($_GET['username'])) echo $_GET['username']; ?>" /></p> <p><label>Password:</label> <input type="password" name="pass" size="20" maxlength="20" value="<?php if(isset($_GET['temppassword'])) echo $_GET['temppassword']; ?>" /></p> <div align="center"> <input type="submit" name="submit" value="Login" /><br /> <small><a href="../forgot_password.php">Forgot Password</a> | <a href="../register.php">Register</a></small> </div> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('./includes/footer.php'); ?>

my site editing page, allows the admin to change basic items like the sites name, copywrite name, rss feed url and to enable or disable the rss feed from showing on webpages. Just after " if (empty($errors)) { " in the page below, it updates all the fields. and as you may notice, if someone sets the rrs enable to enable, it actully sets everything that uses this foreach to active. Is there a way to pick out only the rss feed url and allow me to enable/disable it? $page_title = 'Edit Site'; require ('../includes/header.php'); if ($userlevel >= "9"){ //checks if the user is an admin, if not it skips everything below and forwards them to the login page. require_once('../includes/mysql_connect.php'); if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['site_name'])) { $errors[] = 'You forgot to enter the sites name!'; } else { $sn = $_POST['site_name']; $sn1 = 'site_name'; } if (empty($_POST['copyright'])) { $errors[] = 'You need the copyright'; } else { $cr = $_POST['copyright']; $rss = '1'; } if ($_POST['rssfeed-radio'] == "enable") { $rss = "1"; } elseif ($_POST['rssfeed-radio'] == "disable") { $rss = "0"; } else { $errors[] = "Error, you screwed with mah code! Choose to enable or disable RSS Feed showing."; } if (empty($errors)) { foreach ($_POST as $k => $v) { if ($k != "submit" || $k != "submitted") { mysql_query("UPDATE " . TBL_CONFIG . " SET config_value='$v', active='$rss' WHERE config_name='$k'"); } } messages(4); } else { //report the errors echo '<h1> Error</h1> <p class="error"> The following errors occured:<br />'; foreach ($errors as $msg) { //print each error echo " - $msg<br />\n"; } echo '</p><p>Plese try again.</p><p><br /></p>'; } // end of if(empty($errors)) if. }//end of submit conditional. // The query below grabs all the fields available in the database table, and assigns each row to $config['']; $query = "SELECT config_name,config_value FROM " . TBL_CONFIG; if ($result = mysql_query($query)) { if (mysql_num_rows($result)) { while ($row = mysql_fetch_assoc($result)) { $config[$row['config_name']] = $row['config_value']; } } } // You now have an associative array containing your config information. // You can print a single value. eg; //echo $config['copyright'] . '<br />'; // I kept this here, because if i ever wanted to... for some reason... print out all the fields without formating. /*foreach ($config as $k => $v) { echo '<label>' . $k . '</label> = <input type="text" name="$k" value="' . $v . '" /><br />'; } */ echo '<h3> Site Config </h3> <form action="config.php" class="config" method="post"> <label>Site Name:</label> <input class="config-input" type="text" name="site_name" value="' . $config['site_name'] . '" /><br /> <label>Copyright:</label> <input class="config-input" type="text" name="copyright" value="' . $config['copyright'] . '" /><br /> <label>RSS Feed:</label> <input class="config-input" type="text" name="rss_feed_url" value="' . $config['rss_feed_url'] . '" /> <input type="radio" name="rssfeed-radio" value="enable"> Enable <input type="radio" name="rssfeed-radio" value="disable"> Disable <br /> <input type="submit" name="submit" value="Submit" /> <input type="hidden" name="submitted" value="TRUE" /> </form>'; require('../includes/footer.php'); } else { //end the admin checking, if the are not an admin, the script below forwards them to the login page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST']; // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/login.php'; header("Location: $url"); exit(); // Quit the script. } ?>