Stephen

But if you're editing the message it would show <img src=""></img> instead of [.img][./img], which would make it harder for the user to edit. If you parse the bbcode when the user is viewing the message then it would make it easier.

Line1 doesn't even have a mysql query. You put "or die(mysql_error());" after mysql_query(); So it would look like: mysql_query() or die(mysql_error());

What do you mean wrapping?

I never noticed that we had PHP tags :/ Color coding without having to add start/end php tags is nice

Send them a message with the mail function. http://us3.php.net/manual/en/function.mail.php

If you don't want anything to happen after it checks the word you can just remove the else.

What I use is: In the category or board (i.e. Teacher page) in the mysql db you'd have like read - write - make Columns. Using stublacketts group numbers: 1 - Student 2 - Teacher 3 - Superuser I'd put something like read - write - make 2,3 - 2,3 - 2,3 That way only teachers and superusers can access it. To seperate that I'd use explode(",",$read); - read being the variable with the read usergroup ids in it (from the table). Then just use foreach to check if the users groupid is that, and if it is set like $okay=1. Later, check "if $okay==1" then let them see the page. Hope you can understand that

After you make a form, you do something like this: <?php if ($_POST["inputname"]=="word") { header("Location: page.php"); } else { echo("Failed the word."); } ?>

Check mysql_num_rows with the query selecting the user from the database. If its 0 then let them register.

Heres a good resizing script incase you need it: http://www.phpfreaks.com/forums/index.php/topic,191541.0.html

Hmm, try this: <?php $con = mysql_connect('servername', 'username', 'password'); if($con) { mysql_select_db('db_name') or die('MySQL Error: ' . mysql_error()); } if(isset($_SESSION['id'])) { // make sure the session is set if(is_int($_SESSION['id'])) { $uid = mysql_real_escape_string(htmlentities(htmlspecialchars($_SESSION['id']))); // secure the data for inserting into the database! $query = "SELECT * FROM table_name WHERE id = '".$uid."' LIMIT 1"; // Make sure it only calls one user $result = mysql_query($query) or die('MySQL Error: ' . mysql_error()); while($row = mysql_fetch_array($result)) { // while loop if(mysql_num_rows($result) > 0) { print $row['username']; // etc... print $row['email']; // etc... } else { print 'User does not exist!'; } } } } else { die("You are not logged in!"); } mysql_close($con); ?> Otherwise it looks like it'd work to me.

XSS still there on that beta2 though. http://scott.projecth4x0r.com/beta2/message.php?id=\%22%3E%3Cmarquee%3ESTEPHENS%20TESTLOL%3C/marquee%3E Also: http://scott.projecth4x0r.com/beta2/member.php?username=%22%3E%3Cmarquee%3ESTEPHENS%20TESTLOL%3C/marquee%3E You should make it so if the user doesn't exist, it doesn't show that page.

Sorry, forgot to add a linebreak. <?php $con = mysql_connect('servername', 'username', 'password'); if($con) { mysql_select_db('db_name') or die('MySQL Error: ' . mysql_error()); } if(isset($_SESSION['id'])) { // make sure the session is set if(is_int($_SESSION['id'])) { $uid = mysql_real_escape_string(htmlentities(htmlspecialchars($_SESSION['id']))); // secure the data for inserting into the database! $query = "SELECT * FROM table_name WHERE id = '".$uid."' LIMIT 1"; // Make sure it only calls one user $result = mysql_query($query) or die('MySQL Error: ' . mysql_error()); while($row = mysql_fetch_array($result)) { // while loop if(mysql_num_rows($result) > 0) { print $row['username']; // etc... print $row['email']; // etc... } else { print 'User does not exist!'; } } } } else die 'You are not logged in!'; mysql_close($con); ?>

Try using: <?php $con = mysql_connect('servername', 'username', 'password') if($con) { mysql_select_db('db_name') or die('MySQL Error: ' . mysql_error()); } if(isset($_SESSION['id'])) { // make sure the session is set if(is_int($_SESSION['id'])) { $uid = mysql_real_escape_string(htmlentities(htmlspecialchars($_SESSION['id']))); // secure the data for inserting into the database! $query = "SELECT * FROM table_name WHERE id = '".$uid."' LIMIT 1"; // Make sure it only calls one user $result = mysql_query($query) or die('MySQL Error: ' . mysql_error()); while($row = mysql_fetch_array($result)) { // while loop if(mysql_num_rows($result) > 0) { print $row['username']; // etc... print $row['email']; // etc... } else { print 'User does not exist!'; } } } } else die 'You are not logged in!'; mysql_close($con); ?> I edited Wolphies code a little

Yeah, I rarely comment on my scripts :/. I think I should get into the habit though

Then maybe the user shouldn't be lazy and just click a stupid button! And then switch to FF! Heh jay kay. But I guess you could check hidden input as one person said, like <input type="hidden" name="hoi" value="hoi" />.

You could just do like: <?php $_s_name=$_SERVER["SCRIPT_NAME"]; $_s_qstring=$_SERVER["QUERY_STRING"]; echo($_s_name."".$_s_qstring); ?> Hope that works this time

You have to fix the dir. Mine was set to like "/home2/site/www/images/"

Well <?php $top=6; //How many images you have... or anything I guess. $dir="/dir/"; $od=opendir($dir); $rand=rand(1,$top); $ndone=true; while ($ndone) { while ($file=readdir($od)) { $nr=rand(1,$top); if ($nr==$rand) { readfile($dir."".$file); $ndone=false; } } } closedir($od); ?> Grabs a random file and reads the contents. Problem is, I can't get the header to work (above readfile) so it can display as an image :/.

Odd, I'll have to try it.

I like it, except the colors. Make the buttons at the top dark gray I think, and when you're on that page make them light gray. Also the links for the thought of the day shouldn't be blue or purple. I think they should be gray too Unless you want it more colorful then boring ol' me.

Couldn't you do like: <?php $top=10; //How many images you have... or anything I guess. $dir="/dir/"; $od=opendir($dir); $rand=rand(1,$top); $done=false; while (!$done) { while ($file=readdir($od)) { $nr=rand(1,$top); if ($nr==$rand) { $done=true; header("Content-type image/".filetype($dir."".$file)); readfile($dir."".$file); } } } closedir($od); ?> Not tested . I hope it works, I'm kind of tired right now though.

I'm guessing your mysql database is full (can't hold any more information).

I don't really understand AJAX that well either, but here is a topic someone made (look at the replies).

What's your script when you're updating it & submitting the form? And when you see the form, it isn't blank right?