Tenaciousmug

<?php include("/home1/elvonica/public_html/intellectproductions/header.php"); ?> <script type="text/javascript"> function validateMe() { alert("hi!!"); var password = $('input#password').val(); alert(password); $.ajax( { type: "GET", url: "validation.php?password="+ password, data: "password="+ password, function(data) { if(data = "yes") { $("#post").fadeIn(); $("#validate").hide(); } else { alert("Could not validate."); } } }); } </script> <h1>Blog Entry</h1> <div class="forms"> <form action="validation.php" method="get" class="blog_form" id="validate"> <label>Staff Password: <span class="small">Only staff can post blogs.</span></label> <input type="password" name="password" class="input_text" id="password" /> <button type="button" class="submit" onclick="validateMe()">Validate Me</button> </form> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" class="blog_form" id="post"> <label>Blog Title:</label> <input type="password" name="password" class="input_text" /> <label class="label_textarea">Body:</label> <textarea name="body" class="input_textarea"></textarea> <input type="submit" name="post_blog" value="Post Blog" class="submit" /> <input type="submit" name="prev_blog" value="Preview Blog" class="submit" /> </form> </div> <?php include("/home1/elvonica/public_html/intellectproductions/footer.php"); ?> As you can see I have a function named "validateMe()" in my javascript code. And then on the onclick of the password validation form, it uses that function. Well I have test alerts saying Hiii and all this weird stuff, but it won't even pop up so it's not even reading my function on the onclick at all... And I already did the $(document)ready{function()}; or whatever it is and it still didn't work. I have a script similar to using a function on the onclick and I have it all set up. That one works and this one doesn't... With other javascript stuff such as simple hide and show work fine, but whenever I do an onclick, it doesn't work..

Nevermind! Just had to do this: if (isset($_POST['remove'])) { foreach ($_POST['msgid'] AS $msgid) { $msgid = $cxn->real_escape_string(htmlspecialchars($msgid); $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } }

Here is my code: if (isset($_POST['remove'])) { foreach ($_POST['msgid'] AS $msgid) { $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } } It works perfectly fine, but to prevent SQL Injection and XSS, I put this: if (isset($_POST['remove'])) { foreach ($cxn-real_escape_string(htmlspecialchars($_POST['msgid'])) AS $msgid) { $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } } But then it stops grabbing the value. :/ So... is there anyway I can prevent malicious attacks without preventing it from grabbing the value?

Ah. Alright, I changed that. (: But that still doesn't fix it from not working. I click the button and nothing happens still.

Ok here is my form: $sql = "SELECT storage.quantity, items.name, items.image, items.description, items.itemid FROM storage JOIN items USING(itemid) WHERE userid='".$_SESSION['userid']."' ORDER BY items.name LIMIT $offset, $rowsperpage"; $result = mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); $imagecount = 0; $tableOutput = ""; while ($row = mysqli_fetch_assoc($result)) //while there are still results { $imagecount++; $quantity = $row['quantity']; $name = $row['name']; $image = $row['image']; $description = $row['description']; $itemid = $row['itemid']; //Create TD $tableOutput .= "<tr>\n"; $tableOutput .= "<td width=\"50\" style=\"text-align:center;\">\n"; $tableOutput .= "<img src=\"http://www.elvonica.com/".$image."\"><br>"; $tableOutput .= $name."</td>\n"; $tableOutput .= "<td width=\"400\" style=\"text-align:center;\">".$description."</td>\n"; $tableOutput .= "<td width=\"50\" style=\"text-align:center;\">".$quantity."</td>\n"; $tableOutput .= "<td width=\"100\" style=\"text-align:center;\">\n"; $tableOutput .= "<button type=\"button\" onclick=\"removeOne(".$itemid.")\">Remove 1</button><br />\n"; $tableOutput .= "<button type=\"button\" onclick=\"removeAll(".$itemid.")\">Remove All</button>\n"; $tableOutput .= "</td>\n"; $tableOutput .= "</tr>\n"; } echo "<form action=\"storageprocess.php\" method=\"get\">\n"; echo "<table cellspacing=\"0\" class=\"news\" align=\"center\">\n"; echo "<tr>\n"; echo "<td width=\"50\" style=\"text-align:center;background-color:#EEEEEE;\"><b>Item</b></td>\n"; echo "<td width=\"400\" style=\"text-align:center;background-color:#EEEEEE;\"><b>Description</b></td>\n"; echo "<td width=\"50\" style=\"text-align:center;background-color:#EEEEEE;\"><b>Quantity</b></td>\n"; echo "<td width=\"100\" style=\"text-align:center;background-color:#EEEEEE;\"><b>Remove</b></td>\n"; echo "</tr>\n"; echo $tableOutput; echo "</table><br />\n"; echo "</form>\n"; Just ignore the PHP part of it. This is going through a while loop as you can see, but the function "removeOne()" and "removeAll()" has the itemid in the parantheses so the javascript can catch that value. But the problem is, that it's not even catching the function. One of the functions (removeOne) looks like this: <script> $(document).ready(function() { function removeOne(n) { alert("hi"); $.ajax( { type: "GET", url: "storageprocess.php?itemid="+ n, data: "itemid="+ n, success: function() { alert("Item has been moved to inventory."); } }); } }); </script> Just ignore the AJAX part. I put the alert("hi"); in the beginning to see if it's even catching the onclick and it's not. So I don't understand why the onclick isn't preparing the function.. Can anyone help me here?

Thank you for the explanation. (: May you explain this sentence: What do you mean with a second argument? So if I were to generate their password with the function I'm using. I would generate the password they type to login with the same function? And then compare them? But as you stated, it would generate a different hash each time so how do I prevent it from doing so?.. I'm so confused.

First off I want to know if this function works well: define('SALT_LENGTH', 9); function generateHash($plainText, $saluti=null) { if ($saluti==null) { $saluti = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $saluti = substr($saluti, 0, SALT_LENGTH); } return $saluti . sha1($saluti, $plainText); } plainText would be the password they type and saluti would be the new generated password. The question is how would I retrieve the password from the database when they login? I'm not too sure what's going on in this function since I'm just learning it so explanations would be awesome too..

How do I display these two inner joins in a while loop? $sql = "SELECT w.userid, w.itemid, i.itemid, i.image, h.itemid, h.gender, h.image, h.type FROM {wardrobe} w INNER JOIN {items} i ON w.itemid = i.itemid INNER JOIN {hawearables} h ON i.itemid = h.itemid WHERE w.userid='".$_SESSION['userid']."' AND h.type='Top'"; $result = mysqli_query($cxn, $sql); This is what I keep putting: $sql = "SELECT w.userid, w.itemid, i.itemid, i.image, h.itemid, h.gender, h.image, h.type FROM {wardrobe} w INNER JOIN {items} i ON w.itemid = i.itemid INNER JOIN {hawearables} h ON i.itemid = h.itemid WHERE w.userid='".$_SESSION['userid']."' AND h.type='Top'"; $result = mysqli_query($cxn, $sql); while ($row = mysqli_fetch_assoc($result)) { $image = $row['items.image']; $tableOutput = "<img src=\"http://www.elvonica.com/".$image."\">"; } But then I get this error:

Ok sorry got it to work. Just can't get the unhighlight and highlight the other one now. Here is my code: var prevId; function baseBorder(count) { if (prevId) { document.getElementById(count).style.border="none"; } else { document.getElementById(count).style.border="2px solid #E8272C"; prevId = count; } }

I am trying to add a border around the base they select and then when they select another one, I want the previous one to go away and then high light that one. This is my PHP code that outputs the bases: $gender = $_GET['gender']; // SQL Injection here? $sql = "SELECT * FROM habases WHERE gender='".$gender."'"; $result = mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); $baseCount = 0; while ($row = mysqli_fetch_assoc($result)) { $baseimage = $row['image']; $basesOutput .= "<input type=\"image\" id=\"".$baseCount."\" src=\"http://www.elvonica.com/".$baseimage."\" onclick=\"baseBorder(".$baseCount.");return false;\" value=\"".$baseimage."\" name=\"base\">"; $baseCount++; } I have a baseCount so each image ID is unique. The baseBorder() is the function that will change the border. Here is the baseBorder() function: var prevId; function baseBorder(count) { if (prevId) { $("#prevId").style.border="none"; } else { $("#count").style.border="2px solid #E8272C"; prevId = count; } } Can anyone help me out since it's not working?

Why don't you run $_SESSION instead of $_COOKIE? When they login, you can start a session of that user such as $_SESSION['userid']; And then at the top of every page have: session_start(); And that session will be carried out to every page that has the session_start() function at the top of their page. And then when they logout, you can destroy the session by: session_destroy();

No it won't create folders. You have to have that folder already existing before trying to submit anything to it.

Well you're probably backslashing the quotes wrong then. I don't see why you can't link them here. You gave a warning to those that they are adult sites. I'm not sure. You can message me if you want.

It's because there is no folder with that users id. You would have to create a folder with each user id.. Why don't you just try: members/$id_$newname If you have a slash after the $id, it is trying to find a folder with that id name and there is none because you would have to go and create a folder for each user

Can you show them to me? And to open a new window, you would want: target="_blank" when they click on the link. So it would be: echo "<a href=\"home.php\" target=\"blank\">Home</a>";

I'm still confused on what you are wanting. To backslash this link.. although I don't understand how it's a link since it's not a web page: rel=\"shadowbox;height=148;width=600\"

Why are you trying to add a target field? What is the purpose for it? And no problem! (: I was in your spot when I first started too.

Yup. The backslashes are basically just "skipping" over the quotations marks since you need those whenever you pull <a href="hello.php"> But you could just do this: echo "<a href='hello.php'>Hello</a>"; I just find it easier to escape them. (: And thanks!

<?php if(!isset($_SERVER['PHP_AUTH_USER'])) { echo "<a href=\"/members/index.php\">Login</a>"; } else { echo ""; } ?> I wasn't giving you the exact code. Just backslash the quotes like I did.

Try this: <?php if(!isset($_SERVER['PHP_AUTH_USER'])) { echo "<a href="/members/index.php">Login</a>"; } else { echo ""; } ?>

You're welcome! (: You can change how many results you wan to display per page. Just change the $rowsperpage variable.

I'm not sure if this is what he means, but I decided to try and help anyways: unlink("/home1/midwestcreativeconsulting/public_html/jhrevell/wp-content/themes/twentyten_3/upload/" . $location);

Oops forgot to fix that. But it still doesn't work. That's why it was like that because I was trying everything possible. :/ Does the page actually have to load or is it possible to show part of the page that was hidden after clicking a button and passing a value?

This should work: <?php //found out how many rows are in the table $sql = "SELECT COUNT(*) FROM news"; $result = mysqli_query($cxn, $sql); $row = mysqli_fetch_row($result); $num = mysqli_num_rows($result); $numrows = $row[0]; //number of rows to show per page $rowsperpage = 10; //finding total pages $totalpages = ceil($numrows / $rowsperpage); //getting the current page or setting a default if (isset($_GET['currentpage']) && is_numeric($_GET['currentpage'])) { //cast variable as integer $currentpage = (int) $_GET['currentpage']; } else { //default page number $currentpage = 1; } //if current page is greater than total pages if ($currentpage > $totalpages) { //set current page to last page $curentpage = $totalpages; } //if current page is less than the first page if ($currentpage < 1) { //set current page to first page $currentpage = 1; } //offset of the list $offset = ($currentpage - 1) * $rowsperpage; echo "<table width=\"590\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n"; //retrieving news information from table $query = "SELECT * FROM news WHERE published = '1' ORDER BY id DESC LIMIT $offset, $rowsperpage"; $result = mysql_query($query) or die(mysql_error()); while ($row = mysqli_fetch_assoc($result)) { echo "<tr>\n"; echo "\t<td colspan=\"2\"><h2>".$row['title']."</h2></td>\n"; echo "</tr>\n"; echo "<tr>\n"; echo "\t<td width=\"398\">".$row['story']."</td>\n"; echo "\t<td width=\"192\"><img src=\"".$row['image']."\" alt=\"".$row['shortstory']."\" width=\"192\" height=\"108\" /></td>\n"; echo "</tr>\n"; echo "<tr>\n"; echo "\t<td colspan=\"2\"><i><br />\n"; echo "\tPosted by ".$row['author']." on ".$row['date']."</i></td>\n"; echo "</tr>\n"; } echo "\t</table>\n"; //BUILDING PAGINATION LINKS //range of number of links to show $range = 3; echo "\t<p align=\"center\">"; //if not on page one, don't show back links if ($currentpage > 1) { //show link to go back to first page //echo "<a href=\"".$_SERVER['SCRIPT_NAME']."?currentpage=1\"><<</a>"; //get previous page number $prevpage = $currentpage - 1; //show link to go back a previous page echo "<a href=\"".$_SERVER['SCRIPT_NAME']."?currentpage=".$prevpage."\"><</a>"; } //loop to show links to range of pages around current page for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) { //if its a valid page number if (($x > 0) && ($x <= $totalpages)) { //if we're on the current page if ($x == $currentpage) { //highlight it, but dont make it a link echo "<b>".$x."</b>"; } else { //if not current page //make it a link echo "<a href=\"".$_SERVER['SCRIPT_NAME']."?currentpage=".$x."\">".$x."</a>"; } } } //if not on last page, show forward and last page links if ($currentpage != $totalpages AND $num == 0) { //get next page $nextpage = $currentpage + 1; //echo forward link for next page echo "<a href=\"".$_SERVER['SCRIPT_NAME']."?currentpage=".$nextpage."\">></a>"; //echo forward link for last page //echo "<a href=\"".$_SERVER['SCRIPT_NAME']."?currentpage=".$totalpages."\">>></a>"; } echo "</p>"; ?>

I think this belongs here, but my $_POST['gender'] won't grab the gender that was submitted through a form. I am using AJAX so the page doesn't have to reload so it can go in a smooth transition, but the AJAX is grabbing the value perfectly fine. I have a feeling the $_POST isn't grabbing the value because the page isn't reloading.. but I don't want to reload it. These codes are all on the same page. Here is my Javascript: <script> function chooseGender() { var gender = $('input[name=gender]:checked', '#submitgender').val(); if(gender) { $.ajax( { type: "POST", url: window.location.pathname, data: gender, success: function() { alert("You have chosen to be a " + gender); //It's grabbing it perfectly fine! $("#submitgender").hide(); //It hides the gender table so they can't choose a gender since they already have chosen one. $("#rest").fadeIn(); //Shows the other table that's labeled "rest" as it's ID so they can choose what base, eyes, etc for that specific gender they've chosen. } }); } else { alert('Select a gender.'); } } $(function tabs() { $( "#tabs" ).tabs(); }); </script> But here is the PHP inside the #rest table: <?php $gender = $_POST['gender']; $sql = "SELECT * FROM habases WHERE gender='".$gender."'"; $result = mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); print_r($sql); while ($row = mysqli_fetch_assoc($result)) { $baseimage = $row['image']; $baseskin = $row['skin']; echo "<img src=\"http://www.elvonica.com/".$baseimage."\" value=\"".$baseskin."\">"; } ?> And this is what I'm getting for the print_r: