Handy PHP

Well, this isn't the prettiest code I've ever seen but it functions more or less. And we all learned somewhere and it usually was deep in messy code so there isn't any reason to be so hard on the guy. He's just looking for help! I made the code a little easier for ME to read and may have found the issue but this isn't my strongest subject. Basically, I have a very hard time reading this style of coding (not just yours). I believe the you have the "view" case before the "compose" case and here is why I think that... Your "view" case doesn't have a break statement at the end which will allow your code to read the next case even if it doesn't match the variable. So when you view the message, it re-submits the message. Here is your code indented to make it easier to read: <? case 'compose': if(!$_POST[send]){?> <div id="main_heading_text" class="left">My Inbox: Compose Message</div> <div id="main_list_buttons" class="right"></div> <div class="my_account_info" id="contentdiv" > <form method="post" action=""> <table width="680" border="0" cellspacing="0" cellpadding="0" style='border: 1px solid #E1F4A6; '> <tr> <td width="212" height="35" bgcolor="#E7F7A5"><br /> <span class="edit_profile_label" style="padding-left:8px;">User Name:</span> <? if(isset($_GET[user])){ //check if there is a user in the address bar echo "<input type='text' name='to' value='$_GET[user]' size='15'>"; //if there is }else{ //or not.. echo "<input type=\"text\" name=\"to\" size=\"15\">"; //echo the input box without the value of the user! } //end user check in address bar</b>?></td> <td width="466" height="50" bgcolor="#E7F7A5" ><br /><b class="edit_profile_label" > Subject:</b><input type="text" name="title" value="My Offer" size="15"></td> </tr> <tr> <td height="125" colspan="2" valign="top" style="padding-left:8px;"><p> </p> <p> </p> <p><b class="edit_profile_label" style="font-size:14px;">Message:</b><br /><br /> <textarea name="message" rows="6" cols="75"></textarea> <br /><br /><br /><br /> </p> </td> </tr> <tr> <td height="35" style="padding-left:8px;"><input type="submit" name="send" value="Send message" id="update_listing_btn" ><br /><br /></td> <td><a href="my_account.php?page=pm" style="font-size:12px; color:#00AEBF;">Back to inbox</a></td> </tr> <tr> <td height="35" bgcolor="#E7F7A5"> </td> <td bgcolor="#E7F7A5"> </td> </tr> </table> </form> <? }else{ //or if it was.... $to = stripslashes(htmlspecialchars(strip_tags($_POST[to]))); //who its to $from =$_SESSION[uSERNAME]; //who its from $date = date("F j, Y, g:i a"); //the date sent $msg = addslashes($_POST[message]); //the message variable $subject = addslashes($_POST[title]); //the subject $do = mysql_query("INSERT INTO `private_msg` (`to`,`from`,`date`,`subject`,`content`) VALUES ('" . $to . "','" . $from . "','" . $date . "','" . $subject . "','" . $msg . "')") or die(mysql_error()); //insert into the table! echo "<div id='main_heading_text' class='left'>My Inbox: Compose Message</div> <div id='main_list_buttons' class='right'></div> <div class='my_account_info' id='contentdiv' > <table width='680' border='0' cellspacing='0' cellpadding='0' style='border: 1px solid #E1F4A6; '> <tr> <td height='35' bgcolor='#E7F7A5'></td></tr> <tr><td><br /><br /><center>Message Sent! <a href=\"my_account.php?page=pm\" style=\"font-size:12px; color:#00AEBF; \">Go back to inbox</a></center><br /><br /></td></tr> <tr> <td height='35' bgcolor='#E7F7A5'></td></tr> </table>";?> <?}?> <? break; ?> <? case 'view': $id = (int)htmlspecialchars(strip_tags($_GET[id])); $msgs = mysql_query("SELECT * FROM `private_msg` WHERE `to` = '" . $_SESSION[uSERNAME] . "' ORDER BY `pid` ASC") or die(mysql_error()); //get all the messages to the loged in user $id = (int)htmlspecialchars(strip_tags($_GET[id])); //make the ID safe if(!$id){ $user_message = "<table width=\"680\" border=\"0\" align=\"left\" cellpadding=\"5\" cellspacing=\"0\" class='private_msg_tbl' ><tr class=\"edit_profile_label\"> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td> <td width=\"680\" ><a href=\"pm.php\">Go back to inbox</a> <br /><br />No ID Selected!</td> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td></tr> </table>"; ?> <? }else{ $select = mysql_query("SELECT * FROM `private_msg` WHERE `pid` = '" . $id . "';"); //get the message's info $msg = mysql_fetch_array($select); //select all data if($msg[to] != $_SESSION[uSERNAME]){ //check if the user logged $user_message= "<table width=\"680\" border=\"0\" align=\"left\" cellpadding=\"5\" cellspacing=\"0\" class='private_msg_tbl'><tr class=\"edit_profile_label\"> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td> <td width=\"680\" ><a href=\"pm.php\">Go back to inbox</a><br /><br />This Message Was Not Sent To You</td> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td></tr> </table>"; }else{ //maybe... if(!$_POST[reply]) { //if the reply was not submitted $mark = mysql_query("UPDATE `private_msg` SET `status` = 'Read' WHERE `pid` = '" . $id . "'") or die(mysql_error()); //mark it as Read $message = nl2br(stripslashes($msg[content])); //make new lines to and strip the slashes $subject = stripslashes($msg[subject]); //strip the slashes $user_message="<table width=\"680\" align=\"left\" cellpadding=\"5\" cellspacing=\"0\" style='border: 1px solid #E1F4A6; ' ><form method=\"post\"> <tr > <td width='153' height='35' bgcolor='#E7F7A5' style='padding-left:7px;'><b class='edit_profile_label'>Subject:</b> $subject</td> <td width='507' bgcolor='#E7F7A5' style='padding-left:7px;' ><b class='edit_profile_label'>From:</b> $msg[from]</td> </tr> <div id='div_spacer'> <tr > <td height='100' colspan='2' style='padding-left:12px;'>$message</td> </tr> <tr> <td height='80' colspan='2' style='padding-left:8px;'><textarea rows=\"6\" cols=\"45\" name=\"msg\" ></textarea></td> </tr> <tr> <td height='35' style='padding-left:8px;'><input type=\"submit\" name=\"reply\" value=\"Reply\" style=' border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; width: 75px; font-weight: normal; color: #FFF; text-decoration: none; background-color: #00AEBF; height: 23px; float: left;'> </td> <td><a href=\"my_account.php?page=pm\" style=\"font-size:12px; color:#00AEBF; \">Go back to inbox</a></td> </tr> <tr> <td height='35' bgcolor='#E7F7A5'> </td> <td bgcolor='#E7F7A5'> </td> </tr> </table></form></div> "; }else{ $to = $msg[from]; //get who it is to $from =$_SESSION[uSERNAME]; //who its from $subject = "RE: " . $msg[subject]; //new subject $msg = addslashes($_POST[msg]); //the content $date = date("F j, Y, g:i a"); //the date sent $do = mysql_query("INSERT INTO `private_msg` (`to`,`from`,`date`,`subject`,`content`) VALUES ('" . $to . "','" . $from . "','" . $date . "','" . $subject . "','" . $msg . "')") or die(mysql_error()); //insert into the table! $user_message="<table width=\"680\" border=\"0\" align=\"left\" cellpadding=\"5\" cellspacing=\"0\" class='private_msg_tbl' ><tr class=\"edit_profile_label\"> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td><tr> <td width=\"680\" >Message Sent!</td></tr> <td width=\"680\" height=\"35\" bgcolor=\"#E7F7A5\"> </td></tr> </table>"; echo "$user_message"; } } } ?> The last line above needs a break before it no matter what order the cases are in your code unless you want the script to execute the additional cases. Now, a few suggestions for coding better in the future: As mentioned previously, use $_POST['field'] instead of $_POST[field]. It'll prevent problems in the future. Indent you code to keep your code more readable. Finding a missing curly bracket or quote is much easier this way. Create functions for your code and call those functions in your switch instead of raw code. Use <?php instead of <? as some servers don't like the short tags. That should do you for a bit. Hope this helps, Handy PHP

Well, it would help to see the rest of the code but I think that outside of your switch, you are running the query again somehow. Please post any other code you have that uses $do or "INSERT..." Handy PHP

$QueryResult = @mysqli_query($DBConncet, $SQLstring); or die("<p>Unable to execute the query.</p>" semi-colon preceding an OR statement. Generally, your error message will give you a line number for the error. Generally, the problem is on the line right before the error was found... You had a semi-colon on line 3 which made the OR statement on line 4 return an error. You might want to consider NOT breaking your lines up so much since this seems to be causing you a lot of problems. Breaking your lines up can make reading your code easier sometime but in this case, it actually makes it harder to read. Perhaps if you indent the code after the first break it would make it clearer what belongs with what. Like so: if (!@mysqli_select_db($DBConnect, $DBName)) { $SQLstring = "CREATE DATABASE $DBName"; $QueryResult = @mysqli_query($DBConncet, $SQLstring) or die("<p>Unable to execute the query.</p>" . "<p>Error code " . mysqli_errno($DBCoonect) . ":" . mysqli_error($DBConnect)) . "</p>"; echo "<p>You are the first visitor!</p>" mysqli_select_db($DBConnect, $DBName); Also, you have some typing errors: line 3: $QueryResult = @mysqli_query($DBConncet, $SQLstring); Should Be: $QueryResult = @mysqli_query($DBConnect, $SQLstring) And Line 5 . "<p>Error code " . mysqli_errno($DBCoonect) Should Be: . "<p>Error code " . mysqli_errno($DBConnect) You really need to try and pay more attention to your code. There isn't a spellchecker for PHP, just an error message! Handy PHP

"post composed message twice..." What? It displays twice in the view screen or gets placed in the database twice? And, is it just the message that is duplicated or is all of the detail repeated such as to, from, time, date, message, etc... Answering these questions will make in more likely that someone can help you. Handy PHP

Well, I don't use postgresql but in MySQL, you can set a field to accept NULL (blank) values. However, if you can't do that, just replace zeros with NULLS for any output and replace NULLS with zeros to add to the database: if($from_database == 0){ $from_database = ''; } if($to_database == '' || $to_database == NULL || !$to_database){ $to_database = 0; } Handy PHP

Well, I'm having a hard time comparing your code to the images you posted. I'm wondering if the current1.jpg is an actual screen shot of what is being displayed or an image you created to illustrate the problem. I think this is a mater of emptying your array before you start a new loop but I'm not sure. Handy PHP

Might be a good idea to get a decent code editor that highlights and color codes your code to make it easier to find errors. Also, if you have any more errors, it would help to see the updated code if you could post it. Handy PHP

Missing end parenthesis on line 5: die("<p> You must enter name and email. You need to go back to the Guestbook.</p>"; Should be: die("<p> You must enter name and email. You need to go back to the Guestbook.</p>"); Additional errors will likey happen with each of your die functions since your parenthesis are misplaced. Handy PHP

I assume that the other machines (that load the pages slowly) are in the same building correct? If this is the case, then your bandwidth isn't as big of an issue since the connection is local unless you are using a domain name in which case, you have to leave your LAN and goto the Internet then have a nameserver send you back. It could be a router issue but more than likely, the computer that acts as the server in this situation, probably isn't capable of performing the task adequately. Network Adapter, Processor, Memory, and of course how many other processes are running can dictate how quickly the pages load. Many hosting companies use a separate servers for Apache and SQL. I guess, my suggestion is to try different connections to the script... Have the accessing systems browse directly to the hosting systems IP address to reduce router lag. Test the script on a cheap hosting account on the internet to see if there is an improvement. While restructuring your PHP script may help somewhat, it isn't going to change a load time from 1 minute to 5 seconds. However, assuming that you are using MySQL, optimizing your database queries can really improve your load time. If your script queries the DB and get information for the next query then the next, then there will be a lot of time wasted. You should try to minimize the number of separate queries by combining queries. You can search in on table for information related to another table in the same query, etc... Handy PHP

Well, you can try this: <Location /index.html> AddType application/x-httpd-php .cgi </Location> But I don't think it will work. It is likely that the server will only parse one language or the other... As a result, it will more than likely try to parse one as the other and give you a fatal error. You really should try to convert the PHP portion of your code to Perl but I assume that you either don't know Perl or the PHP script is too large to convert. Of course, it is possible to run the PHP script remotely and dump the data back into the Perl script but that requires the proper Perl code to be added to do so. I don't know Perl well enough to tell you how to go about that. Handy PHP

Well, you should start by reading the manual: http://us.php.net/manual/en/features.file-upload.post-method.php Next, I don't see this defined anywhere: $web_location=$web_dir.$imagefile_name; You don't specify anywhere what $imagefile_name is so it is just checking if the directory exists more than likely. When you do assign a value to $imagefile_name, you need a slash and it would look something like this: $web_location="$web_dir/$imagefile_name"; That should at least get you to the point where you'll start getting error message that will show you what to fix next. Handy PHP

Well, the most basic method would be to check if $opt has a value... If there isn't a response then no value would be set for $opt. Or am I missing something? Handy PHP

I don't see a closing tag for the first (solved_it) form... So the browser only sees on form. Add </form> in the appropriate place in your script. Hope This Helps, Handy PHP

Use absolute path from root: Good luck, Handy PHP

Well, this is more of an HTML problem... You don't have table cells "<TD>". Try this: <tr> <td><? echo $rows['datetime']; ?></td> <td><? echo $rows['cat']; ?></td> <td><? echo $rows['title']; ?></td> <td><? echo $rows['views']; ?></td> <td><? echo $rows['replies']; ?></td> </tr> Hope this helps, Handy PHP

It looks as if you are missing and end parenthsis: //code that doesn't work foreach($info->products->product as $cost2) { mysql_query("INSERT INTO search_results (seller_name, price, description, buy_url, date) VALUES ('haha', '$cost2->price', 'good', 'www.blah.com', CURDATE())";<------HERE }; // end of code that doesn't work Should be this I think: //code that doesn't work foreach($info->products->product as $cost2) { mysql_query("INSERT INTO search_results (seller_name, price, description, buy_url, date) VALUES ('haha', '$cost2->price', 'good', 'www.blah.com', CURDATE())""; }; // end of code that doesn't work Good luck, Handy PHP

Well, not much info here but I'll give you a few questions to answer so you can get some help: Have you tried a plain HTML document on the server? Is this your local computer that you have set a test server up on? Have you tried "localhost", 127.0.0.1, or the IP address assigned to the computer that the server is running on for the domain name (after the http://)? Though Apache and PHP were bundled, did you double check to see that Apache aliases were set for PHP? Are you using some domain name with your home server and if so, have you used a service like openDNS to point the domain to your homes IP address? Answering these questions will allow someone like myself to get you the answer you need to resolve your issue. Handy PHP

Here is your original code with only the $_REQUEST replaced with $_POST: <?php $local_header_title="Send Messages"; require("member.php"); require("lib/ntmtxt.php"); require("lib/mail.php"); $mon=date('m'); $pro_id = $_POST['profile_id']; if($_POST['auth']=='-1') { echo "You Don't have right to send messages."; exit; } //print_r($_POST); //$pro_id = $_POST['profile_id']; if(isset($_POST['profile_id'])) { $pro_id = $_POST['profile_id']; if ($pro_id!='') { //inmate name $sel = "Select value from attribs where profile = '$pro_id' and aid='168'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_name = $row['value']; //inmate number $sel = "Select value from attribs where profile = '$pro_id' and aid='169'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmatenumber = $row['value']; //facility name $sel = "Select value from attribs where profile = '$pro_id' and aid='134'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_name = $row['value']; //facility address $sel = "Select value from attribs where profile = '$pro_id' and aid='162'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $facility_address = $row['value']; //city $sel = "Select value from attribs where profile = '$pro_id' and aid='163'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_city = $row['value']; //state $sel = "Select value from attribs where profile = '$pro_id' and aid='164'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_state = $row['value']; //zip $sel = "Select value from attribs where profile = '$pro_id' and aid='165'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_zip = $row['value']; //country $sel = "Select value from attribs where profile = '$pro_id' and aid='166'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $inmate_country = $row['value']; $ip=@$REMOTE_ADDR; $name = $_POST['name']; $inmate_number = $_POST['inmate_number']; $street = $_POST['street']; $city = $_POST['city']; $state = $_POST['state']; $country = $_POST['country']; $message = $_POST['message']; $dt1=date("Y-m-d"); echo $dtl; $mon=date('m'); //echo $mon; //check msg per day values $sel = "Select msg_per_day from msend_msg where mid = '$auth' and date='$dt1' and msg_per_day != ''"; $res = mysql_query($sel); //$cnt = count($res); include("inc/member.status.php"); mem_resetstats($auth); echo "<br><center>"; //check prights table whether entry exists or not for pid & rid=53 $q_mes_day="select count(*) from prights where pid= '$auth' and rid='53'"; $r_mes_day=mysql_query($q_mes_day); $row_cnt=mysql_fetch_row($r_mes_day); $pright_53_exists=$row_cnt[0]; if($pright_53_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','53','4')"; $res_d=mysql_query($sql_d); } $sel_mes_day = "Select value from prights where pid = '$auth' and rid = '53'"; $res_mes_day = mysql_query($sel_mes_day); $row_mes_day = mysql_fetch_array($res_mes_day); $count_msg_day=mysql_num_rows($res_mes_day); // count value per day $value_day = $row_mes_day['value']; //check prights table whether entry exists or not for pid & rid=54 $q_mes_mon="select count(*) from prights where pid= '$auth' and rid='54'"; $r_mes_mon=mysql_query($q_mes_mon); $row_cnt1=mysql_fetch_row($r_mes_mon); $pright_54_exists=$row_cnt1[0]; if($pright_54_exists==0) { $sql_d="insert into prights(pid,rid,value) values('$auth','54','4')"; $res_d=mysql_query($sql_d); } $sel_mes_month = "Select value from prights where pid = '$auth' and rid = '54'"; $res_mes_month = mysql_query($sel_mes_month); $row_mes_month = mysql_fetch_array($res_mes_month); // count value per Month $value_month = $row_mes_month['value']; //echo $value_month; $del= "delete from msend_msg where date='0000-00-00'|| name='' "; $res=mysql_query($del); //if ($member_policy[messages_per_day]) if //if($member_policy[messages_per_day]>=$count_msg_day) e0("Too many messages today!"); //if ($member_policy[messages_per_month]) if //if($member_policy[messages_per_month]>=$value_month) e0("Too many messages this month!"); $select_msg="select * from msend_msg where mid='$auth' and date='$dt1' "; $res_msg = mysql_query($select_msg); $count_msg= mysql_num_rows($res_msg); //SELECT * FROM msend_msg where date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH) //and inmate_id='$pro_id' $select_msg1="select * from msend_msg where mid='$auth' and month='$mon' "; $res_msg1 = mysql_query($select_msg1); $count_msg1= mysql_num_rows($res_msg1); //echo "Month count is:".$count_msg1; /*if($value_day>=$count_msg) { echo "Too Many Message Today"; }*/ //if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit' && $value_day<=$count_msg) if($value_month>$count_msg1){ if($value_day>$count_msg){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` , `ip`) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1', '$ip')"; $res1 = mysql_query($sql); //$sql="`members` ( `id`, `login` , `pswd` , `fname` , `lname` , `email` , `street` , `city` , `state` , `country` , `zip` , `phone` , `fax` , `status` , `rdate` ) VALUES ( '$mid', '$login', '$pswd_1', '$fname', '$lname', '$email', '$street', '$city', '$state', '$country', '$zip', '$phone', '$fax', '$mem_default_approval', '$dt1')"; //qi($sql); //if (!$mid) e2($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; //if (!$member_policy[provided_profiles]) e1(); //if (!$member_policy[send_message]) e1(); /* // folders management if (!$folder&&!$read) $show_compose=1; if (!$folder) $folder=1; $tim=time(); if ($target) if (is_array($selected)) for ($i=0;$i<count($selected);$i++) { $msgp=f(qs("* from messages where id=$selected[$i]")); if ($msgp[type]==1||!e(qs("id from mprofiles where id='$msgp[to]' and member='$auth'"))) if ($target==1) qd("messages where id='$selected[$i]'"); elseif ($target==2) qu("messages set status=2 where id='$selected[$i]'"); } //winks, kisses if ($wink) { $subject=$wink; $message=$wink; $send=1; } */ if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } /*$r=qs("* from mprofiles where name='$to'"); $sql="select p1.name, p2.name from mprofiles p1, mprofiles p2, pattitudes a, plist f where p1.id='$profile' and p1.id=f.pid and f.attitude=a.id and p2.name='$to' and p2.member=f.mid and a.attitude<-2"; if (!e(q($sql))) echo "<B>".l1("Message was blocked!")."</B>"; elseif (e($r)) echo "<B>".l1("Profile was not found !")."</B>"; else { $mem=f($r); $to=$mem[id]; $from=$profile; $pfrom=f(qs("* from mprofiles where id='$from'")); }*/ //rights verifications /*//messages per hour/day/month if ($member_policy[messages_per_hour]) if ($member_policy[messages_per_hour]<=mem_getstat($auth,1)) e0("Too many messages per hour!"); if ($member_policy[messages_per_day]) if ($member_policy[messages_per_day]<=mem_getstat($auth,2)) e0("Too many messages today!"); if ($member_policy[messages_per_month]) if ($member_policy[messages_per_month]<=mem_getstat($auth,3)) e0("Too many messages this month!"); //is friend (Sender of Receiver or Receiver of Sender) $rif=qs("id from friends where (pid='$from' and fid='$to') or (fid='$from' and pid='$to')"); $is_friend=0; if (!e($rif)) $is_friend=1;*/ // if (!$wink&&!$member_policy[send_message]&&!$is_friend) e0("No rights to send messages!"); /*if ($wink&&!($member_policy[wink]||$member_policy[kiss])) e0("No rights to quick message!"); //same type if ($mem[p1]==$pfrom[p1] && !$member_policy[message_same]) e0("No rights to message same type of profile!"); //paid messaging $message_cost=0; if (!$wink) $message_cost=$member_policy[message_sendcost]; else $message_cost=$member_policy[message_winkcost]; if ($message_cost) { include_once("money/money.lib.php"); if (account_has_credits($auth, $message_cost)) money_spend($auth, $message_cost, l1("Send Message"), $from, 6, $to); else e0("Insufficient credits!"); } if ($wink) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '2', '0', '$tim', '$subject', '$message')"); else qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '0', '0', '$tim', '$subject', '$message')"); if ($save_template) qi("`messages` ( `from` , `to` , `type` , `status` , `rdate` , `subject` , `message` ) VALUES ( '$from', '$to', '1', '0', '$tim', '$subject', '$message')"); echo "<b>"; if (!$is_friend) echo l1("Message was sent!"); else echo l1("Message was sent to friend!"); echo "</b><br>"; mem_incstat($auth,1); mem_incstat($auth,2); mem_incstat($auth,3); //Email notification if ($mem[p2]) $memi=f(qs("* from members where id='$mem[member]'")); */ $param=array( subject=>$subject, message=>$message, /* profile=>$mem[name], fname=>$memi[fname], lname=>$memi[lname], mail=>$memi[email], username=>$memi[login], password=>$memi[pswd], city=>$mem[city], country=>$mem[country], id=>$mem[id], sender=>$pfrom[name], // sender_link=>$ROOT_HOST."profile.php?profile_name=".$pfrom[name], loginlink=>$ROOT_HOST."login.php?username=$mem[login]&password=$mem[pswd]",*/ link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ //Number of messages sent last 30days $q1="SELECT * FROM msend_msg where mid='$_POST[auth]' and date >= DATE_SUB(CURDATE(), INTERVAL 1 MONTH)"; $r1 = mysql_query($q1); $num_msg_last30days= mysql_num_rows($r1); //messages sent current month $q2="select * from msend_msg where mid='$_POST[auth]' and month='$mon'"; $r2 = mysql_query($q2); $msg_sent_curmonth= mysql_num_rows($r2); //message limit per month $q3 = "Select value from prights where pid = '$_POST[auth]' and rid = '54'"; $r3 = mysql_query($q3); $row3 = mysql_fetch_array($r3); // count value per Month $msg_limit_monthly = $row3['value']; $msg_left=$msg_limit_monthly - $msg_sent_curmonth; echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; echo "Messages sent in last 30 days:$num_msg_last30days<br> Messages Left:$msg_left<br>"; } }//End day if else { echo "Too Many Message Today"; }//End of day else // test // /* $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.!")); echo "<br>"; }*/ }//End month if else{ echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; } // Month Condition /*if($value_month>$count_msg1){ $sql="Insert into `msend_msg` ( `mid` , `inmate_id` , `name` , `inmate_number` , `street` , `city`, `state`, `country`, `zip`, `message`, `date`,`month`,`print_status`, `status` ) VALUES ('$auth', '$pro_id' , '$name', '$inmate_number' , '$street', '$city', '$state', '$country', '$zip', '$message', '$dt1','$mon','0', '1')"; $res1 = mysql_query($sql); $sel = "Select email from members where id = '$auth'"; $res = mysql_query($sel); $row = mysql_fetch_array($res); $email = $row['email']; if ($message) { include("inc/wordsfilter.lib.php"); $message=addslashes(stripslashes(censorwords($message,3,1,1))); $subject="Message from ".$_POST['name']; } $param=array( subject=>$subject, message=>$message, link=>$ROOT_HOST ); $tpl_h="tpl/notification.html";$tpl_t="tpl/notification.txt"; if (file_exists("tpl/lang/$local_language/notification.html")) $tpl_h="tpl/lang/$local_language/notification.html"; if (file_exists("tpl/lang/$local_language/notification.txt")) $tpl_t="tpl/lang/$local_language/notification.txt"; $htmlmail1=join("",file($tpl_h)); $textmail1=join("",file($tpl_t)); $email = $email.",".$ADMIN_MAIL; send_html($ADMIN_MAIL, $email, parse_mail($subject,$param), parse_mail($textmail1,$param), parse_mail( $htmlmail1,$param)); if($_POST['send'] == '1' && $_POST['Submit'] == 'Submit'){ echo(l1("Letter has been submitted. Our clients either have paid for weekly or bi-weekly mailings of letters. We send out letters every Saturday.")); echo "<br>"; } } else { echo "Too Many Message This Month - View Member Upgrades to purchase more messages."; }*/ }//end else { echo "You Don't have right to send messages."; } } /*if ($mem[p4]) { $message=l1("New message was just received!"); qi("mproactive ( mid , type , rdate , message ) VALUES ('$mem[member]', '1', '$tim', '$message')"); echo(l1("Instant notification sent! Member will receive if online.")); } $to=""; $message=""; $subject=""; $ntm3k_ncd_directive=$verify; }; echo "<br></center>"; }*/ ?> <form action="send_message.php" method="post" enctype="multipart/form-data" > <input type="hidden" name="profile_id" value="<?=$pro_id?>"> <table align="center" width=100% cellpadding="1" cellspacing="1" border="<?=$tab_bd_size?>" bordercolor="<?=$color_tab_bd?>" bgcolor="<?=$color_tab_bkg?>"> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"><div align="center"> <p><strong><font size="3">Email A Inmate</font></strong></p> <p>Email a Inmate is a program where we collect letters to inmates and send them to the inmate twice a month. Inmates do not have access to emails, so we take the next step and print the letter and mail it to him/her via US Mail. As a registered user you are allowed up to four free "email a inmate" letters. If you desire more then four per month, please <a href="http://www.letterstoprison.com/membership.php">upgrade</a> your account. </p> <p><a href="http://support.letterstoprison.com/" target="_blank">If you have any questions, please contact customer support. </a></p> </div></td> </tr> <tr bgcolor="<?=$color_head_bk?>"> <td colspan="2"> <strong><img src="<?=t1i("icons16/message", "icons/messages.gif")?>" border="0" align="absmiddle"><font color="<?=$color_head?>" > <?=l1("Email a Prisoner - We print out your message and mail it to the inmate.")?> </font></strong></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td width="16%" bgcolor="<?=$color_light_bk?>"><?=(l1("Inmate Name"))?></td> <td width="84%" bgcolor="<?=$color_light_bk?>"><font size="1"><b> <?=$inmate_name?> #<?=$inmatenumber?> </b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Name"))?></td> <td><font size="1"><b> <?=$facility_name?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Facility Address"))?></td> <td><font size="1"><b> <?=$facility_address?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?></td> <td><font size="1"><b> <?=$inmate_city?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State"))?></td> <td><font size="1"><b> <?=$inmate_state?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?></td> <td><font size="1"><b> <?=$inmate_country?></b></font></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Zip"))?></td> <td><font size="1"><b> <?=$inmate_zip?></b></font></td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"> </td> </tr> <tr bgcolor="<?=$color_light_bk?>"> <td colspan="2"><p><strong> <?=(l1("From - Your Contact Information"))?> </strong></p></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Your Name"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <input name="name" type="text" id="name" value="<?=$wdet[name]?>" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Street Address"))?></td> <td><input name="street" type="text" id="street" size="64" maxlength="128" /></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("City"))?> </td> <td><input name="city" type="text" size="64" maxlength="128" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("State/County"))?> </td> <td><input name="state" type="text" id="state" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b><img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Country"))?> </td> <td><input name="country" type="text" id="country" size="64" maxlength="64" /> <? if ($mab_mod[Zones]) { ?> <a href="javascript: var locsel=window.open('location_popup.php?details_var=reg_zone', '_locationwindow', 'fullscreen=no,toolbar=no,status=no,menubar=no,scrollbars=no,resizable=no,directories=no,location=no,width=400,height=150'); locsel.focus();"><b> <img src="<?=t1i("icons16/world","interface/globe.gif")?>" border="0" align="absmiddle" /> <?=l1("Select")?> </b></a> <? } ?></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Postal/ZIP Code"))?> </td> <td><input name="zip" type="text" size="64" maxlength="16" /> </td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td><?=(l1("Message Detail"))?></td> <td bgcolor="<?=$color_tab_bk?>"> <p> <textarea name="message" cols="100" rows="12" id="message"><?=$wdet[message]?> </textarea> </p> <p align="center"><? echo "Your IP Address is tracked for security and fraud prevention. Your IP address is $ip"; ?> </p> <font size="-4">Max Message Length is 500 Characters </font></p> <p align="justify"><font size="-4">Disclaimer: Some states do not allow 3rd party letters. If a letter is returned to us, we will contact you via your email address on file. If in the past a letter has been returned, we will make a notation on the inmates profile. Each household is limited to one account. If more then one account is used to send more then the allowed letters, your account will be suspended till payment is made for the extra letters. Please limit mature content in your letters. Letters are subject to revier to verify terms of use are followed. </font></font></p></td> </tr> <? if ($mab_mod[Templates]){?> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2"><blockquote> <p> <?=h1("Send Message")?></p> </blockquote></td> </tr> <? }?> <tr align="center" valign=top bgcolor="f0f0f0"> <td colspan="2"><input name="send" type="hidden" id="send" value="1" /> <input type="submit" name="Submit" value="<?=l1("Submit")?>"> <input type="hidden" name="pid" value="<?=$pid?>"></td> </tr> <tr bgcolor="<?=$color_tab_bk?>"> <td colspan="2" bgcolor="<?=$color_light_bk?>"><a href="member_center.php"><img src="<?=t1i("icons32/account", "icons/account.gif")?>" border="1" align="absmiddle" /><<<?=l1("Account")?> </a></td> </tr> </table> </form> <? include("_footer.php");?> <script type="text/javascript"> <!-- function textCounter(field, countfield, maxlimit) { if (field.value.length > maxlimit) // if too long...trim it! field.value = field.value.substring(0, maxlimit); // otherwise, update 'characters left' counter else countfield.value = maxlimit - field.value.length; } // --> </script> At the very least, this should work as it did before any changes were made. Unless there is something in one of your "requires files listed at the top, this would work as before but provide enough stability that inappropriate usage would be limited since the script would only accept data from the form as opposed to the original version that allowed data to be sent through the URL instead. If this doesn't behave as expected, you'll need to either get the original programmer to fix it or find a new programmer to fix it. It would probably be cheaper to offer additional money to the original developer fix the problem. Handy PHP

function GetTotal() { return $this->totalsub() + $this->shipping(); } $total = GetTotal(); I hope this is what you needed, Handy PHP

Did you replace all of the $_REQUEST with $_POST? That is your biggest issue with blank entries.

So that ".LibStd" is a hidden folder... Most software automatically hides any files or folders on a server that start with a period. You'll have to manually type the directory name into your FTP client or filemanager. Most software that hides these folders and files have a setting to show such files if you turn it on. Usually, connection details are kept in the root under a file called config.php or something similar but since this script has a directory that has been purposefully hidden, it is probably in there. Good Luck, Handy PHP

Near the beginning of the script. It should act as the primary control structure for the script. Basically, the control statements (IF, ELSE, SWITCH, etc...) tell the rest of the script when to do what. IF the form was filled out, then use the code that adds the data to the database. ELSE, show the form again. I usually write script like this: [*]Define any variables used by the script that isn't automatically assigned. [*]Check form input to see if everything is filled out, is valid, and most importantly, safe for storage in the database. [*]Using the supplied data (from the URL query string, and form input, date, etc...) perform various functions or tasks to either get the user to input the required data or manipulate or store the data submitted. [*]Wrap up the script and close any open connections etc... You script has a lot of potential. You will find that there are extensive ways to modify it to perform better for you and your users. Good luck, Handy PHP

You have to use that password function for both in and out... If you insert the password using the password() function then you have to select the password using the same password() function. sql= "SELECT * FROM tablename WHERE password = PASSWORD('".$pass."')"; Or something similar. Hope this helps, Handy PHP

Generally, we only have to worry about 2 methods for form submission in PHP, POST and GET! In fact, the GET method actually forms those URL Query Strings you are familiar with so for now, we will consider the two methods like this: POST submits data to the server in a more secure way that is hidden to the average bystander. GET submits data and shows what is submitted in a URL query string for the user or anyone around to see. Obviously, we wouldn't submit something like a password using the GET method. Many search forms utilize the GET method to translate the information into the URL query string. So a textbox that is filled out has it's contents sent to the script using whatever method is specified in the form tag. Using cURL, you can have the server send either a POST or GET query to the target website's script. The target website won't know the difference but your script is actually reading the search results. It is up to you to tell your script where and what to search for and then how to process the data returned. For testing, you should just output whatever the server found to your browser to see that your script successfully connected to the other server and submitted the search request. My guess is that you want your script to go to the other website with a list of search parameters you want to cycle through and save the returned data to your website for your use. Likely, you need one function to get a list of links to items you want and another function to read each of those items. You have to know exactly what the search form submits and exactly how the search results are returned to be able to extract the links you need. Then you need to know exactly how the item detail page is layed out to extract the data you want. So, you use cURL to connect to a website and submit the search parameters you have. Cycling through an array of different search parameters would automate more of the task. Using regular expressions, extract the links to the items returned Save the extracted links in a database, file or an array Using cURL, visit each link and use regular expressions, extract the data you want Save the extracted data in a file, database, or an array. Hopefully, that will point you in the right direction. I suggest that you read this example for curl_setopt as it shows exactly how to use cURL to connect to another server from your own. Good Luck, Handy PHP

The short answer is this: Probably when you added the password to the database the first time you took the password and applied the MD5 hash to it the inserted it into the database kind of like this: $sql="INSERT INTO table_name (id, username, password) VALUES (1, ". $_POST['username'] . "," . MD5($_POST['password']) . ")"; So to check it; you use something like this: $sql="SELECT * FROM table_name WHERE username = . " $_POST[''] "." AND password = " . MD5($_POST['password']); You have to hash the password before you check it against what the server has stored. It isn't a bad idea to use a stronger hash as mention above or add a string to the password prior to hashing to make the system more secure. Hope this helps, Handy PHP