jcbones

Log in Process session_start(); if(isset($_POST['login'])) { $user = mysql_real_escape_string(strip_tags($_POST['login'])); $sql = "SELECT * FROM `users` WHERE `username` = '$user'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 1) { $_SESSION['loggedin'] = 1; } else { $_SESSION['loggedin'] = 0; } } function protectPage() { if($_SESSION['loggedin'] == 1) { return; } else { header('Status: 200'); header('Location: http://mysite.com/login.php'); exit(); } return; } Protected Page <?php session_start(); protectPage(); ?> Or, something along those lines.

http://adminschoice.com/crontab-quick-reference

The only way to tell if the array is causing a problem, is to view the class. Is the function send() set up to take an array? If it isn't, then the function mail() is trying to send an email to the address of Array.

Are you asking how to make a Crontab? http://adminschoice.com/crontab-quick-reference

1. Are you sure you are getting multiple email addresses from the database? 2. It is either $i['mailaddress'] or you need to select MailAdd from the database. <<Answered 3. I assume $mail->send() supports array's. <<Asked. 4. Does your host allow multiple emails?

Here is the first 23 lines of -Karl- tidied up search.php WITH the echo of user id, and a redundant part of the Query string commented out. <?php echo 'USER ID: ' . $__user['id']; include("../../include/include.php"); require_supplier(); include("../../include/open.php"); echo '<meta name="keywords" content="" /> <title></title>'; include("../../include/navigation.php"); $query = "WHERE (Products.`Supplier ID` = '" . $__user["id"] . "' AND "; if ($_GET["q"] != "") { $query .= "Products.Name like '%" . escape($_GET["q"]) . "%' AND "; } // if ($_GET["supplier"] != "") { // $query .= "Products.`Supplier ID` = '" . escape($_GET["supplier"]) . "' AND "; // } if ($_GET["category"] != "") { $query .= "(Products.`Category ID` = '" . escape($_GET["category"]) . "' OR Products.`Subcategory ID` = '" . escape($_GET["category"]) . "' ) AND "; } $query .= "Products.Status != 'Deleted')";

De-bugged for Ken's big fingers //removed a nasty parentheses that would cause a syntax error. $metode = (isset($_POST['metode']) && $_POST['metode'] > -1 && $_POST['medode'] < count($search_fields))?$search_fields[$_POST['metode']]:$search_fields[0];

-Karl- is right 100%. If you don't want your links to look like "home.php?page=about-us". Then you have 2 options. Rebuild your pages, or make a .htaccess file, and use mod-rewrite. .htaccess RewriteEngine on RewriteRule ^sub-web/pages/(.*).php$ sub-web/index.php?page=$1

I've never had a script to fail a one line bracketless syntax for if/elseif/else statements. Although, I agree that it is good practice to use brackets for all if/else statements. I tested your getNormalImage() function, and it seems to work correctly. I cannot test your displayPhotos() function, but did see some problems with it. You can compare the changes I made, some may be redundant and not needed, but ... function displayPhotos(){ global $columns; generateThumbnails(); $act = 0; // Open the actual directory if ($handle = opendir(".")) { // Read all file from the actual directory while (false !== ($file = readdir($handle))) { // Check whether tha actual item is a valid file if (is_file($file) && ($file != '.' || $file != '..')){ // Check whether the actual image is a thumbnail if (strpos($file,'_th.jpg') !== false){ ++$act; if ($act > $columns) { echo '</tr><tr><td class="photo"><a href="'.getNormalImage($file).'" class="thickbox"><img src="'.$file.'" alt="'.$file.'"/></a></td>'; $act = 1; } else { echo '<td class="photo"><a href="'.getNormalImage($file).'"class="thickbox"><img src="><img src="'.$file.'" alt="'.$file.'"/></a></td>'; } } } } } } I see it is already fixed, but added this anyway. Since I spent time on it.

if(isset($_GET["u"])):

2 different databases? OR 2 different tables? Your post has 3 tables. $sql = "SELECT a.*,b.title,c.user FROM tbl_comments AS a LEFT JOIN tbl_posts AS b ON a.post = b.id LEFT JOIN user AS c ON c.id = b.user WHERE c.username = 'jwk811'";

1. Use table joins http://dev.mysql.com/doc/refman/5.0/en/join.html 2. Are you sure the database has the tables? 3. Are you sure the table is named users, and not user, or Users.

foreach() is used to process an array. $_POST is always an array. The ($_POST as $response_id => $response) simple tells the foreach loop that you want to grab the key as $response_id, and the value as $response. So if the name of your input was "letter" and you type in "q". The $response_id is "letter". The $response is "q".

<?php session_start(); if($_GET['userclickedbutton'] == 1) { $check = $_SESSION['timestamp']; $now = time(); if($now - $check >= 7200) { $_SESSION['timestamp'] = time(); //allow function } else { //deny function write error } } ?>

You can store dates as DATE with the format of YYYY-MM-DD. That will allow you to run MySQL's native date functions against that column.

Used Cagecrawler's db query, and added in some row styling. Each row is a different color, and call today rows are green. This is just to point you in the right direction. <?php $username="xxxxxxxx"; $password="xxxxxxxx"; $database="xxxxxxxx"; $con=mysql_connect(localhost,$username,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db($database, $con); $query = 'SELECT *, (NOW() - date_last_called) > call_frequency) AS call_today FROM call_tracker ORDER BY call_today DESC, date_last_called ASC;' $result=mysql_query($query); $i = 0; echo "<table border='1'>\n <tr>\n <th>Store</th>\n <th>Work Order</th>\n <th>Customer Name</th>\n <th>Contact Number</th>\n <th>Date Last Called</th>\n <th>Call Frequency</th>\n <th>Call Today</th>\n <th>Notes</th>\n </tr>\n"; while($row = mysql_fetch_array($result)) { $style = ((++$i % 2) = 0) ? 'style="background-color:#BFC8FF"' : 'style="background-color:#AAB2E2"'; $style= ($row['call_today'] == 1) ? 'style="background-color:#007F0E;color:#FFFFFF;"' : $style; $call = ($row['call_today'] == 1) ? 'Yes' : 'No'; echo "<tr $style>\n" . "<td>" . $row['location'] . "</td>\n" . "<td>" . $row['work_order'] . "</td>\n" . "<td>" . $row['customer_name'] . "</td>\n" . "<td>" . $row['contact_number'] . "</td>\n" . "<td>" . $row['date_last_called'] . "</td>\n" . "<td>" . $row['call_frequency'] . "</td>\n" . "<td>" . $call . "</td>\n" . "<td>" . $row['notes'] . "</td>\n" . "</tr>\n"; } echo "</table>\n"; ?> <html> <head> <title>Customer Call Tracker </title> </head> <body> <br> <form> <input type="button" onclick="window.location.href='form.php'" value="Add Record"></input> </form> <form action="del.php" method="post"> <input type="text" name="work_order" /> <input type="submit" value="Picked Up" /> </form> <form action="modify.php" method="get"> <input type="text" name="work_order" /> <input type="submit" value="Modify" /> </form> <form action="call.php" method="get"> <input type="text" name="work_order" /> <input type="submit" value="Call" /> </form> </body> </html>

http://www.php.net/manual/en/function.mail.php

You will need to post both of your files as they are now.

That doesn't make sense That means the $_SESSION['errors'] is being set, so the only thing that can be failing is the re-directing header. After header('Location: http://www.customer-url-here.com/test/rates.php'); add: die('You should have been redirected!');

NO, XSS is cross site scripting. When someone talks about it, it usually involves some kind of injection attack. But, anytime you are including, or scraping pages from one site to another, it is cross scripting.

You want a cross site code? <?php echo file_get_contents('http://www.google.com'); ?>

Is "zip" in "allowed_zip" contain 1 zip code per row, or does each row contain more than 1 zip code? ex: user_id | zip 1 | 28542 1 | 28555 or, 1 | 23542, 28555 Hope that makes sense. If it is the first, you could (UN-TESTED) $sql = "SELECT `companies`.`zip_code` FROM `companies`,`allowed_zip` WHERE (`companies`.`zip_code` = `allowed_zip`.`zip` AND `allowed_zip`.`user_id` = '$id') AND $search"; If it is the second, (UN-TESTED) $sql = "SELECT `companies`.`zip_code` FROM `companies`,`allowed_zip` WHERE (`companies`.`zip_code` IN(`allowed_zip`.`zip`) AND `allowed_zip`.`user_id` = '$id') AND $search";

What color is your table/page background? Is the CSS style a linked file, or in the header?

1 glaring problem I see is: line 55: echo statement; line 57: header function; Question: Would it not be better to have this pulled from a database? This way you could control the output without worry that someone will delete a cookies. Set IP's and dates to a table, if their IP isn't in the table, show the message and add the IP to the table. Although, as monkeytooth says, you cannot track anyone 100%.

session_start() has to be at the very top of the page, and before any echo's or regular HTML. So if your page starts with: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> Then the session start should be moved before it. <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">