Need Help with my website.....

[jaysus7]

i don't know what is wrong it won't let me log in and it won't delete my email from the db when i "activate" my registration? please help.... i am using a go daddy database and hosting account?....

init file.....

<?php

session_start ();

$exceptions = array ('sign up1', 'index', 'activate');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

mysql_connect("phplogin113.db.8811650.hostedresource.com","phplogin113","Hookups1");
mysql_select_db("phplogin113");

$path = dirname(__FILE__);

include ("{$path}/inc/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['passwords']) && isset($_SESSION['username']) === false){
	if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
		$_SESSION['username'] = htmlentities($_COOKIE['username']);
	
		setcookie('username', $_COOKIE['username'], time() + 604800);
		setcookie('password', $_COOKIE['password'], time() + 604800);
	
	}

}

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: index.php');
		die();
	}

}

?>

user.inc. file....

<?php
//check if given username exsists in the database
function user_exsists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
	 
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
// checks to see is user account is active
	function is_active($user){
		$user = mysql_real_escape_string($user);
		
		$sql = "SELECT
					COUNT (`activations`.`user_id`)
				FROM`users`
				INNER JOIN `activations`.`user_id`
				ON `users`.`user_id` = `activations`.`user_id`
				WHERE `users`.`user_username` = '{$user}'";
				
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
	
		
}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");

}

//adds a user to the database
function add_user($user, $email, $pass){
	$user	= mysql_real_escape_string(htmlentities($user));
	$email	= mysql_real_escape_string($email);
	$pass	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid =implode('', array_rand($charset, 10)); 
	
	$body =	<<<EMAIL
	
	Thank you for signing up with knowquest. To activate your account, please click the link below
	
	http://www.jasonmassieportfolio.com/activate.php?{$aid}
	
EMAIL;
	
	mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
	
	mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`) VALUES ('{$user}', '{$email}', '{$pass}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
	
}
?>

activate file....

<?php

include('core/init.inc.php');

if (isset($_GET['aid'])){
	activate_account($_GET['aid']);
	
	}
?>

register file.....

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['confirm_password'])){
	if (empty ($_POST['username'])){
   $errors[] = 'The username cannot be empty!';	
}

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
	$errors[] = 'The email address you entered does not seem to be valid';
	
}

if (empty ($_POST['password']) || empty($_POST['confirm_password'])){
	$errors[] = 'The password cannot be empty!';
}

if ($_POST['password'] !== $_POST['confirm_password']){ 
   $errors[] = 'The password Varifacation failed!';
   
}

if (user_exsists($_POST['username'])){
    $errors[] = 'The username you entered is already taken!';
	
}

if (empty($errors)){
	add_user($_POST['username'], $_POST['email'], $_POST['password']);
	  $errors[] = 'You have been regiserd, check your email!';
	header('Location: protected.php');
	die();
	
	}

}

?>

<?php
	
	if (empty($errors) === false );{
	
	?>
    <ul>
    <?php
	
	foreach ($errors as $error){
		echo "<li>[$error]</li>";
	}
	
	?>
    </ul>
    <?php
    
    }
    
    ?>

please help me with this...... what did i miss....

[jacek]

First thing I noticed

if (empty($errors) === false );{

There should be no ; near the end of this line.

$errors[] = 'You have been regiserd, check your email!';

That isn't an error


Now, what do you mean it won't let you log in ? Do you get any errors ? What actually happens ?

[jaysus7]

it just says incorrect password and username ... but i know its correct!! no matter what i type in that echo error always pop up

[jaysus7]

That isn't an error

it doesn't delete it from the activations table like it is supposed too....

}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");
echo mysql_error();
}

[jacek]

Do you get any output from the mysql_error() function ? If not it must be that the activation Id in the table is not the same as the one in the URL or that the function is never being called for some reason.

[jaysus7]

This is what i get??.....


FUNCTION phplogin113.COUNT does not exist
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/content/50/8811650/html/core/init/user.inc.php on line 35

Warning: Cannot modify header information - headers already sent by (output started at /home/content/50/8811650/html/core/init/user.inc.php:34) in /home/content/50/8811650/html/index.php on line 32


my user.inc code......

<?php

//check if given username exsists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;

}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
// checks to see is user account is active
	function is_active($user){
		$user = mysql_real_escape_string($user);
		echo mysql_error();
		$sql = "SELECT
					COUNT (`activations`.`user_id`)
				FROM `users`
				INNER JOIN `activations`
				ON `users`.`user_id` = `activations`.`user_id`
				WHERE `users`.`user_username` = '{$user}'";
				
	$result = mysql_query($sql);
	echo mysql_error();
	return (mysql_result($result, 0) == '0') ? true : false;
		
}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");

}

//adds a user to the database
function add_user($user, $email, $pass, $first, $last){
	$user		= mysql_real_escape_string(htmlentities($user));
	$email		= mysql_real_escape_string($email);
	$pass		= sha1($pass);
	$first		= mysql_real_escape_string(htmlentities($first));
	$last		= mysql_real_escape_string(htmlentities($last));
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid =implode('', array_rand($charset, 10)); 
	
	$body =	<<<EMAIL
	
	Thank you for signing up with knowquest. To activate your account, please click the link below
	
	http://www.jasonmassieportfolio.com/act ... ?aid={$aid}
	
EMAIL;
	
	mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
	
	mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`,`user_firstname`,`user_lastname`) VALUES ('{$user}', '{$email}', '{$pass}','{$first}','{$last}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");

}
?>

[Temor]

COUNT (`activations`.`user_id`)

there should not be a space between COUNT and ()

COUNT(`activations`.`user_id`)

[jaysus7]

Temor...Thank you so much!!! made it work lets see if it validates properly now!!!!

now it just lets you login in if you hit the submit button...none of the errors are working :s

[Temor]

what does your code for the login page look like?


I also noticed an error in protected.php.

Click here to see you portfolio!!

the link redirects to http://www.jasonmassieportfolio.com/mem ... ?uid={$uid}
{$uid} should not be visible You're probably forgetting to wrap it in php tags.

[jaysus7]

user id

<?php
//check if given username exsists in the database
function user_exsists($user){
        $user = mysql_real_escape_string($user);
       
        $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
       
        return (mysql_result($total, 0) == '1') ? true : false;
       
}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
        $user = mysql_real_escape_string($user);
        $pass = mysql_real_escape_string($pass);
       
        $total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
         
        return (mysql_result($total, 0) == '1') ? true : false;
       
}
// checks to see is user account is active
        function is_active($user){
                $user = mysql_real_escape_string($user);
               
                $sql = "SELECT
                                        COUNT (`activations`.`user_id`)
                                FROM`users`
                                INNER JOIN `activations`.`user_id`
                                ON `users`.`user_id` = `activations`.`user_id`
                                WHERE `users`.`user_username` = '{$user}'";
                               
        $result = mysql_query($sql);
       
        return (mysql_result($result, 0) == '0') ? true : false;
       
               
}
//acctivates the account related to the given activation code
function activate_account($aid){
        $aid = mysql_real_escape_string($aid);
       
        mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");
 
}
 
//adds a user to the database
function add_user($user, $email, $pass){
        $user   = mysql_real_escape_string(htmlentities($user));
        $email  = mysql_real_escape_string($email);
        $pass   = sha1($pass);
       
        $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
        $aid =implode('', array_rand($charset, 10));
       
        $body = <<<EMAIL
       
        Thank you for signing up with knowquest. To activate your account, please click the link below
       
        http://www.jasonmassieportfolio.com/activate.php?{$aid}
       
EMAIL;
       
        mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
       
        mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`) VALUES ('{$user}', '{$email}', '{$pass}')");
       
        $user_id = mysql_insert_id();
       
        mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
       
}
?>

index/login

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty ($_POST['username'])){
		$errors[] = 'The username cannot be empty!';
	}
	
	if (empty ($_POST['password'])){
		$errors[] = 'The password cannot be empty!';
	}
	
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
		$errors[] = 'Username or Password incorrect!';
	}
	
	if (($errors) && is_active($_POST['username']) === false){
		$errors[] = 'This account has not yet been activated!';
	}
	
	if(($errors)){
	if (isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
		setcookie('username', $_POST['username'], time() + 604800);
		setcookie('password', sha1($_POST['password']), time() + 604800);
	}
	
	$_SESSION['username'] = htmlentities($_POST['username']);
	
	header('Location: protected.php');
	die();
	
	}
}

?>



<?php
	echo 'Need an account? <a href="sign up1.php">Sign Up </a>';
    if (empty($errors) === false){
	?>
    <ul>
    <?php
	foreach ($errors as $error){
		echo "<li>{$error}</li>";
		}
	?>
    </ul>
    <?php
	}
		
	?>

<?php

session_start ();

$exceptions = array ('sign up1', 'index', 'activate');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

mysql_connect("phplogin113.db.8811650.hostedresource.com","phplogin113","Hookups1");
mysql_select_db("phplogin113");

$path = dirname(__FILE__);

include ("{$path}/init/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false){
	if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
		$_SESSION['username'] = htmlentities($_COOKIE['username']);
	
		setcookie('username', $_COOKIE['username'], time() + 604800);
		setcookie('password', $_COOKIE['password'], time() + 604800);
	
	}

}

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: index.php');
		die();
	}

}

?>

i know this is wrong right lol....i hate being new!!!! you guys are helping so much!!!!!

<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php </br><a href='member1.php?uid={$uid}'>Click here</a> to see you portfolio!!?>
  
</p>

[Temor]

 if(($errors)){
        if (isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
                setcookie('username', $_POST['username'], time() + 604800);
                setcookie('password', sha1($_POST['password']), time() + 604800);
        }

what you're doing here is logging the user in if $errors is set, which it will be if there is any errors.

what you need to do is check if it's empty. To do that you wrap it in the empty() function, like this:

 if(empty($errors)){
Do things...
        }

<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php </br><a href='member1.php?uid={$uid}'>Click here</a> to see you portfolio!!?>
 
</p>

You need to echo the $uid variable like this:

<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php echo" </br><a href='member1.php?uid={$uid}; '>Click here</a> to see you portfolio!! ";?>
 
</p>

[jaysus7]

Temor you are saving my life right now you guys are amazing!!!!! ok so here is the next issue, btw the last thing...man I'm stupid i over looked that like 50 times ugh lol, anyways it still just says incorrect password / username???? and won't log me in...and i made sure they were correct!!!

[Temor]

A fairly common mistake is that the password length cap in your databse is too low. Sha1 produces a 40 character string. Make sure the password length cap is 40 as well.

[jaysus7]

Unknown column 'comments.total_comments' in 'field list'
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/50/8811650/html/coreblog/initblog/posts.inc.php on line 42


whats wrong with this code????


posts.inc.php

<?php

//checks if the given post id is in the table
function valid_pid($pid){
	$pid = (int)$pid;
	
	$total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
	$total = mysql_result($total, 0);

	if ($total != 1){
		return false;
	}else{
		return true;
	}
}

//festches a summery of all the blog posts
function get_posts(){
	$sql = "SELECT
				`posts`.`post_id` AS `id`,
				`posts`.`post_title` AS `title`,
				LEFT(`posts`.`post_body`, 512) AS `preview`,
				`posts`.`post_user` AS `user`,
				DATE_FORMAT(`posts`.`post_date`, '%d/%m/%Y %H:%i:%s') AS `date`,
				`comments`.`total_comments`,
				DATE_FORMAT(`comments`.`last_comment`, '%d/%m/%Y %H:%i:%s') AS `last_comment`
			FROM `posts`
			LEFT JOIN (
				 SELECT
				  `post_id`,
					COUNT(`comment_id`) AS `title_comments`,
					MAX(`comment_date`) AS `last_comment`
				FROM `comments`
				GROUP BY `post_id`
			) AS `comments`
			ON `posts`.`post_id` = `comments`.`post_id`
			ORDER BY `posts`.`post_date` DESC";
	
	$posts = mysql_query($sql);echo mysql_error();
	
	$rows = array();
	while (($row = mysql_fetch_assoc($posts)) !== false){
		echo mysql_error();
		$rows[] = array(
			 'id'					=> $row['id'],
			 'title'				=> $row['title'],
			 'preview'				=> $row['preview'],
			 'user'					=> $row['user'],
			 'date'					=> $row['date'],
			 'total_comments'		=> ($row['total_comments'] === null) ? 0 : $row['total_comments'],
			 'last_comment'			=> ($row['last_comment'] === null) ? 'never' : $row['last_comment']
		);
		
	}
	return $rows;
}

//fetches a single post from the table
function get_post($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
			`post_title` AS `title`,
			`post_body` AS `body`,
			`post_user` AS `user`,
			`post_date` AS `date`
		FROM `posts`
		WHERE `post_id` = {$pid}";
		
	$post = mysql_query($sql);
	$post = mysql_fetch_assoc($post);
	
	$post['comments'] = get_comments($pid);
	
	
	return $post;
}

//adds new blog entry
function add_post($name, $title, $body){
	$name 	= mysql_real_escape_string(htmlentities($name));
	$title 	= mysql_real_escape_string(htmlentities($title));
	$body 	= mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `posts` (`post_user`, `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$body}', NOW())");
echo mysql_error();
}


?>

Warning: Invalid argument supplied for foreach() in /home/content/50/8811650/html/blog_read.php on line 40




blog_read.php

<?php
include ("coreblog/initblog.php");

if(isset($_GET['pid'], $_POST['user'], $POST['body'])){
	if (add_comment($GET['pid'], $_POST['user'], $_POST['body'])){
		
		header("Location: blog_read.php?pid={$_GET['pid']}");
	}else{
		header('Location: blog_list.php');
	}
	die();
}

?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php

if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
	echo 'Invalid post ID.';
}else{
	$post = get_post($_GET['pid'])

	?>
    <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post['title']; ?></a></h2>
    <h4>By: <?php echo $post['user']; ?> on: <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>
    
    <hr />
    
    <p><?php echo $post['body']; ?></p>
    
    <hr />
    <?php
	
	foreach ($post['comments'] as $comment){
		?>
    
	 <h4>By: <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
     <p><?php echo $comment['body']; ?></p>
     <hr />
     <?php
	}

	?>
<form action="" method="post">
<p>
	<label for="user">Name</label>
    <input type="text" name="user" id="user" />
</p>
<p>
	<textarea name="body" rows="20" cols="60"></textarea>
</p>
<p>
	<input type="submit" value="Add Comment" />
</p>
</form>    
<?php

}

?>
</body>
</html>

[Temor]

where are you defining the get_comments() function?

Also, may I have a look at your database structure?

[jaysus7]

[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.11%20AM.png[/img]
[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.27%20AM.png[/img]
[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.38%20AM.png[/img]


i belive i am defining it in blog_read......

<?php
include ("coreblog/initblog.php");

if(isset($_GET['pid'], $_POST['user'], $POST['body'])){
	if (add_comment($GET['pid'], $_POST['user'], $_POST['body'])){
		
		header("Location: blog_read.php?pid={$_GET['pid']}");
	}else{
		header('Location: blog_list.php');
	}
	die();
}

?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php

if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
	echo 'Invalid post ID.';
}else{
	$post = get_post($_GET['pid'])

	?>
    <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post['title']; ?></a></h2>
    <h4>By: <?php echo $post['user']; ?> on: <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>
    
    <hr />
    
    <p><?php echo $post['body']; ?></p>
    
    <hr />
    <?php
	
	foreach ($post['comments'] as $comment){
		?>
    
	 <h4>By: <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
     <p><?php echo $comment['body']; ?></p>
     <hr />
     <?php
	}

	?>
<form action="" method="post">
<p>
	<label for="user">Name</label>
    <input type="text" name="user" id="user" />
</p>
<p>
	<textarea name="body" rows="20" cols="60"></textarea>
</p>
<p>
	<input type="submit" value="Add Comment" />
</p>
</form>    
<?php

}

?>
</body>
</html>

[Temor]

you can upload the pictures as an attachment if you click " Upload Attachment " under the submit button.

You're not creating the function in the file you posted.
I'm interested in where you're creating the function.

function get_comments(){

}

that part.

[jaysus7]

huh...me too lemme get back to you on that one haha

[jaysus7]

oh aha i found it.... i fixed the issue...however it isn't adding the comments now??

<?php

//fetches all the comments for a given blog post
function get_comments($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
				`comment_body` AS `body`,
				`comment_user` AS `user`,
				DATE_FORMAT(`comment_date`, '%d/%m/%Y %H:%i:%s') AS `date`
			FROM `comments`
			WHERE `post_id` = {$pid}";
	
	$comments = mysql_query($sql);echo mysql_error();
	
	$return = array();
	while (($row = mysql_fetch_assoc($comments)) !== false){
		$return[] = $row;
	}
		return $return;
}

//add a comment
function add_comment($pid, $user, $body){
	if (valid_pid($pid) === false){
		return false;
	}
	
	$pid	= (int)$pid;
	$user	= mysql_real_escape_string(htmlentities($user));
	$body	= mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `comments` (`post_id`, `comment_body`, `comment_user`, `comment_date`) VALUES ({$pid}, '{$body}', '{$user}', NOW())");echo mysql_error();

	return true;
	
}

?>

[jacek]

If you don't get any output from the mysql_error() it must be that the query is never running.

The first place I would look would be the valid_pid function since if that is returning false all of the time no comments would be added.

[jaysus7]

if i manually input the comment into the comments in the phpmyadmin it will show up but it won't add the comment itself more put it into the database????

the edit page does not seem to want to update the user profile. it fetches it from the database but it won't actually update it to the database, and show the errors array????

is there a way to interconnect each user to have there own blog and show up on there profile page???....
this is what i have....<?php echo "<a href='member1.php?uid={$_SESSION['uid']}'>Your Research</a>"; ?>

also what is the the link so you click it and it goes to thier actual profile page??


Edit

<?php

include ("core.user/init.inc.user.php");

if (isset($_POST['institution'], $_POST['aboutinstitution'], $_POST['professionaltitle'], $_POST['professionalresearch'], $_POST['professionalwerbsite'], $_POST['personalwebsite'], $_POST['personalemail'], $_POST['professionalemail'], $_POST['abotyourresearch'], $_POST['aboutyourself'], $_POST['socialmedia'])){
	$errors = array();

	if (filter_var($_POST['personalemail'], $_POST['professionalemail'], FILTER_VALIDATE_EMAIL) === false){
	$errors[] = 'The email address you entered is not valid.';

	}

	if (empty($errors)){
	set_profile_info($_POST['institution'], $_POST['aboutinstitution'], $_POST['professionaltitle'], $_POST['professionalresearch'], $_POST['professionalwebsite'], $_POST['personalwebsite'], $_POST['personalemail'], $_POST['professionalemail'], $_POST['abotyourresearch'], $_POST['aboutyourself'], $_POST['socialmedia']);
	
	}

	$user_info = array(
				'institution' 			=> htmlentities($_POST['institution']),
				'aboutinstitution' 		=> htmlentities($_POST['aboutinstitution']),
				'professionaltitle'		=> htmlentities($_POST['professionaltitle']),
				'professionalresearch'	=> htmlentities($_POST['professionalresearch']),
				'professionalwebsite' 	=> htmlentities($_POST['professionalwebsite']),
				'personalwebsite'		=> htmlentities($_POST['personalwebsite']),
				'personalemail'			=> htmlentities($_POST['personalemail']),
				'professionalemail'		=> htmlentities($_POST['professionalemail']),
				'aboutyourresearch'		=> htmlentities($_POST['aboutyourresearch']),
				'aboutyourself'			=> htmlentities($_POST['aboutyourself']),
				'socialmedia'			=> htmlentities($_POST['socialmedia'])
	);
}else{	
	$user_info = fetch_user_info($_SESSION['uid']);
}
	
?>

<?php
	
	if (isset($errors) === false){
		echo 'Click update to update your portfolio.';
	}else if (empty($errors)){
		echo 'Your portfolio has been updated';
	}else{
		echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
	}
	
	?>

<form action="" method="post" name="sign up">
  <table width="100%" border="0">
       <tr>
         <td width="23%"><label for='institution'>Institution:</label></td>
         <td width="77%"><input type="text" name="Institution" id="institution" value="<?php echo $user_info['institution']; ?>"></td>
       </tr>
    <tr>
        <td><label for='aboutinstituition'>About Instituition:</label></td>
        <td><textarea name"aboutinstitution" id="aboutinstitution" rows="15" cols="50"><?php echo strip_tags($user_info['aboutinstitution']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='professionaltitle'>Professional Title:</label></td>
        <td><input type="text" name="professionaltitle" id="professionaltitle" value="<?php echo $user_info['professionaltitle']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalresearch'>Professional Research:</label></td>
        <td><input type="textarea" name="professionalresearch" id="professionalresearch" value="<?php echo $user_info['professionalresearch']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalwebsite:'>Professional Website:</label></td>
        <td><input type="text" name="Professional Website" id="" value="<?php echo $user_info['professionalwebsite']; ?>"></td>
      </tr>
       <tr>
        <td width="23%"><label for='personalwebsites'>Personal Websites:</label></td>
        <td width="77%"><input type="text" name="personalwebsites" id="personalwebsites" value="<?php echo $user_info['persosnalwebsite']; ?>"></td>
    </tr>
    <tr>
        <td><label for='personalemail'>personal Email:</label></td>
        <td><input type="text" name="personalemail"id="personalemail"  value="<?php echo $user_info['persinalemail']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalemail'>Professional Email:</label></td>
        <td><input type="text" name="professionalemail" id="professionalemail" value="<?php echo $user_info['professionalemail']; ?>"></td>
      </tr>
      <tr>
        <td><label for='aboutyourresearch'>About your Research:</label></td>
        <td><textarea name"aboutyourresearch" id="aboutyourresearch" rows="15" cols="50"><?php echo strip_tags($user_info['aboutyourresearch']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='aboutyourself'>Autobiography:</label></td>
        <td><textarea name"aboutyourself" id="aboutyourself" rows="15" cols="50"><?php echo strip_tags($user_info['aboutyourself']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='socialmedia'>Social Networking:</label></td>
        <td><input type="text" name="socialmedia" id="socialmedia" value="<?php echo $user_info['socialmedia']; ?>"></td>
      </tr>
      <tr>
        <td><label for='pictureid'>Picture Id:</label></td>
        <td><input type="file" name="pictureid" id="pictureid" value=""></td>
      </tr>
  </table>
  <p><br><br>
    <input type="submit" name="submit" value="Update">
  </p>
  
    </form>

User.init

<?php

//fetches all of the users from the table
function fetch_users(){
	$result = mysql_query("SELECT `user_id` AS `id`, `user_username` AS `username` FROM `users`");	
	echo mysql_error();
	$users = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false){
		$users[] = $row;
	}
	
	return $users;
}

//fetches profile info for given user
function fetch_user_info($uid){
	$uid = (int)$uid;
	
	$sql = "SELECT
				`user_username` AS `username`,
				`user_email` AS `email`,
				`user_firstname` AS `firstname`,
				`user_lastname` AS `lastname`,
				`user_institution` AS `institution`,
				`user_about institution` AS `aboutinstitution`,
				`user_professional title` AS `professionaltitle`,
				`user_professional research` AS `professionalresearch`,
				`user_professional website` AS `professionalwebsite`,
				`user_personal website` AS `personalwebsite`,
				`user_personal email` AS `personalemail`,
				`user_professional email` AS `professionalemail`,
				`user_about your research` AS `aboutyourresearch`,
				`user_about yourself` AS `aboutyourself`,
				`user_social media` AS `socialmedia`
			FROM`users`
			WHERE `user_id` = {$uid}";
			
			$result = mysql_query($sql);
			
			return mysql_fetch_assoc($result);
}

//updates current user portfolio info
function set_profile_info($institution, $aboutinstitution, $professionaltitle, $professionalresearch, $professionalwebsite, $presonalwebsite, $personalemail, $professionalemail, $aboutyourresearch, $aboutyourself, $socialmedia){
	$institution 			= mysql_real_escape_string(htmlentities($institution));
	$aboutinstitution 		= mysql_real_escape_string(nl2br(htmlentities($aboutinstitution)));
	$professionaltitle		= mysql_real_escape_string(htmlentities($professionaltitle));
	$professionalresearch 	= mysql_real_escape_string(htmlentities($professionalresearch));
	$professionalwebsite 	= mysql_real_escape_string(htmlentities($professionalwebsite));
	$personalwebsite 		= mysql_real_escape_string(htmlentities($personalwebsite));
	$personalemail			= mysql_real_escape_string(htmlentities($personalemail));
	$professionalemail 		= mysql_real_escape_string(htmlentities($professionalemail));
	$aboutyourresearch 		= mysql_real_escape_string(nl2br(htmlentities($aboutyourresearch)));
	$aboutyourself			= mysql_real_escape_string(nl2br(htmlentities($aboutyourself)));
	$socialmedia			= mysql_real_escape_string(htmlentities($socialmedia));

	$sql = "UPDATE `users` SET
				`user_institution` = '{$institution}',
				`user_about institution` = '{$aboutinstitution}',
				`user_professional title` = '{$professionaltitle}',
				`user_professional research` = '{$professionalresearch}',
				`user_professional website` = '{$professionalwebsite}',
				`user_personal website` = '{$presonalwebsite}',
				`user_personal email` = '{$personalemail}',
				`user_professional email` = '{$professionalemail}',
				`user_about your research` = '{$aboutyourresearch}',
				`user_about yourself` = '{$aboutyourself}',
				`user_social media` = '{$socialmedia}'
			WHERE `user_id` = {$_SESSION['uid']}";
		
	mysql_query($sql);echo mysql_error();
		
}

?>