FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Problem with Member system(or template) and $_GET[id]





Diablosblizz
Okay, I just recently coded a new template, and I don't know what's wrong or maybe it's something with the member system, but anyways here I go.


Whenever I use the $_GET[id] tag on any page to carry the id onto a different case I always get logged out of my member system, which I didn't code.

So... I so badly want to know why the $_GET[id] tag is making the login system logout! It happens for each page that has the get thing, and It's starting to tick me off. I am only going to post a page that has the $_GET[id] tag and it makes me logout:

Code:
<?php
session_start(); //allow sessions
include("pbb.php");
include("config.php"); //get config
include("rasist.php"); // RASIST CHECK (Y)
if(!$logged[username]){ //check if user is logged in
echo "<b>Error</b>: You Are Not Logged In!"; //if user isn't
}else{ //lor if they are..
switch($_GET[page]){ //make some links ?page=case
default: //set up the default page upon going to pms.php
$msgs = mysql_query("SELECT * FROM privates WHERE `to` = '$logged[username]' ORDER BY `pid` ASC") or die(mysql_error()); //get all the messages to the loged in user
echo "<a href='pms.php?page=compose'>Compose Message</a>
<a href='pms.php?page=delall'>Delete All Messages</a><BR><BR>

Here are your messages:"; //echo the start5 table and create msg link/delete all links!
$total = mysql_num_rows($msgs); //get the total messages to the user
if($total == "0"){ //check if there are messages or not
echo "<BR>You Have No New Messages!"; //no new messages
}else{ //or if there are messages
while($r = mysql_fetch_array($msgs)){ //repeat for all the messages
echo "<BR>
- <a href='pms.php?page=view&id=$r[pid]'>$r[subject]</a> - <B>From</b>: $r[from] - <b>Status</b>: $r[status] - <a href='pms.php?page=delete&id=$r[pid]'>Delete</a>"; //echo the messages
} //end while
} //end message amount check
echo "</table>"; //end table
break; //end the default page
case 'view': //define the view page
$id = (int) htmlspecialchars(strip_tags($_GET[id])); //make the ID safe
if(!$id){ //if there is no ID to select
echo "<a href='pms.php'>Go Back</a>No ID Selected!"; //echo the error
}else{ //or if there is....
$select = mysql_query("SELECT * FROM privates WHERE pid = '$id';"); //get the message's info
$msg = mysql_fetch_array($select); //select all data
if($msg[to] != $logged[username]){ //check if the user logged in is the owner of the message
echo "<a href='pms.php'>Go Back</a>This Message Was Not Sent To You"; //if not
}else{ //maybe...
if(!$_POST[reply]){ //if the reply was not submitted
$mark = mysql_query("UPDATE privates SET status = 'Read' WHERE pid = '$id'") or die(mysql_error()); //mark it as Read
$message = nl2br(stripslashes($msg[content])); //make new lines to  and strip the slashes
$subject = stripslashes($msg[subject]); //strip the slashes
echo "<a href='pms.php'>Go Back</a>
<form method='post' action='?page=reply'>
<dl style='margin: 0px;'>
<input type='hidden' name='subject' value='$subject'><dt><b>Subject</b>: $subject</dt>
<input type='hidden' name='from' value='$msg[from]'><dt><b>From</b>: $msg[from]</dt>
<dt><b>Sent</b>: $msg[date]</dt><BR>
<dt><b>Message</b>: <BR>$message</dt><BR><BR>
<B>Reply</b>:<BR>
<dt><textarea rows='6' cols='45' name='msg'></textarea><BR>
<input type='submit' name='reply' value='Reply'></dt>
</dl>
</form>"; //echo the message and reply box.
}else{ //if the form was submitted
$to = $msg[from]; //get who it is to
$from = $logged[username]; //who its from
$subject = "RE: ".$msg[subject]; //new subject
$msg = addslashes($_POST[msg]); //the content
$date = date("F j, Y, g:i a"); //the date sent
$do = mysql_query("INSERT INTO `privates` (`to`,`from`,`date`,`subject`,`content`) VALUES ('$to','$from','$date','$subject','$msg')") or die(mysql_error()); //insert into the table!
echo "Message Sent!"; //the message was sent
} //end reply check
} //end check posession
} //end id check
break;
case 'compose': //create a new message
if(!$_POST[send]){ //if the form was not submitted
echo "<a href='pms.php'>Go Back</a>
<form method='post' action=\"\">
<b>To</b>:<Br />"; //echo some of the form and whatnot
if(isset($_GET[user])){ //check if there is a user in the address bar
echo "<input type='text' name='to' value='$_GET[user]' size='15'><BR>"; //if there is
}else{ //or not..
echo "<input type='text' name='to' size='15'><BR>"; //echo the input box without the value of the user!
} //end user check in address bar
echo "<b>Subject</b>:<BR>
<input type='text' name='title' value='Unitiled Message' size='15'><BR>
<b>Content</b>:<BR>
<textarea name='message' rows='6' cols='45'></textarea><BR>
<input type='submit' name='send' value='Send Message'>
</form>"; //echo the rest of the form
}else{ //or if it was....
$to = stripslashes(htmlspecialchars(strip_tags($_POST[to]))); //who its to
$from = $logged[username]; //who its from
$date = date("F j, Y, g:i a"); //the date sent
$msg = rasist(BBCODE(addslashes($_POST[message]))); //the message variable
$subject = addslashes($_POST[title]); //the subject
$do = mysql_query("INSERT INTO `privates` (`to`,`from`,`date`,`subject`,`content`) VALUES ('$to','$from','$date','$subject','$msg')") or die(mysql_error()); //insert into the table!
echo "<meta http-equiv='refresh' content='2;url=pms.php'>Message Sent!";
} //end sent check
break; //end make new msg
case 'delall': //delete all page
$get = mysql_query("SELECT * FROM `privates` WHERE `to` = '$logged[username]'"); //get the private messages
if(mysql_num_rows($get) == "0"){
    echo "You Have No Messages To Delete!";
}else{
$delete = mysql_query("DELETE FROM `privates` WHERE `to` = '$logged[username]';"); //delete tehm
    if(!mysql_error()){ //check if theres a mySQL error
        echo "<meta http-equiv='refresh' content='2;url=pms.php'>Messages Deleted"; //success
    }else{ //or not
        echo "mySQL Error Encountered!";
    } //end error check
} //end msg check
break; //end page
case 'delete': //start the delete page!
$id = (int) htmlspecialchars(strip_tags($_GET[id])); //make the ID safe
if(!$id){ //if there is no ID to select
echo "<a href='pms.php'>Go Back</a>No ID Selected!"; //echo the error
}else{ //or if there is....
$select = mysql_query("SELECT * FROM privates WHERE pid = '$id';"); //get the message's info
$msg = mysql_fetch_array($select); //select all data
if($msg[to] != $logged[username]){ //check if the user logged in is the owner of the message
echo "<a href='pms.php'>Go Back</a>This Message Was Not Sent To You"; //if not
}else{ //maybe...
$do = mysql_query("DELETE FROM privates WHERE pid = '$id'") or die(mysql_error());
echo "Message Deleted!<BR><a href='pms.php'>Go Back</a>";
} //end check possession
} //end id check
break; //end the delete page!

case 'reply':
$gsub = $_POST[subject];
$gto = $_POST[from];
$gdate = date("F j, Y, g:i a");
$gmess = rasist(BBCODE($_POST[msg]));
$gfrom = $logged[username];
$gsub2 = "RE: $gsub";

$replyyay = mysql_query("INSERT INTO `privates` (`to`,`from`,`date`,`subject`,`content`) VALUES ('$gto','$gfrom','$gdate','$gsub2','$gmess')");
echo "<meta http-equiv='refresh' content='2;url=pms.php'>Message Sent!";
} //end switch/get
} //end login check
?>


Sorry, I know it's big, but I really want to figure this out. The member system logs me out whenever I go to the 'view' case, then it will log me out, no matter what. Like I said before it is because of the $_GET[id].

But WHY?!

Does anybody have any suggestions? Thank you!
virre
shouldn't you write

Code:

$_GET['id']?
BlueVD
virre wrote:
shouldn't you write

Code:

$_GET['id']?

Virre is wright: all of the _GET array indexes are strings. You are trying to use constants. Enclose all of the strings in quotes. Otherwise, you'll have some nasty errors later on.
Diablosblizz
Nope, it still logs me out, I changed the $_GET[id]'s to $id and changed the $id tag to $_GET['id'];

Code:
<?php
ob_start();
include("../members/config.php");
include("../members/forums/bbcode.php");

switch($_GET['page']) {

default:
$query2 = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC");
$query = mysql_query("SELECT * FROM `news`");
$num = mysql_num_rows($query);

if($num == 0) {
echo '<div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; // message goes here
        echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><center><i>No news found in database.</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
} else {
while($news = mysql_fetch_array($query2)) {
echo '<div align="center"><table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; echo $news[subject]; echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><font size="1"><center>';
if($news[img]) {
echo "<img src='$news[img]'><BR><BR>$news[shortmsg]";
} else {
   echo $news[shortmsg];
   }
if($news[message]) {
    echo '<BR><BR></i></i>'; echo "$news[date] | $news[by] | <i><a href='?page=readmore&id=$news[id]'>Read more</a></i>"; echo '</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>';
} else {
echo '<BR><BR>'; echo "$news[date] | $news[by]</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>";
}
}
}
break;

case 'readmore':
$id = $_GET['id'];
$newsie1 = mysql_query("SELECT * FROM `news` WHERE `id` = '$id'");
$newsie = mysql_fetch_array($newsie1);
echo '<div align="center"><table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">';
        echo $newsie[subject]; echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><font size="1"><center>';
          
if($newsie[img]) {
echo "<img src='$newsie[img]'><BR><BR>$newsie[message] <BR><BR>$newsie[date] | $newsie[by]";
} else {
   echo "$newsie[message]<BR><BR>$newsie[date] | $newsie[by]          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>";
}
$comment = mysql_query("SELECT * FROM `comments` WHERE `news_id` = '$id'");
$numa = mysql_num_rows($comment);
if($numa = 1) {
while ($comments = mysql_fetch_array($comment)) {
echo '</table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR><div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; echo $comments[by]; echo ' Commented: </span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td>';
           echo "<font size=\"1\"><BR>$comments[message]<BR><BR><center>$comments[date]</center>"; echo '</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';   
}
}

echo '</table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>
  <div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">Add A Comment</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>

          <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>';
            echo "<form action=\"?page=postc&id=$id\" method=\"post\">"; echo '
              <td><font size="1">Name: <input type="text" name="name" value=';
if($logged[username]) {
echo "\"$logged[username]\">";
} else {
echo "\"\">";
} echo '
<br>
<input type="hidden" name="hidden" value="'; echo "$id"; echo '">
<textarea cols="40" rows="6" id=commentsbox name="comments"></textarea><br />
<input type="submit" name="submit" value="Submit"> </td>
            </center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
break;

case 'postc':
$id = $_POST[hidden];
$name = $_POST[name];
$message = $_POST[comments];
$date = date("l jS F Y  h:i A");

$post = mysql_query("INSERT INTO `comments` (`by`, `message`, `news_id`, `date`) VALUES ('$name','$message','$_POST[hidden]','$date')");
echo '
<div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">Comment Posted.</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><center><a href="javascript:history.back();" target=\'content\'>Go back</a></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
break;
}
echo "<center>Please note that if you are logged in to the member system while viewing the news you WILL be logged out. Sorry for the inconvenience.</center>";
?>
<style type="text/css">
<!--
body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
.title {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #FFFFFF;
   font-weight: bold;
}
-->
</style>
</head><body></body>


I added the quotes around page:
switch ($_GET[page])

Because it still has the $_GET, and it still logs me out. Why? :S
virre
All your $_POST and $_GET needs to be formated as the thing in brackets are a string

(i.e $gsub = $_POST['subject']; )

Try to echo out each variable at see if it is what you think it is. That will make it a bit easyer to find the bugs...
Diablosblizz
Everything echo's out fine! It posts what it's suposed to post.

Code:
<?php
session_start();
include("../members/config.php");
include("../members/forums/bbcode.php");

switch($_GET['page']) {

default:
$query2 = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC");
$query = mysql_query("SELECT * FROM `news`");
$num = mysql_num_rows($query);

if($num == 0) {
echo '<div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; // message goes here
        echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><center><i>No news found in database.</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
} else {
while($news = mysql_fetch_array($query2)) {
echo '<div align="center"><table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; echo $news[subject]; echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><font size="1"><center>';
if($news[img]) {
echo "<img src='$news[img]'><BR><BR>$news[shortmsg]";
} else {
   echo $news[shortmsg];
   }
if($news[message]) {
    echo '<BR><BR></i></i>'; echo "$news[date] | $news[by] | <i><a href='?page=readmore&id=$news[id]'>Read more</a></i>"; echo '</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>';
} else {
echo '<BR><BR>'; echo "$news[date] | $news[by]</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>";
}
}
}
break;

case 'readmore':
$id = $_GET['id'];
$newsie1 = mysql_query("SELECT * FROM `news` WHERE `id` = '$id'");
$newsie = mysql_fetch_array($newsie1);
echo '<div align="center"><table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">';
        echo $newsie[subject]; echo '</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><font size="1"><center>';
          
if($newsie[img]) {
echo "<img src='$newsie[img]'><BR><BR>$newsie[message] <BR><BR>$newsie[date] | $newsie[by]";
} else {
   echo "$newsie[message]<BR><BR>$newsie[date] | $newsie[by]          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>";
}
$comment = mysql_query("SELECT * FROM `comments` WHERE `news_id` = '$id'");
$numa = mysql_num_rows($comment);
if($numa = 1) {
while ($comments = mysql_fetch_array($comment)) {
echo '</table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR><div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">'; echo $comments[by]; echo ' Commented: </span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td>';
           echo "<font size=\"1\"><BR>$comments[message]<BR><BR><center>$comments[date]</center>"; echo '</i></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';   
}
}

echo '</table></td>
        </tr>
      </table></td>
    </tr>
  </table></div><BR><BR>
  <div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">Add A Comment</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>

          <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>';
            echo "<form action=\"?page=postc&id=$id\" method=\"post\">"; echo '
              <td><font size="1">Name: <input type="text" name="name" value=';
if($logged[username]) {
echo "\"$logged[username]\">";
} else {
echo "\"\">";
} echo '
<br>
<input type="hidden" name="hidden" value="'; echo "$id"; echo '">
<textarea cols="40" rows="6" id=commentsbox name="comments"></textarea><br />
<input type="submit" name="submit" value="Submit"> </td>
            </center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
break;

case 'postc':
$id = $_POST['hidden'];
$name = $_POST['name'];
$message = $_POST['comments'];
$date = date("l jS F Y  h:i A");

$post = mysql_query("INSERT INTO `comments` (`by`, `message`, `news_id`, `date`) VALUES ('$name','$message','$id','$date')");
echo '
<div align="center">
  <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

        <tr>
          <td width="1%" align="left" valign="top"><img src="images/blue_top_left.gif" width="7" height="7" /></td>
          <td width="98%" background="images/blue_top.gif"></td>
          <td width="1%" align="right" valign="top"><img src="images/blue_top_right.gif" width="7" height="7" /></td>
        </tr>
        <tr>
          <td background="images/test.png" style="background-repeat: repeat-y; background-color: #305F7F"></td>
          <td bgcolor="#305F7F" style="padding-bottom: 3px;"><div align="center"><span class="title">Comment Posted.</span></div></td>

          <td background="images/blue_right_side.gif" bgcolor="#305F7F" style="background-position: right; background-repeat: repeat-y"></td>
        </tr>
       
      </table></td>
    </tr>
    <tr>
      <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#000000">
        <tr>
          <td><table width="100%" border="0" cellpadding="1" cellspacing="0" bgcolor="#FFFFFF" style="padding: 5px;">
            <tr>

              <td><center><a href="javascript:history.back();" target=\'content\'>Go back</a></center></tr>
          </table></td>
        </tr>
      </table></td>
    </tr>
  </table></div>';
break;
}
echo "<center>Please note that if you are logged in to the member system while viewing the news you WILL be logged out. Sorry for the inconvenience.</center>";
?>
<style type="text/css">
<!--
body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
.title {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #FFFFFF;
   font-weight: bold;
}
-->
</style>
</head><body></body>


Also, sorry but the first code I posted was the wrong page. Above is my current code with the edited.
virre
I don't remember what variable type Arrays have, but I think they are strings to so

Code:

if($logged[username]) {
echo "\"$logged[username]\">";
}


Needs to be $logged['username'];

Either test it that way, or wait for someone better than me to conform this (;
zinitine
Okay, some of this might be simple stuff, or have nothing to do with it, but it never hurts to try. Computers can just be hateful sometimes and not want to co-operate.

1: Is register_globals on? I'd turned it on once and left it but for some of my code it caused problems with using $_GET and $_POST. (No idea why. Maybe it's because I'm on a Mac.)
2: Does the login system use $_GET["id"]? If it does, you'll have to change the login system or change your code.
3: How long is the session time in your php.ini? It could be just logging you out from that.

And I also think virre is right too.

Hopefully something here helps!

Zach
Diablosblizz
@Virre:

Quote:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/hmms/public_html/v5newtemplate/news.php on line 213


I get that when I replace $logged[username] with $logged['username']

@zinitine:

1. They are on:

Code:
register_globals   On   On

2. It uses it for the members ID, I thought about this too. Not sure if that would/could cause anything.
3. No idea how to check, this is what my php info file told me:

Code:
session.auto_start   Off   Off
session.bug_compat_42   On   On
session.bug_compat_warn   On   On
session.cache_expire   180   180
session.cache_limiter   nocache   nocache
session.cookie_domain   no value   no value
session.cookie_lifetime   0   0
session.cookie_path   /   /
session.cookie_secure   Off   Off
session.entropy_file   no value   no value
session.entropy_length   0   0
session.gc_divisor   100   100
session.gc_maxlifetime   1440   1440
session.gc_probability   1   1
session.name   PHPSESSID   PHPSESSID
session.referer_check   no value   no value
session.save_handler   files   files
session.save_path   /tmp   /tmp
session.serialize_handler   php   php
session.use_cookies   On   On
session.use_only_cookies   Off   Off
session.use_trans_sid   Off   Off



If you guys need any more information then check:

http://hotelmario.info/v5newtemplate/php.php
virre
what should the username in $logged[username] be by the way?

because now it search the array $logged for the value of the constant username, and I can't se you have it set anywhere....

for an example look at the last one at http://www.php.net/manual/en/function.array.php

I can't find any defenition of either $logged or username in your code, although I guess it is in the includes.
Diablosblizz
The $logged variable is defined in config.php. For me, if I was logged in, it would show Diablosblizz. If it was somebody else it would show the user's username.
Diablosblizz
Sorry for double posting but I figured out that it was the host that was causing it to logout, but why?

I tried the same codes on my localhost, and it worked, but it doesn't work on my host! Does anybody know why?

Thanks.
virre
Diablosblizz wrote:
Sorry for double posting but I figured out that it was the host that was causing it to logout, but why?

I tried the same codes on my localhost, and it worked, but it doesn't work on my host! Does anybody know why?

Thanks.


Well is register_globals and other such stuff set a like on your localhost as on the remote host?
DjinniFire
I'm not sure because I have no idea what are in the included files but I'm guessing you aren't sending the id information from one page to the next.

First off I don't even know what kind of sessions you are setting.
I'm guessing you don't even have sessions in the script even though you have session_start();
Unless it is in the config file which I would like to see, (You can exclude any sensitive data such as username and password information for database)

Switch case doesn't need $_GET[page] you just have to do switch($page) and whenever link has blah?page=whatever it automatically gets it.

Sorry I am not helping much because there isn't a clear understanding of what's going on in config.php.

But I don't think it has anything to do with your $_GET[id], rather it has something to do with your sessions as to why you keep logging out.
Diablosblizz
Fire, I did the switch($page) and it still worked, so thank you for the tip. As of my config here you go:

Code:
<?
session_start(); //allows session

$conn = mysql_connect("localhost","hmms_members","members");
mysql_select_db(MYPASSWORDHERE) or die(mysql_error());

$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$logged = mysql_fetch_array($logged);
$userban = mysql_query("SELECT * FROM `reason_ip`");
$userban = mysql_fetch_array($userban);

//replaces spaces with %20
//DO NOT REMOVE!
function REMOVE($bbcode) {
   //the bbcode tags..
   $bbc_a=array(" ");
   //bbcode gets converted to..
   $bbc_b=array("%20");

   $bbc_num=count($bbc_a);
   $loop=0;
   while($loop<$bbc_num) {

      $bbcode=str_replace($bbc_a[$loop], $bbc_b[$loop], $bbcode);
      $loop++;
   }     
   return $bbcode;
}
//some server details, don't edit!
$host = REMOVE($_SERVER['HTTP_HOST']);
$self = REMOVE($_SERVER['PHP_SELF']);

//change this to your site name
$sitename = "Hotel Mario";
if ($userban[timer] > 0){
$today = date("wHiY");
if($userban[timer] < $today) {
echo "You have been unbanned from the request line.";
$ip = $_SERVER['REMOTE_ADDR'];
$delete = mysql_query("DELETE FROM `reason_ip` WHERE `ip` = '$ip'");
}
}

if ($logged[timed] > 0)
{
$today = date("wHiY");
if ($logged[timed] < $today)
{
echo ("You have been unbanned. Please don't be racist anymore.");
$query = mysql_query("UPDATE `members` SET `timed` = '0' WHERE `username` = '$logged[username]'");
$update = mysql_query("UPDATE `members` SET `sc` = '5' WHERE `username` = '$logged[username]'");
}
}

$offline = 2;
$current = time();
$offline = ($current-$offline);
if ($logged[username])
{
$update = mysql_query("UPDATE `members` SET `online` = '$current' WHERE `username` = '$logged[username]'");
}
?>


Okay, so that is the config.php. The session[id] and password are defined in login.php where the user logins. If you need that then ask.

Please help, I am dieing here!
DjinniFire
I'm guessing that your login page sets $_SESSION[id] and $_SESSION[password]

First off if I'm understanding your pages correctly if I did ?page=view&id=5 I should see the message with id 5? Or something of the sort where the id represents the id of the message.

Next you have a session that has variable as id. If I'm not mistaken $_GET[id] may be confusing the variable with $_SESSION[id] as well as id from the page url.

Very confusing script T.T that I'm not sure how to figure it out.
Providing login script would be good to, but this is just weird x]

By the way:
$id = (int) htmlspecialchars(strip_tags($_GET[id]));

if you want to check that id is safe you could probably just do:
is_int() which basically checks if the id is integer or not.
Code:

if(is_int($_GET[id])){
     // ID is set as integer so do whatever
}
else{
    // ID was not integer
}

I believe that's more effective to make sure that the id is a number, instead of trying to strip tags and blah blah with html characters.
Diablosblizz
Quote:
Next you have a session that has variable as id. If I'm not mistaken $_GET[id] may be confusing the variable with $_SESSION[id] as well as id from the page url.


I changed the "ID" in the news to NID, and it still logs me out. So you can cancel that idea, unless I am misunderstanding.

Here is my login:

Code:
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
$getnew = mysql_query("SELECT * FROM `privates` WHERE `status` = 'Unread' AND `to` = '$logged[username]';");
$total = mysql_num_rows($getnew);
$msgs = mysql_query("SELECT * FROM privates WHERE `to` = '$logged[username]' ORDER BY `pid` ASC") or die(mysql_error());
$r = mysql_fetch_array($msgs);
if($logged[id]){
//welcomes the member
//shows the user menu
if($total == 1) {
echo "<script>alert('You have a unread private message from $r[from]');</script>";
}
echo "</center>
<B>User tools</b><BR>
- <a href='members.php' target='content'>Members</a><br>
- <a href='editprofile.php' target='content'>Edit Profile</a><br>
- <a href='changepassword.php' target='content'>Change Password</a><br>
- <a href='logout.php?logout'>Logout</a><BR>
<b>Private Messages</b><BR>
- <a href='pms.php' target='content'>Inbox</a> ($total)<BR>
- <a href='pms.php?page=compose' target='content'>Compose</a><BR>
<b>Pets</b><BR>
- <a href='pets/my_pets.php' target='content'>My Pets</a><BR>
- <a href='pets/duel.php' target='content'>Pet Duels</a><BR>
<b>Other</b><BR>
- <a href='shop.php' target='content'>Shop</a><BR>
- <a href='forums/forum.php' target='_top'>Forums</a><BR>
- <a href='shoutbox.php' target='content'>Shoutbox</a><BR>";
if ($logged[userlevel] == 6) {
   echo "
- <a href='admin.php' target='content'>Admin Panel</a><BR>";
} echo "
<center>
<meta http-equiv='refresh' content='15;url=login.php'></div>";
}
else
//if there trying to login
if(isset($_GET['login'])){
//removes sql injections from the data
$username= htmlspecialchars(addslashes($_POST[username]));
//encrypts the password
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
//gets the username data from the members database
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//see if the user exists
$checkuser = mysql_num_rows($uinfo);
//if user name not found in database error
if($checkuser == '0')
{
echo "Username not found";
}
else
{
//fetch the sql
$udata = mysql_fetch_array($uinfo);
//checks see if the account is verified
if($udata[userlevel] == 1) {
echo "This account had not been verified.";
}
//if it is continue
else
//if the db password and the logged in password are the same login
if($udata[password] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//fetchs the sql
$user = mysql_fetch_array($query);
//sets the logged session

$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";

echo "You are now logged in, Please wait. . .";
//redirects them
echo "<meta http-equiv='Refresh' content='2; URL=checkb.php'/>";
}
//wrong password
else
{
echo "Incorrect username or password!";
}
}
}
else
{
//If not the above show the login form
echo '<center><form action="login.php?login" method="post"><BR>
Username: <BR><input type="text" name="username" maxlength="25"><BR>
Password: <BR><input type="password" name="password" maxlength="25"><BR><BR>
<a href="members/register.php" target="content">Register</a><BR>
<a href="members/forgotpass.php" target="content">Forgot Pass</a><br>
<input type="submit" value="Login">
</form>';
}
echo "<center>";
?>

<head>
<style>
body {
       color: black;
       font-size: 10px;
       font-family: verdana;
}
</style>
</head>


Neutral
DjinniFire
There's your problem. (I think x])

You set the session as $_SESSION['id'] and $_SESSION['password']
but in the mysql_query you have $_SESSION[id] and $_SESSION[password]

notice the difference? You have quotes in first but not second so I think that the session is read incorrectly thus you the $logged variable has no value.

So either change session in login without quotes or in the config file set the sessions to a different variable and run it through query. (Adding single quotes to the thing will mess up the query so you set new variable to avoid that)

Again I think that's the problem x] I hope it is so it can be fixed.
Diablosblizz
I changed it to:

Code:
$_SESSION[id] = "$user[id]";
$_SESSION[password] = "$user[password]";


And still, nope.
DjinniFire
no that's not what I meant
i meant like this

$id=$_SESSION['id'];
$password=$_SESSION['password'];

$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$id' AND `password` = '$password'");

the reason I suggest this way instead is because the single quotes aren't allowed in the query, they'll mess it up (there are ways around but i like to do this way instead, easier to read)

u need ur session to correspond to variable you want.
In login you have ['id'] not [id] so in config you should have ['id']
Diablosblizz
Okay, heres what I've done:

LOGIN.PHP:

CHANGED:
Code:
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";


WITH:
Code:
$id = $user['id'];
$password = $user['password'];
$_SESSION['id'] = $id;
$_SESSION['password'] = $password;



CONFIG.PHP:

CHANGED:
Code:
$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");


WITH:
Code:
$id = $_SESSION['id'];
$password = $_SESSION['password'];
$logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$id' AND `password` = '$password'");



Okay, hopefully you're not confused. That's what I've changed. And still I get logged out.
DjinniFire
Okay yeah. I'm helping a friend on a different host setup a login in system and I seem to be running in a same dead wall with the login, it never logs in properly. I'll have to think about this T_T
I hope somebody else can figure this out. I'm stumped right now.
Diablosblizz
Also, on login.php it goes to checkb.php, I removed that and it still didn't work. Somethings majorly screwed here. Sad

Anybody have any ideas?
DjinniFire
Hmm I wish I could help, if I get time later next week I'll try to write a mock of the code and test it and try fixing things.
mathiaus
This code is horrible! I highly suggest using another user system (any would be better).
The if statements are a huge mess, no indenting, comments are poor (where they actually exist) and your config.php file contains NO configuration values Exclamation
Your outputting a pile of stuff and then at the bottom you have your <head> tags. Theres no html tags or body tags. All browsers should shout at this page saying 'Complete rubbish!' </rant>

Using this code, I've changed it a bit. This is just sorting out the if's which was a challenge on its own. Again, I suggest using another script.
Code:
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
$getnew = mysql_query("SELECT * FROM `privates` WHERE `status` = 'Unread' AND `to` = '$logged[username]';");
$total = mysql_num_rows($getnew);
$msgs = mysql_query("SELECT * FROM privates WHERE `to` = '$logged[username]' ORDER BY `pid` ASC") or die(mysql_error());
$r = mysql_fetch_array($msgs);
if($logged['id']) {
   //welcomes the member
   //shows the user menu
   if($total == 1) {
      echo "<script>alert('You have a unread private message from $r[from]');</script>";
   }
   echo "</center>
   <B>User tools</b><br />
   - <a href='members.php' target='content'>Members</a><br />
   - <a href='editprofile.php' target='content'>Edit Profile</a><br />
   - <a href='changepassword.php' target='content'>Change Password</a><br />
   - <a href='logout.php?logout'>Logout</a><br />
   <b>Private Messages</b><br />
   - <a href='pms.php' target='content'>Inbox</a> ($total)<br />
   - <a href='pms.php?page=compose' target='content'>Compose</a><br />
   <b>Pets</b><br />
   - <a href='pets/my_pets.php' target='content'>My Pets</a><br />
   - <a href='pets/duel.php' target='content'>Pet Duels</a><br />
   <b>Other</b><br />
   - <a href='shop.php' target='content'>Shop</a><br />
   - <a href='forums/forum.php' target='_top'>Forums</a><br />
   - <a href='shoutbox.php' target='content'>Shoutbox</a><br />";
   if ($logged[userlevel] == 6) {
      echo "
   - <a href='admin.php' target='content'>Admin Panel</a><br />";
   }
   echo "<center>
   <meta http-equiv='refresh' content='15;url=login.php'></div>";
} else {
   //if they are trying to login
   if(isset($_GET['login'])){
      //removes sql injections from the data
      $username= htmlspecialchars(addslashes($_POST[username]));
      //encrypts the password
      $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
      //gets the username data from the members database
      $uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
      //see if the user exists
      $checkuser = mysql_num_rows($uinfo);
      //if user name not found in database error
      if($checkuser == '0') {
         echo "Username not found";
      } else {
         //fetch the sql
         $udata = mysql_fetch_array($uinfo);
         //checks see if the account is verified
         if($udata[userlevel] == 1) {
            echo "This account had not been verified.";
         } else { //if it is continue
            //if the db password and the logged in password are the same login
            if($udata[password] == $password) {
               $query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
               //fetchs the sql
               $user = mysql_fetch_array($query);
               //sets the logged session

               $_SESSION['id'] = $user['id'];
               $_SESSION['password'] = $user['password'];

               echo 'You are now logged in, Please wait. . .';
               //redirects them
               echo "<meta http-equiv='Refresh' content='2; URL=checkb.php'/>";
            } else { //wrong password
               echo 'Incorrect username or password!';
            }
         }
      }
   } else {
      //If not the above show the login form
      echo '<center><form action="login.php?login" method="post"><br />
      Username: <br /><input type="text" name="username" maxlength="25"><br />
      Password: <br /><input type="password" name="password" maxlength="25"><br /><br />
      <a href="members/register.php" target="content">Register</a><br />
      <a href="members/forgotpass.php" target="content">Forgot Pass</a><br />
      <input type="submit" value="Login">
      </form>';
   }
}
echo '<center>';
?>

<head>
<style>
body {
       color: black;
       font-size: 10px;
       font-family: verdana;
}
</style>
</head>
Diablosblizz
mathiaus, I figured the problem. It was my host. And yeah, I know the code is horrible. Though, I recoded it. Can you tell me if this looks a bit better?

Code:
<?php
session_start();
include("config.php");
switch($_GET['page']) {
   
default:
echo '
<center><form action="login.php?page=login" method="post"><BR>
Username: <BR><input type="text" name="username" maxlength="25"><BR>
Password: <BR><input type="password" name="password" maxlength="25"><BR><BR>
<a href="register.php" target="content">Register</a><BR>
<a href="forgotpass.php" target="content">Forgot Pass</a><br>
<input type="submit" value="Login">
</form>';
$new = mysql_query("SELECT * FROM `members` ORDER BY `id` DESC LIMIT 0, 1");
$new = mysql_fetch_array($new);
$count = mysql_query("SELECT * FROM `members`");
$count = mysql_num_rows($count);
echo "<b>Total members</b>: $count
<BR><b>Newest User</b>: <a href='members.php?page=view&username=$new[username]' target='content'>$new[username]</a><BR>";
break;

case 'login':
$username = htmlspecialchars(addslashes($_POST[username]));
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'");
$checkuser = mysql_num_rows($uinfo);
if($checkuser = 0) {
   echo "Sorry, $username does not exist.";
} else {
$uinfo = mysql_fetch_array($uinfo);
if($uinfo[userlevel] == 1) {
   echo "Please verify your account before logging in.";
} else {
if($uinfo['password'] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
$id = $user['id'];
$password = $user['password'];
$_SESSION['id'] = $id;
$_SESSION['password'] = $password;

echo "<center><img src='../images/loadingm.gif'><BR>Processing login . . .</center>
<meta http-equiv='Refresh' content='2; URL=?page=nav'/></center>";
$ip = $_SERVER['REMOTE_ADDR'];
$ip = mysql_query("UPDATE `members` SET `ip` = '$ip' WHERE `username` = '$username'");
} else {
echo "$username, we're sorry, but you have the wrong password, or the account $username does not exist. Please go back and try again.";
}
}
}
break;

case 'nav':
$username = $logged['username'];
$query = mysql_query("SELECT `banned` FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$query2 = mysql_query("SELECT `breason` FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$fetchb = mysql_fetch_assoc($query);
$isbanned = $fetchb['banned'];
$fetchbr = mysql_fetch_assoc($query2);
$isr = $fetchbr['breason'];

if($isbanned == 1) {
echo "<center><B>$username! You have been banned!</b></center><BR><BR>
Reason: $isr";
unset($_SESSION['id']);
unset($_SESSION['password']);
} else {
$getnew = mysql_query("SELECT * FROM `privates` WHERE `status` = 'Unread' AND `to` = '$logged[username]';");
$total = mysql_num_rows($getnew);
$msgs = mysql_query("SELECT * FROM privates WHERE `to` = '$logged[username]' ORDER BY `pid` ASC") or die(mysql_error());
$r = mysql_fetch_array($msgs);

$logout_time = 300; //mili seconds to stay logged in
$current = time(); //current time
$offline = ($current - $logout_time); //do the math for the logout time
if($logged[username]){ //if they are logged in
    $update = mysql_query("UPDATE `members` SET `online` = '$current' WHERE `username` = '$logged[username]';"); //update their status
} //end the check and such


if($total == 1) {
echo "<script>alert('You have a unread private message from $r[from]');</script>";
}
echo "</center>
<B>User tools</b><BR>
- <a href='editprofile.php' target='content'>User CP</a><BR>
- <a href='members.php' target='content'>Members</a><br>
- <a href='changepassword.php' target='content'>Change Password</a><br>
- <a href='logout.php?logout'>Logout</a><BR>
<b>Private Messages</b><BR>
- <a href='pms.php' target='content'>Inbox</a> ($total)<BR>
- <a href='pms.php?page=compose' target='content'>Compose</a><BR>
<b>Pets</b><BR>
- <a href='pets/my_pets.php' target='content'>My Pets</a><BR>
- <a href='pets/duel.php' target='content'>Pet Duels</a><BR>
<b>Other</b><BR>
- <a href='shop.php' target='content'>Shop</a><BR>
- <a href='lottery.php' target='content'>Lottery</a><BR>
- <a href='forums/forum.php' target='content'>Forums</a><BR>
- <a href='shoutbox.php' target='content'>Shoutbox</a><BR>";
if ($logged['userlevel'] == 6) {
   echo "
- <a href='admin.php' target='content'>Admin Panel</a><BR>";
} echo "
<center>
<meta http-equiv='refresh' content='15;url=login.php?page=nav'></div>";
}
break;
}
?>

<head>
<style>
body {
       color: black;
       font-size: 10px;
       font-family: verdana;
}
</style>
</head>


Look any better? :S

Also, the head and style are below the code is because I do not want to get a error which I usually do when the CSS is above the PHP.
DjinniFire
x] it was your host? =.="

Code looks cleaner now but most like to use tabs in order to better clarify if/else statements and organize chucks.
Diablosblizz
Yeah, it was my host. I don't know how... :S:S

Smile Cleaner! Very Happy
TechJunkies
Hmmm, Try This Code, It Works For Me:
Code:

<?
ob_start();
//the above line needs to be above ALL HTML and PHP (except for <?).
include("config.php");
//gets the config page, which connects to the database and gets the user's information
if ($logged[username])
{
//checks to see if they are logged in
switch($_GET[page])
{
//this allows us to use one page for the entire thing
default:
Echo"
<meta http-equiv='refresh' content='0;URL=messages.php?page=inbox'>
";
break;
case 'write':
if (!$_POST[send])
{
//the form hasnt been submitted yet....
echo ("
<a href='messages.php'>Go Back</a><br><br>
<form method=\"POST\" style=\"margin: 0px;\">
    <dl style=\"margin: 0px;\">
            <dt>recipient</dt>
            <dd>
            <select name='to'>
");
$getusers = mysql_query("SELECT * FROM users ORDER BY 'username' ASC");
            while ($users = MySQL_Fetch_Array($getusers)) {
    echo ("<option value=\"$users[username]\">$users[username]</option>");
}
//the above line gets all the members names and puts them in a drop down box
echo ("
</select>
</dd>
<dt>Message Subject</dt>
<dd><input type=\"text\" name=\"subject\" size=\"20\"></dd>
<dt>Message</dt>
<dd><textarea rows=\"7\" name=\"message\" cols=\"35\"></textarea>
</dd><dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl>
</form>
");
}
if ($_POST[to])
{
//the form has been submitted.  Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$send = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , 
`touser` , `from` , `unread` , 
`date` ) VALUES ('$subject', '$message', '$to', 
'$logged[username]', 'unread', NOW())");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Your message has been sent.");
}
break;
case 'delete':
if (!$_GET[msgid])
{
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Sorry, but this is an invalid message.
");
}
else
{
$getmsg = mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//hmm..someones trying to delete someone elses messages!  This keeps them from doing it
if ($msg[touser] != $logged[username])
{
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
This message was not sent to you!
");

}
else
{
$delete  = mysql_query("delete from pmessages where id = '$_GET[msgid]'");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Message Deleted!
");
}
}
break;
case 'deleteall':
$delete  = mysql_query("delete from pmessages where touser = '$logged[username]'");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
All Message Deleted!
");
break;
case 'inbox':
$get = mysql_query("SELECT * from pmessages where touser = '$logged[username]' order by id desc");
echo("
<a href='messages.php?page=write'>Create New Message</a><br><br>
<a href='messages.php?page=deleteall'>Delete All Messages</a><br><br>
<table border=\"0\" width=\"100%\" cellspacing=\"0\">
<tr>
<td align=\"center\" style=\"border-bottom:#000000 solid 1px;\">Subject</td>
<td align=\"center\" width=\"125\" style=\"border-bottom:#000000 solid 1px;\">From</td>
<td align=\"center\" width=\"97\" style=\"border-bottom:#000000 solid 1px;\">Date</td>
<td width=\"25\" style=\"border-bottom:#000000 solid 1px;\">Delete</td>
</tr>
</table>
");
$nummessages = mysql_num_rows($get);
if ($nummessages == 0)
{
echo ("You have 0 messages!");
}
else
{
echo("<table border=\"0\" width=\"100%\" cellspacing=\"1\">");
while ($messages = mysql_fetch_array($get))
{
//the above lines gets all the messages sent to you, and displays them with the newest ones on top
echo ("
<tr>
<td><a href=\"messages.php?page=view&msgid=$messages[id]\">");
if ($messages[reply] == yes)
{
echo ("Reply to: ");
}
echo ("$messages[title]</a></td>
<td width=\"125\">$messages[from]</td>
<td width=\"97\">$messages[date]</td>
<td width=\"25\"><a href=\"messages.php?page=delete&msgid=$messages[id]\">Delete</a></td>
</tr>");
}
echo ("</table>");
}
break;
case 'view':
//the url now should look like ?page=view&msgid=#
if (!$_GET[msgid])
{
//there isnt a &msgid=# in the url
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Invalid message!");
}
else
{
//the url is fine..so we continue...
$getmsg= mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//the above lines get the message, and put the details into an array.
if ($msg[touser] == $logged[username])
{
//makes sure that this message was sent to the logged in member
if (!$_POST[message])
{
//the form has not been submitted, so we display the message and the form
$markread = mysql_query("Update pmessages set unread = 'read' where id = '$_GET[msgid]'");
//this line marks the message as read.
$msg[message] = nl2br(stripslashes("$msg[message]"));
//removes slashes and converts new lines into line breaks.
echo ("<a href='messages.php?page=inbox'>Go Back</a><br><br>
<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt><b>$msg[title] -- From $msg[from]</b></dt>
<dd>$msg[message]</dd>
<dt><b>Reply</b></dt>
<dd><textarea rows=\"6\" name=\"message\" cols=\"45\"></textarea></dd>
<dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl></form>");
}
if ($_POST[message])
{
//This will send the Message to the database
$message = htmlspecialchars(addslashes("$_POST[message]"));
$do = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , `touser` , `from` , `unread` , 
`date`, `reply`) VALUES
('$msg[title]', '$message', '$msg[from]', '$logged[username]',
'unread', NOW(), 'yes')");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Your message has been sent");
}
}
else
{
//This keeps users from veiwing other users comments
echo("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
<b>Error</b><br />");
echo ("This message was not sent to you!");
}}
Echo"
</td>
            </tr>
</table>
";
break;
}
}
?>

Just Add Some More Includes, Any Errors, Talk To Me, Also, Check Your Include Files, Just Incase There Is A Slight Variable Error In One Of Them.
Related topics
ebay, your best and worst buy
PHP - BBcode Parsing
cost of a website
Define Religion?
Is this code safe, or not?
.htaccess Problem With Register_Globals
how to - referral system ???
PHP Member System (using FOPEN)..
Creating a member system
Simple MySQL Template
Problems with Member System (RMB-SCRIPTING)
Strange Problem in PHP-MYSQL
Simple PHP Login Script
Replacing a marker with multipule content items
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.