Karlos2394

Read up on.. ob_start(); ob_flush();

<?php session_start(); if ($_SESSION['6_letters_code'] == $_POST['6_letters_code'] && !empty($_SESSION['6_letters_code'])) { $to = "sales@anglianpat.com"; $email_subject = "This is the email subject"; $name = $_POST['name']; $email = $_POST['email']; $number = $_POST['number']; $message = $_POST['message']; $email_body = "Name " . $name . " . Email Address " . $email . " . Phone Number " . $number . ". Message: " . $message; mail($to, $email_subject, $email_body); die(header('Location: http://www.anglianpat.com/test/thankyou.html')); } else { die(header('Location: http://www.anglianpat.com/test/wrongcode.html')); } ?>

To be honest I haven't been in web development a long time, so I'm not sure, I was wondering if I was correctly using it, which would be an effective way to use the function. Obviously i'm not, could someone please show me a piece or snippet of code which I can understand how it's effective and secure by using session_id() please? Karlos.

Can anyone actually help?

Basically, I give each user a different session_id() when they login, and regenerates every 15 mins. However, I was wondering if I could use session_id() as a security measure. I'm not entirely sure if this is a good way to use it, or if i'm using some bits which aren't needed at all. // Function whichs uses session_id() function Delete() { global $db, $ir; // $db = Database class || $ir = query for getting users info. if (isset($_GET['Id'], $_GET['Auth'])) { if ($_GET['Id'] && $_GET['Auth'] == session_id() && session_id() == $ir['sId']) { $db->query("DELETE FROM `events` WHERE `evID`=".$_GET['Id']." AND `evUSER`=".$ir['userid']); $_SESSION['dResult'] = 'Event Deleted'; } else { Error('An error occured while deleting the selected event.'); } } else { Error('An error occured.'); } } // Link to function. echo '<a href="events.php?act=Delete&Id=',$r['evID'],'&Auth=',session_id(),'">Delete</a><br />';

Well I got it working in the end, PFMaBiSmAd put me on the right track, I started messing around with it and my final query worked. function get_rank($MyStat, $OStat) { global $db; $Query = $db->Execute(sprintf("SELECT COUNT(*) FROM `userstats` `us` LEFT JOIN `users` `u` ON `us`.`UserID`=`u`.`UserID` WHERE `us`.`%s` > '%d' AND `u`.`UserLevel`<>'0'", $OStat, $MyStat)); return mysql_result($Query, 0, 0) + 1; } Thanks Ace && PFMaBiSmAd

Hey! Well basically i'm using a free database class <?php /* Nyna's Database Class (Criminal Existence) Link To Actual File. http://criminalexistence.com/ceforums/index.php?topic=18421.msg83533#msg83533 Copyright (C) 2004-2008 Nyna <nyna@nyna.co.uk> All Rights Reserved. */ class CDatabase { function CDatabase($Server, $Username, $Password, $Database) { $this->_link = @mysql_connect($Server, $Username, $Password); if (!is_resource($this->_link)) { echo 'Connection To MySQL Server Failed!'; exit; } if (!@mysql_select_db($Database, $this->_link)) { mysql_close($this->_link); echo 'Failed To Select Database'; exit; } } function AffectedRows() { return $this->_affected; } function ErrorMsg() { return $this->_error; } function ErrorNo() { return $this->_errno; } function &Execute($sql) { $rs = mysql_query($sql, $this->_link); if ($rs === FALSE) { return $this->RaiseError(); } $this->_affected = @mysql_affected_rows($this->_link); return $rs; } function FetchAll($sql) { $rs = &$this->Execute($sql); if (!is_resource($rs)) { return $rs; } $rows = array(); while ($row = mysql_fetch_assoc($rs)) { $rows[] = $row; } mysql_free_result($rs); return $rows; } function FetchOne($sql) { if (is_array($row = $this->FetchRow($sql))) { return array_shift(array_values($row)); } return $row; } function FetchRow($sql) { $rs = &$this->Execute($sql); if (!is_resource($rs)) { return $rs; } if (($rows = mysql_num_rows($rs)) === FALSE) { $row = $this->RaiseError(); } else if (!$rows) { $row = NULL; } else { $row = mysql_fetch_assoc($rs); } mysql_free_result($rs); return $row; } function &RaiseError() { static $false = FALSE; $this->_errno = mysql_errno($this->_link); $this->_error = mysql_error($this->_link); return $false; } } ?> Well I've got this function function get_rank($stat, $mykey) { global $ir, $UserID, $db; $q=$db->Execute("SELECT count(*) FROM userstats us LEFT JOIN users u ON us.UserID=u.UserID WHERE us.$mykey > $stat AND us.UserID != $UserID AND u.user_level != 0"); return mysql_result($q,0,0)+1; // Being Line 87 } What are the problems? Well.. I recieve this error: Warning: mysql_result(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Cursed (Lite)\ImPoRtAnT-StUfF\GFunc.php on line 87

A friend of mine fixed it for me, i simply turned mysql_fetch_row() into mysql_fetch_array() and it worked!

Well I've been coding PHP for about 6/7 months and i've never gotten to do sessions really but I have come across some problems and i think its the sessions. My errors are: Notice: Undefined index: user_name in C:\wamp\www\Blah\index.php on line 12 Notice: Undefined index: user_name in C:\wamp\www\Blah\index.php on line 12 <?php session_start(); require_once (DIRNAME(__FILE__) . '/db.php'); $Set = array(); $Get = db_query("SELECT `Set_Name`, `Set_Value` FROM `settings`"); while($r = mysql_fetch_array($Get)) { $Set[$r['Set_Name']] = $r['Set_Value']; } $Page = isset($_POST['Page']) ? $_POST['Page'] : ''; $Error = ''; if ($Page == 'Login') { $email = $_POST['email']; $password = $_POST['password']; if (trim($email) == '' || trim($password) == '') { $Error .= 'Please enter your email address and password.<br>'; } else { $result = db_query("SELECT id, name, password FROM users WHERE email='" . mysql_real_escape_string($email) . "'"); if (!($row = mysql_fetch_assoc($result))) { $Error .= 'The email address was not found.<br>'; } else if ($row['password'] != sha1($password)) { $Error .= 'The password did not match.<br>'; } else { $_SESSION['user_id'] = $row['id']; header('Location: index.php'); exit(); } } } echo ' <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head>'; echo sprintf("<title>%s Login</title>", stripslashes($Set['GameName'])); echo ' <style type="text/css"> div.ErrorText { color: #FF0000; width: 400px; text-align: center; } div.LBox { float: left; width: 150px; text-align: right; padding-right: 5px; } div.RBox { clear: right; } </style> </head> <body>'; echo sprintf("<div class='ErrorText'>%s</div>", $Error); echo ' <form action="login.php" method="post"> <div><input type="hidden" name="Page" value="Login"></div> <div class="LBox">Email address</div> <div class="RBox"><input type="text" name="email" size="30" maxlength="255"></div> <div class="LBox">Password</div> <div class="RBox"><input type="password" name="password" size="30"></div> <div class="LBox"> </div> <div class="RBox"><input type="submit" value="Log In" size="30"></div> </form> </body> </html> '; ?> <?php session_start(); error_reporting(E_ALL); $MemID = $_SESSION['user_id']; require_once 'db.php'; $ir = mysql_fetch_row(db_query(sprintf("SELECT * FROM users WHERE id=%u", $MemID))); ?> <?php include_once (DIRNAME(__FILE__) . '/core.php'); echo ' <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Index</title> </head> <body> Hello, '.$ir['user_name'].', what do you think you\'re doing? I\'m sorry, '.$ir['user_name'].', I can\'t let you do that.<br><br> <a href="logout.php">Log out</a> </body> </html>'; ?>

Ah, I see, thank you.

Well I've been going over and over many idea's to block people viewing my .CSS files and I'm starting to doubt if it can be done, any idea's?