3raser Posted June 30, 2010 Share Posted June 30, 2010 Why can I still post when the thread is locked? It's basically doing, if $locked==1 - You cannot post. Why won't it stop me from posting? <?php session_start(); ?> <style> a { color:black; font-weight:bold; } holder { width:600px; } table { width:600px; } </style> <?php session_start(); $session = $_SESSION['user']; $thread = $_GET['thread']; mysql_connect($mysql_host, $mysql_user, $mysql_password); mysql_select_db($mysql_database); $get_thread_exist = mysql_query("SELECT COUNT(id) FROM topics WHERE id='$id'"); $reply = $_POST['message']; $reply = mysql_real_escape_string($reply); $thread_post = $_POST['hidden']; $ip = $_SERVER['REMOTE_ADDR']; $date = date("M-D-Y"); $get_thread_lock = mysql_query("SELECT locked FROM topics WHERE id='$id'"); $locked = mysql_fetch_assoc($get_thread_lock); if(!$session) { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you must be logged in to access this page! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif(!$thread && !$thread_post) { echo "". $locked ."<center><div class='holder'><table border='1'><tr><td><center>You haven't selected a thread to reply to! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif(!$get_thread_exist) { echo "<center><div class='holder'><table border='1'><tr><td><center>You are trying to reply to a thread that doesn't exist! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif($locked==1) { echo "<center><div class='holder'><table border='1'><tr><td><center>This topic is locked! <a href='viewtopic.php?id=". $id ."'>Back to topic</a></center> <br/></td></tr></table></div></center>"; } elseif(!$reply) { echo "<center><div class='holder'><table border='1'><tr><td><center><form action='reply.php' method='POST'><br/>Message: <br/><textarea name='message' rows='20' cols='35' maxlength='3000'></textarea><br/><br/> <input type='hidden' value='". $thread ."' name='hidden'><input type='submit' value='Submit Post'></form></center> <br/></td></tr></table></div></center>"; } elseif(strlen($reply) >= 15) { mysql_query("INSERT INTO posts VALUES ('', '$ip', '$date', '$session', '$reply', '$thread_post')"); mysql_query("UPDATE users SET postcount = postcount + 1 WHERE username='$session'"); mysql_query("UPDATE topics SET replies = replies + 1 WHERE id='$thread_post'"); echo "<center><div class='holder'><table border='1'><tr><td><center>Your post has been posted! <a href='viewtopic.php?id=". $thread_post ."'>Go back to thread</a>.</center> <br/></td></tr></table></div></center>"; } else { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you need to have at least 15 characters in your post!</center> <br/></td></tr></table></div></center>"; } ?> Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted July 1, 2010 Share Posted July 1, 2010 Why would $locked ever equal 1? It's a result resource. Also, you have session_start() twice in your script. Quote Link to comment Share on other sites More sharing options...
squiblo Posted July 1, 2010 Share Posted July 1, 2010 try... elseif($locked=="1") Quote Link to comment Share on other sites More sharing options...
3raser Posted July 1, 2010 Author Share Posted July 1, 2010 Why would $locked ever equal 1? It's a result resource. Also, you have session_start() twice in your script. Because in the database it's a 1. Quote Link to comment Share on other sites More sharing options...
trq Posted July 1, 2010 Share Posted July 1, 2010 $locked is an array, try elseif($locked['locked'] == 1). Quote Link to comment Share on other sites More sharing options...
3raser Posted July 1, 2010 Author Share Posted July 1, 2010 $locked is an array, try elseif($locked['locked'] == 1). Oh, alright. Thank you. Quote Link to comment Share on other sites More sharing options...
3raser Posted July 1, 2010 Author Share Posted July 1, 2010 Nope, doesn't seem to work still. Quote Link to comment Share on other sites More sharing options...
trq Posted July 1, 2010 Share Posted July 1, 2010 Post your current code. Quote Link to comment Share on other sites More sharing options...
3raser Posted July 1, 2010 Author Share Posted July 1, 2010 <?php session_start(); ?> <style> a { color:black; font-weight:bold; } holder { width:600px; } table { width:600px; } </style> <?php session_start(); $session = $_SESSION['user']; $thread = $_GET['thread']; mysql_connect($mysql_host, $mysql_user, $mysql_password); mysql_select_db($mysql_database); $get_thread_exist = mysql_query("SELECT COUNT(id) FROM topics WHERE id='$id'"); $reply = $_POST['message']; $reply = mysql_real_escape_string($reply); $thread_post = $_POST['hidden']; $ip = $_SERVER['REMOTE_ADDR']; $date = date("M-D-Y"); $get_thread_lock = mysql_query("SELECT locked FROM topics WHERE id='$id'"); $locked = mysql_fetch_assoc($get_thread_lock); if(!$session) { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you must be logged in to access this page! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif($locked['locked'] == 1) { echo "<center><div class='holder'><table border='1'><tr><td><center>This topic is locked! <a href='viewtopic.php?id=". $id ."'>Back to topic</a></center> <br/></td></tr></table></div></center>"; } elseif(!$thread && !$thread_post) { echo "". $locked ."<center><div class='holder'><table border='1'><tr><td><center>You haven't selected a thread to reply to! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif(!$get_thread_exist) { echo "<center><div class='holder'><table border='1'><tr><td><center>You are trying to reply to a thread that doesn't exist! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif(!$reply) { echo "<center><div class='holder'><table border='1'><tr><td><center><form action='reply.php' method='POST'><br/>Message: <br/><textarea name='message' rows='20' cols='35' maxlength='3000'></textarea><br/><br/> <input type='hidden' value='". $thread ."' name='hidden'><input type='submit' value='Submit Post'></form></center> <br/></td></tr></table></div></center>"; } elseif(strlen($reply) >= 15) { mysql_query("INSERT INTO posts VALUES ('', '$ip', '$date', '$session', '$reply', '$thread_post')"); mysql_query("UPDATE users SET postcount = postcount + 1 WHERE username='$session'"); mysql_query("UPDATE topics SET replies = replies + 1 WHERE id='$thread_post'"); echo "<center><div class='holder'><table border='1'><tr><td><center>Your post has been posted! <a href='viewtopic.php?id=". $thread_post ."'>Go back to thread</a>.</center> <br/></td></tr></table></div></center>"; } else { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you need to have at least 15 characters in your post!</center> <br/></td></tr></table></div></center>"; } ?> Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted July 1, 2010 Share Posted July 1, 2010 Remove one of your session_start()'s. Won't fix the issue at hand, but you don't need two. Where are you defining the following variables: $mysql_host, $mysql_user, $mysql_password? You can't echo $locked as it's an array of results from a query: echo "". $locked ." ... "; You need to read up on working with databases. Do you even have a field/column in the table called 'locked'? Quote Link to comment Share on other sites More sharing options...
3raser Posted July 1, 2010 Author Share Posted July 1, 2010 Remove one of your session_start()'s. Won't fix the issue at hand, but you don't need two. Where are you defining the following variables: $mysql_host, $mysql_user, $mysql_password? You can't echo $locked as it's an array of results from a query: echo "". $locked ." ... "; You need to read up on working with databases. Do you even have a field/column in the table called 'locked'? Didn't notice the two session starts, thank you. Removed. Yes, I'm connecting to the database with the correct variables, I just decided to remove the MySQL details. The echo is from older code I left behind, removed. Yes, their is a row that is called locked. It is an integer. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted July 1, 2010 Share Posted July 1, 2010 An easy way to eliminate headaches and confusion down the road is to name your variables appropriately. For example: $session = $_SESSION['user']; If you, or somebody else for that matter, came across this variable 8,000 lines deep in your code, they wouldn't know what $session was. Instead, name it $user, or something that is related to the value. Just good practice. Okay .. I changed up some things to handle some errors so you (we) can see where you're at. <?php $get_thread_lock = sprintf(" SELECT `locked` FROM `topics` WHERE `id` = %d ", $id); // uncomment following line to view query; //echo "<pre>{$get_thread_lock}</pre>"; //uncomment me! // copy the query from your screen and paste directly into phpmyadmin to see if you are getting any results; // If yes, continue. If no results, check your table. if ($result = @mysql_query($get_thread_lock)) { if (mysql_num_rows($result) > 0) { $locked = mysql_fetch_assoc($get_thread_lock); if (!$session) { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you must be logged in to access this page! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif ($locked['locked'] == 1) { echo "<center><div class='holder'><table border='1'><tr><td><center>This topic is locked! <a href='viewtopic.php?id=". $id ."'>Back to topic</a></center> <br/></td></tr></table></div></center>"; } elseif (!$thread && !$thread_post) { echo "". $locked ."<center><div class='holder'><table border='1'><tr><td><center>You haven't selected a thread to reply to! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif (!$get_thread_exist) { echo "<center><div class='holder'><table border='1'><tr><td><center>You are trying to reply to a thread that doesn't exist! <a href='index.php'>Home</a></center> <br/></td></tr></table></div></center>"; } elseif (!$reply) { echo "<center><div class='holder'><table border='1'><tr><td><center><form action='reply.php' method='POST'><br/>Message: <br/><textarea name='message' rows='20' cols='35' maxlength='3000'></textarea><br/><br/> <input type='hidden' value='". $thread ."' name='hidden'><input type='submit' value='Submit Post'></form></center> <br/></td></tr></table></div></center>"; } elseif (strlen($reply) >= 15) { mysql_query("INSERT INTO posts VALUES ('', '$ip', '$date', '$session', '$reply', '$thread_post')"); mysql_query("UPDATE users SET postcount = postcount + 1 WHERE username='$session'"); mysql_query("UPDATE topics SET replies = replies + 1 WHERE id='$thread_post'"); echo "<center><div class='holder'><table border='1'><tr><td><center>Your post has been posted! <a href='viewtopic.php?id=". $thread_post ."'>Go back to thread</a>.</center> <br/></td></tr></table></div></center>"; } else { echo "<center><div class='holder'><table border='1'><tr><td><center>Sorry, you need to have at least 15 characters in your post!</center> <br/></td></tr></table></div></center>"; } } else { echo 'No records for ID: '. $id; } } else { trigger_error(mysql_error()); //remove when in production; } Keep in mind, if $session is not set, your: elseif($locked['locked'] == 1) will not execute. DISCLAIMER: Not tested. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.