Andy-H

<?php echo "<body bgcolor=\"black\" text=\"white\" link=\"red\" vlink=\"red\">"; require ('database.php'); print '<center><img src=/images/" . $row["showimage"] " height="125" width="500" border="1"></center>'; //Define the query $query = "SELECT *, DATE_FORMAT(`date`, '%M %e, %Y') AS date FROM shows, matches WHERE matches.showid = shows.id"; $r = mysql_query($query); $n = mysql_num_rows($r); if ($n == 0){ //output for no records... echo '</body></html>'; exit(); } // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<center>Date: '.$row['date'].'</center>'; print '<center>Location: '.$row['location'].'</center>'; print '<center>Bell Time: '.$row['belltime'].'</center><br><br>'; print '<center>'.$row['matchtype'].'</center>'; print '<center>'.$row['vs1'].' vs. '.$row['vs2'].'</center>'; } ?> ???

ini_set('error_reporting','E_ALL'); ini_set('display_errors','ON'); I think thats right, I never used it before. If it is, still no errors...

No, I am using shared hosting, I will try ini_set but my host likes to disable things for no apparent reason. :-\

This is my login code, it works fine up until the part after the password incorrect error, the session is not set and the header location does not redirect users. inc/db.php doesnt give any output... <?php session_start(); include_once 'inc/db.php'; if ($_POST['submit_x']){ if ( !isset($_POST['login']) || empty($_POST['login']) ){ $err = 'Please enter your login name.'; }else{ if ( !isset($_POST['pass']) || empty($_POST['pass']) ){ $err = 'Please enter your password.'; }else{ if ( (strlen($_POST['login']) < 3) || (strlen($_POST['login']) > 20) ){ $err = 'Login name can only contain between 3 and 20 characters.'; }else{ if ( (strlen($_POST['pass']) < 6) || (strlen($_POST['pass']) > 20) ){ $err = 'Password can only be between 6 and 20 characters.'; }else{ $login = md5($_POST['login']); $pass = md5($_POST['pass']); $q1 = "SELECT user, pass FROM users WHERE login = '$login' LIMIT 1"; $r1 = mysql_query($q1)or trigger_error('Error on line: ' . __LINE__); $n1 = mysql_num_rows($r1); if ($n1 == 0){ $err = 'Their is no account with that login name - login names are case sensitive.'; }else{ $r2 = mysql_fetch_row($r1); $username = $r2[0]; $password = $r2[1]; if ($pass != $password){ $err = 'Incorrect password - passwords are case sensitive.'; }else{ $_SESSION['user'] = $username; $time = time() + 300; $ip = $_SERVER['REMOTE_ADDR']; $u1 = "UPDATE users SET last_login = '$date', active = '$time', ip = '$ip' WHERE user = '$username' LIMIT 1"; $u2 = mysql_query($u1)or trigger_error('Error on line: ' . __LINE__); header('Location: main.php'); }}}}}}} if (isset($err)){ $id = 'id="err"'; $msg = '<strong>Error:</strong> ' . $err; }else{ $id = ''; $msg = ''; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> <?php echo $gamename . ' - ' . $motto; ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" > <link rel="stylesheet" type="text/css" href="style/style.php.inc" > <meta name="Author" content="Andrew Michael Holland - UK" > <meta name="Keywords" content="" > <meta name="Description" content="" > <meta name="resource-type" content="document"> <meta name="distribution" content="global"> <meta name="revisit-after" content="7 days"> <meta name="copyright" content="Copyright <?php echo $gamename; ?> All Rights reserved 2008+"> <meta name="Robots" content="follow,index"> <style type="text/css"> input { font-size: 12px; vertical-align: text-center; font-weight: bold; text-align: center; } #err { color: red; } </style> </head> <body> <p align="center" style="height: 15px;" <?php echo $id; ?>> <?php echo $msg; ?> </p> <form action="" method="POST"> <table align="center" style="width: 938px; height: 501px; border: 0; border-collapse: collapse;" cellspacing="0" cellpadding="0"> <tr> <td colspan="7" style="background-image: url('images/LOG-IN_01.gif'); width: 938px; height: 200px; border: 0px;"></td> </tr> <tr> <td rowspan="8" style="background-image: url('images/LOG-IN_02.gif'); width: 425px; height: 300px; border: 0px;"></td> <td colspan="4" style="background-image: url('images/Login.gif'); width: 120px; height: 20px; border: 0px; font-size: 12px;"> <input type="text" name="login" style="background-color: #000000; color: #00c6ff; width: 120px; height: 18px; border: none; position: relative; padding: 0px;" maxlength="20"> </td> <td colspan="2" rowspan="6" style="background-image: url('images/LOG-IN_04.gif'); width: 393px; height: 193px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_05.gif'); width: 120px; height: 66px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/Pass.gif'); width: 120px; height: 21px; border: 0px;"> <input type="password" name="pass" style="background-color: #000000; color: #00c6ff; width: 120px; height: 18px; border: none; position: relative; padding: 0px;" maxlength="20"> </td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_07.gif'); width: 120px; height: 8px; border: 0px;"></td> </tr> <tr> <td colspan="2" rowspan="2" style="background-image: url('images/LOG-IN_08.gif'); width: 28px; height: 78px; border: 0px;"></td> <td> <input type="image" name="submit" src="images/btn_Login.gif" alt="Login" style="height: 19px; width: 58px; border: none;"></td> <td rowspan="2" style="background-image: url('images/LOG-IN_10.gif'); width: 34px; height: 78px; border: 0px;"></td> </tr> <tr> <td style="background-image: url('images/LOG-IN_11.gif'); width: 58px; height: 59px; border: 0px;"></td> </tr> <tr> <td rowspan="2" style="background-image: url('images/LOG-IN_12.gif'); width: 5px; height: 107px; border: 0px;"></td> <td colspan="4"> <img src="images/Screenshot.gif" width="120" height="22" alt=""></td> <td rowspan="2" style="background-image: url('images/LOG-IN_14.gif'); width: 388px; height: 107px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_15.gif'); width: 120px; height: 85px; border: 0px;"></td> </tr> <tr> <td style="background-image: url('images/spacer.gif'); width: 425px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 23px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 58px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 34px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 388px; height: 1px; border: 0px;"></td> </tr> </table> </form> <div align="center"> | <a href="register.php">Register</a> | </div> </body> </html>

Your host has disabled calling includes on URL's as it can be used to call files from external servers and is a security risk.

ty

I have attempted to make my register form using isset(), however, it is passing blank fields.. :S Any ideas to why?

ok, thanks Topic set as solved, thanks for the help evaryone

I mean about weather mysql_real_escape_string() would be unneccessary???

Any comments on that one? Thanks again Mike, I already have basically the same function lol Mine doesnt like hotmail tho so I think that will be usefull Also, I always wondered what the use of: srand((double)microtime()*10000000); Was?

Just escape your data when you use the $_GET superglobal too..

Yeh thats what I do, I mean when it needs re-sending.

I use login name, display name, password, so that all the users login data can be encrypted using md5(), And I figured if I allow users to use any character in their login name I will get retards forgetting their details and complaining that they cant remember it. And obviously I cant use a resend login details with encrypted data.

Ty Mike. I have another question lol if ( !isset($_POST['login']) ){ $err = 'Please enter your desired login name.'; }else{ if ( !ctype_alnum($_POST['login']) ){ $err = 'Login name can only contain alphanumeric characters.'; }else{ $login = $_POST['login']; Would it be un-neccessary to use mysql_real_escape_string() on the $_POST['login'] now that I know it only contains A-Za-z0-9? I assume it would be, but my assumptions aren't always best trusted lol Thanks again for the answer Mike, I am going to put this into practice as my VB.NET tutor told us to do that at college but I was already set in my ways with PHP and never thaught to apply it lol lol LemonInflux, so do mine

Because that will not give me rason to why the performance is better/worse, and as I have already said, I like to know the reasons to why I am doing things, rather than just knowing I should do them.

Basically what I mean is is it more efficient to store the value of the postdata in a variable before checking the input rather than making numerous calls to the $_POST superglobal. I know the difference in performance is barely noticable but every little helps.

Lol, sorry I meant wildteen, (hence I edited the post) I kind of gathered that much before asking the question, but wanted a little expert advice lol

Thanks, any chance you can elaborate on that please wildteen88? I like to know the reasons behind doing things lol And isset never seems to work on submit type inputs for me, can anyone explain why please?

I was just wondering if it had any effects on the performance of a script if you check postdata before storing it into a variable. I.E Would if ( empty($_POST['script']) ){ $err = 'Please enter the scriptcheck in the corresponding input box.'; }else{ $script = md5(intval($_POST['script'])); Be slower than $script = $_POST['script']; if ( empty($script) ){ $err = 'Please enter the scriptcheck in the corresponding input box.'; }else{ $script = md5(intval($script)); Thanks in advance for answers.

What about family players etc. And like I said it's easily avoidable.

Thats to stop them typing in, you will also need to check with PHP incase they disable javascript. (or their browser doesnt support it)

You need to use javascript / regex I think. E.g. <head> <script language="javascript"> function isEmail(str){ var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/; if(reg.test(str) == false) return false; return true; } </script> </head> <body> <input type="text" name="email" id="form_email" value="[email protected]" onFocus="if (this.value == '[email protected]'){ this.value = ''; }" onBlur="if ( isEmail(this.value) == false ){ this.value = '[email protected]'; alert('The email address entered is not a valid format.'); }" /> </body>

No point, IP's are easy to change, we have a badword list but they are just generally annoying. I have one of the guys on msn... @ndy Holland says: You make 1 every time u get banned :| ************** says: yeh lol ************** says: im used 2 it know so it only takes me like 2 minz :-/

Fair enough, I coded the scripts he uses and the email accounts can only be used by one living account at a time, looks like the email ban is the most efficient way to bann them from the site and I will implement this now, Im sure he will just create more but if he wants to get into my friends site im not going to make it easy for him. Thanks for the help

Their account password is sent to their email address. I think he has alot of email address and leads a sad enough life to create new ones just to annoy the game owner lol