Help with my forum problems

[Leveecius]

Hey guys, sorry to bother you again, I have a mini forum for my website that I'm trying to get to work.  I got the scripts from a working forum, and they are IDENTICAL on my site, but they aren't working.  The MySQL table is identical too.  So I know it is working because the other site (the one I got from a friend) works just fine, but mine keeps giving me an error.  Everytime I try to enter a new topic to post, it tells me I need to have a title, (to which I title was entered).  So I don't know why it's not working.  Can anyone give me some advice?  Here is my coding for it:

 

<?
session_start();  

if (!(isset($_SESSION["real_name"])))
{
//echo "I'm not logged in";
header('Location: index.php');
}
else
{
echo "";
}


?>



<html>
<head>
<title>Criminal Gangsters</title>
<style type="text/css">
<!--
.style4 {color: #FF0000}
.style5 {color: #0000FF}
-->
</style>
</head>
    	<link REL="stylesheet" TYPE="text/css" HREF="main.css">

<script language=javascript src=Menus.js></script>

<body background="wallpaper.jpg">
<center> 
<table border="0" cellspacing="0" cellpadding="0" align="center" width="95%" class="cat">

<TR> 

<TD width="150" background="tdbg3.jpg" bgcolor="#222222" valign="top">
<?php include("leftmenu.php");?>
</TD>
  
    <td width="100%" valign="top">	<br>	


<?php

if ($rankpoints >= 4500){

include "includes/db_connect.php";
include "bb.php";



$delete = strip_tags($_GET['delete']);
if($delete && $userlevel>=5) {
mysql_query("DELETE FROM forum_question WHERE id='$delete'");
}


$sticky = strip_tags($_GET['sticky']);
if($sticky && $userlevel>=5) {
mysql_query("UPDATE forum_question SET sticky = '1', important = '0' WHERE id='$sticky'");
}

$unsticky = strip_tags($_GET['unsticky']);
if($unsticky && $userlevel>=5) {
mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unsticky'");
}

$important = strip_tags($_GET['important']);
if($important && $userlevel>=5) {
mysql_query("UPDATE forum_question SET sticky = '0', important = '1' WHERE id='$important'");
}

$unimportant = strip_tags($_GET['unimportant']);
if($unimportant && $userlevel>=5) {
mysql_query("UPDATE forum_question SET sticky = '0', important = '0' WHERE id='$unimportant'");
}

$lock = strip_tags($_GET['lock']);
if($lock && $userlevel>=5) {
mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock'");
}

$userlock = strip_tags($_GET['userlock']);
if($userlock) {
mysql_query("UPDATE forum_question SET locked='1' WHERE id='$lock' AND username='$username'");
}

$unlock = strip_tags($_GET['unlock']);
if($unlock && $userlevel>=5) {
mysql_query("UPDATE forum_question SET locked='0' WHERE id='$unlock'");
}

if ($_POST['Submit'] && strip_tags($_POST['title']) && strip_tags($_POST['content'])){

$topic = $_POST['title']; 
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
echo "<font color=red><b>You have been muted!</b></font><br><br>";  
} 
else
{
$query=mysql_query("SELECT FROM forum_question ORDER by id DESC LIMIT 40");
$info = mysql_fetch_object($query);

if ($info->title == "$topic"){

echo "There is already a topic with this title!";

}else{

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));

$datetime=date("d/m/y h:i:s"); //create date time

if ($title == ""){

echo "You must add a title!";

}else{

mysql_query("UPDATE forum_question SET new='0' WHERE new='1'");

if ($title !="" && $content !=""){

$sql="INSERT INTO forum_question(title, content, datetime, username, place, lastreply)VALUES('$title', '$content','$datetime', '$username', 'main', '$time')";
$result=mysql_query($sql);

}
}}}}

mysql_query("DELETE FROM forum_question WHERE title=''");

 

Anyone?

[Leveecius]

sorry, here is my error:

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/klrbal/public_html/Mafia-test/Forum.php on line 112

You must add a title!

[cags]

I've not looked at your first posting of code, but the error message means exactly what it says on the tin. The value you are sending to mysql_fetch_object is not a valid resource.9 times out of ten this is caused by you accidentally passing the wrong variable, such as the query string instead of the result of mysql_query() or by the query failing due to a syntax error. I suggest that on the line after the query that is failing you echo out the query your sending to the database and mysql_error().

[kickstart]

Hi

 

The code around line 112 is:-

 

$query=mysql_query("SELECT FROM forum_question ORDER by id DESC LIMIT 40");
$info = mysql_fetch_object($query);

 

You appear not to have either specified the columns you want back or have used * to get all columns. Result is the SQL is invalid and the fetch fails.

 

All the best

 

Keith

[Leveecius]

ok I added the * to my fetch, and now I get an error that still tells me I need to have a title. :S  Even as a title is being added, it seems as though it's not reading it.   If anyone wants, they can check it out themselves (mafia-test.klrbaltdomain.com)  I'm lost on the matter.  I don't know where to go.  Like I stated before, the exact same scripting works on a different game I have as well, so I don't know why it's not working.

[cags]

if ($title == ""){

echo "You must add a title!";

}else{

 

That is why you get the message all the time. At no point in your script do you seem to give $title a value.

[Leveecius]

if ($title == ""){

echo "You must add a title!";

}else{

 

That is why you get the message all the time. At no point in your script do you seem to give $title a value.

 

Would that be right though?  If no title is entered (which is what is shown) then it echos I need to have a title.

[cags]

You don't at any point assign the variable $title a value. Regardless of what the user types in $title will never have a value. If title is the name of an input on the form then you will need to use $title = $_GET['name'] or $title = $_POST['name']. $title will only get set automatically if you rely on the horrible register_globals setting being set to on.

[Leveecius]

ok, so I should change that then right?  If I had a way to show you the entire code I would and ask if you could see what is wrong with it.  I just find it funny that it runs fine on my other site and not this one.  so I should make it the _POST then right?

[cags]

Let's say this is our form...

 

<form action="" method="post">
<input type="text" name="name" />
<input type="text" name="password" />
<input type="submit" name="submit />
</form>

 

If register_globals is enabled on a server, PHP essentially does this for you...

 

$name = $_POST['name'];
$password = $_POST['password'];
$submit = $_POST['submit'];

This has huge security implications though, so generally speaking register_globals should be disabled. When it is disabled, tyring to use $name will result in using a NULL value as the variable doesn't exist. So you should either manually assign $_POST['name'] to $name, or just check empty($_POST['name']) instead of checking $name == "".

[Leveecius]

lol sorry I'm lost.  So instead of if ($title == ""), I should make it if ($title == $_POST['name'])?

[cags]

No. I'll put this as simply as I think it can be put. This all assumes that the method of your form is set to to post.

 

If you wish to check the value of any item entered by a user you check $_POST['name_of_input'], where name_of_input is the value of the name attribute in an input node (<input type="text" name="name_of_input" />.

[Leveecius]

wow, so basically I need to re-write my entire script to make it work on my new server?  Both run the same MySQL and PHP versions too.  :'(

[cags]

They may have the same versions, but by the sounds of it they don't have the same settings in the php.ini

[Leveecius]

Is there any way of changing it that you know of?  Reason being is I'm moving from a freehost domain to my own paid domain :S

[cags]

It's certainly possible if you have access to change the php.ini but enabling register_globals is a really bad idea, because it will automatically create a variable for every item in the $_POST array and a hacker can insert whatever name they like into your $_POST array. It's really not that complicate to fix. Anywhere you used to use $title you simply use $_POST['title'] instead.

[Leveecius]

ok, but just for title?  Or should I do it for username, topic, and other stuff, or just title?

 

I changed it and got this:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/klrbal/public_html/Mafia-test/Forum.php on line 114

 

Here is the code:

$topic = $_POST['title']; 
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
echo "<font color=red><b>You have been muted!</b></font><br><br>";  
} 
else
{
$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");
$info = mysql_fetch_object($query);

if ($info->title == "$_POST['title']"){

echo "There is already a topic with this title!";

}else{

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));

$datetime=date("d/m/y h:i:s"); //create date time

if ($title == ""){

echo "You must add a title!";

 

Any ideas?

[seventheyejosh]

I just glanced, but it looks like register_globals strikes again

[Leveecius]

How do I change this? :S

[runnerjp]

Give this a wack

 

<?php
$topic = $_POST['title'];
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
echo "<font color=red><b>You have been muted!</b></font><br><br>"; 
}
else
{
$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");
$info = mysql_fetch_object($query);

if ($info->title == $topic){// you allready had $topic set so why not just use that and make life easyer 

echo "There is already a topic with this title!";

}else{

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));

$datetime=date("d/m/y h:i:s"); //create date time

if ($title == ""){

echo "You must add a title!";
}
} // you missed this
}// and this.... make sure you braces are closed

?>

 

really hope this helps ( please look at changes noted on script)

[kickstart]

I changed it and got this:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/klrbal/public_html/Mafia-test/Forum.php on line 114

 

The fix above is the best solution. The actual problem with the mod you tried is that you have put:-

 

if ($info->title == "$_POST['title']"){

 

when you need:

 

if ($info->title == $_POST['title']){

 

As to register globals, it can leave security issues open easily.

 

Imagine the following code:-

 

if ($variableFromDb = "Admin")
{
$Admin = 'yes';
}
.....
if ($Admin == 'yes')
{
//delete stuff from database
}

 

If register globals is on then someone could add a field called Admin to the form and be processed as though they are an administrator. It would be trivial in this case to avoid the issue (just initialise $Admin), but hope this explains the kind of problems it can allow.

 

All the best

 

Keith

[Leveecius]

Tried that, tried to open my forum page and got this:

 

Parse error: syntax error, unexpected T_ELSE in /home/klrbal/public_html/Mafia-test/Forum.php on line 131

 

Here is the coding:

$topic = $_POST['title'];
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername=$_SESSION["real_name"];
$time=time();

if ($mute == 1)
{
echo "<font color=red><b>You have been muted!</b></font><br><br>"; 
}
else
{
$query=mysql_query("SELECT * FROM forum_question ORDER by id DESC LIMIT 40");
$info = mysql_fetch_object($query);

if ($info->title == $topic){// you allready had $topic set so why not just use that and make life easyer 

echo "There is already a topic with this title!";

}else{

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));

$datetime=date("d/m/y h:i:s"); //create date time

if ($title == $_POST['title']){

echo "You must add a title!";
}
} // you missed this
}// and this.... make sure you braces are closed

else{

mysql_query("UPDATE forum_question SET new='0' WHERE new='1'");

if ($$_POST['title'] !="" && $content !=""){

 

That is lines 99 - 133

[Coreye]

You're missing the closing bracket for this else:

echo "There is already a topic with this title!";

} else {

$fetch = mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$ownusername'"));

Try this:

<?php
$topic = $_POST['title'];
$detail = $_POST['content'];
$topic = strip_tags($topic);
$detail = strip_tags($detail);
$ownusername = $_SESSION["real_name"];
$time = time();

if ($mute == 1)
{
	echo "<font color=red><b>You have been muted!</b></font><br /><br />";
}
else
{
	$query = mysql_query("SELECT * FROM `forum_question` ORDER BY `id` DESC LIMIT 40");
	$info = mysql_fetch_object($query);

if ($info->title == $topic)
{// you allready had $topic set so why not just use that and make life easyer 
	echo "There is already a topic with this title!";
}
else
{
	$fetch = mysql_fetch_object(mysql_query("SELECT * FROM `users` WHERE `username` = '" . $ownusername . "'"));
$datetime = date("d/m/y h:i:s"); //create date time

if ($title == $_POST['title'])
{
	echo "You must add a title!";
	}
}
}

[kickstart]

Hi

 

Sounds like you still have some missing / extra curley braces to start / end if statements. To trace that down you need the full listing, and it would be FAR easier if you used some consistant indentations.

 

Also why have you got if ($$_POST['title'] !="" && $content !=""){ ?

 

All the best

 

Keith

[Leveecius]

Let me go ahead and say now, I appreciate the help guys.  I'm sorry for all the troubles.  I'm still kinda new to php coding (as you can probably see) but I'm trying to learn.  I can now see everything on my page, and it submits my topics, but it doesn't write them to anything.  it just refreshes the page. :S  So I don't know where to go on that one.