Need Help with my website.....

Ask about a PHP problem here.
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Need Help with my website.....

Post by jaysus7 »

i don't know what is wrong it won't let me log in and it won't delete my email from the db when i "activate" my registration? please help.... i am using a go daddy database and hosting account?....

init file.....

<?php

session_start ();

$exceptions = array ('sign up1', 'index', 'activate');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

mysql_connect("phplogin113.db.8811650.hostedresource.com","phplogin113","Hookups1");
mysql_select_db("phplogin113");

$path = dirname(__FILE__);

include ("{$path}/inc/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['passwords']) && isset($_SESSION['username']) === false){
	if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
		$_SESSION['username'] = htmlentities($_COOKIE['username']);
	
		setcookie('username', $_COOKIE['username'], time() + 604800);
		setcookie('password', $_COOKIE['password'], time() + 604800);
	
	}

}

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: index.php');
		die();
	}

}

?>


user.inc. file....
<?php
//check if given username exsists in the database
function user_exsists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
	 
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
// checks to see is user account is active
	function is_active($user){
		$user = mysql_real_escape_string($user);
		
		$sql = "SELECT
					COUNT (`activations`.`user_id`)
				FROM`users`
				INNER JOIN `activations`.`user_id`
				ON `users`.`user_id` = `activations`.`user_id`
				WHERE `users`.`user_username` = '{$user}'";
				
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
	
		
}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");

}

//adds a user to the database
function add_user($user, $email, $pass){
	$user	= mysql_real_escape_string(htmlentities($user));
	$email	= mysql_real_escape_string($email);
	$pass	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid =implode('', array_rand($charset, 10)); 
	
	$body =	<<<EMAIL
	
	Thank you for signing up with knowquest. To activate your account, please click the link below
	
	http://www.jasonmassieportfolio.com/activate.php?{$aid}
	
EMAIL;
	
	mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
	
	mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`) VALUES ('{$user}', '{$email}', '{$pass}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
	
}
?>

activate file....

<?php

include('core/init.inc.php');

if (isset($_GET['aid'])){
	activate_account($_GET['aid']);
	
	}
?>
register file.....

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['confirm_password'])){
	if (empty ($_POST['username'])){
   $errors[] = 'The username cannot be empty!';	
}

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
	$errors[] = 'The email address you entered does not seem to be valid';
	
}

if (empty ($_POST['password']) || empty($_POST['confirm_password'])){
	$errors[] = 'The password cannot be empty!';
}

if ($_POST['password'] !== $_POST['confirm_password']){ 
   $errors[] = 'The password Varifacation failed!';
   
}

if (user_exsists($_POST['username'])){
    $errors[] = 'The username you entered is already taken!';
	
}

if (empty($errors)){
	add_user($_POST['username'], $_POST['email'], $_POST['password']);
	  $errors[] = 'You have been regiserd, check your email!';
	header('Location: protected.php');
	die();
	
	}

}

?>

<?php
	
	if (empty($errors) === false );{
	
	?>
    <ul>
    <?php
	
	foreach ($errors as $error){
		echo "<li>[$error]</li>";
	}
	
	?>
    </ul>
    <?php
    
    }
    
    ?>



please help me with this...... what did i miss....
Last edited by jacek on Thu Feb 23, 2012 11:02 pm, edited 1 time in total.
Reason: code tags...
Just a helpless cause!!!!
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Need Help with my website.....

Post by jacek »

First thing I noticed
if (empty($errors) === false );{
There should be no ; near the end of this line.
$errors[] = 'You have been regiserd, check your email!';
That isn't an error :?


Now, what do you mean it won't let you log in ? Do you get any errors ? What actually happens ?
Image
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

it just says incorrect password and username ... but i know its correct!! no matter what i type in that echo error always pop up
Just a helpless cause!!!!
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

That isn't an error
it doesn't delete it from the activations table like it is supposed too....
}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");
echo mysql_error();
}
Just a helpless cause!!!!
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Need Help with my website.....

Post by jacek »

Do you get any output from the mysql_error() function ? If not it must be that the activation Id in the table is not the same as the one in the URL or that the function is never being called for some reason.
Image
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

This is what i get??.....


FUNCTION phplogin113.COUNT does not exist
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/content/50/8811650/html/core/init/user.inc.php on line 35

Warning: Cannot modify header information - headers already sent by (output started at /home/content/50/8811650/html/core/init/user.inc.php:34) in /home/content/50/8811650/html/index.php on line 32


my user.inc code......

<?php

//check if given username exsists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;

}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
// checks to see is user account is active
	function is_active($user){
		$user = mysql_real_escape_string($user);
		echo mysql_error();
		$sql = "SELECT
					COUNT (`activations`.`user_id`)
				FROM `users`
				INNER JOIN `activations`
				ON `users`.`user_id` = `activations`.`user_id`
				WHERE `users`.`user_username` = '{$user}'";
				
	$result = mysql_query($sql);
	echo mysql_error();
	return (mysql_result($result, 0) == '0') ? true : false;
		
}
//acctivates the account related to the given activation code
function activate_account($aid){
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");

}

//adds a user to the database
function add_user($user, $email, $pass, $first, $last){
	$user		= mysql_real_escape_string(htmlentities($user));
	$email		= mysql_real_escape_string($email);
	$pass		= sha1($pass);
	$first		= mysql_real_escape_string(htmlentities($first));
	$last		= mysql_real_escape_string(htmlentities($last));
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid =implode('', array_rand($charset, 10)); 
	
	$body =	<<<EMAIL
	
	Thank you for signing up with knowquest. To activate your account, please click the link below
	
	http://www.jasonmassieportfolio.com/act ... ?aid={$aid}
	
EMAIL;
	
	mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
	
	mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`,`user_firstname`,`user_lastname`) VALUES ('{$user}', '{$email}', '{$pass}','{$first}','{$last}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");

}
?>
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

COUNT (`activations`.`user_id`)
there should not be a space between COUNT and ()
COUNT(`activations`.`user_id`)
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

Temor...Thank you so much!!! made it work lets see if it validates properly now!!!!

now it just lets you login in if you hit the submit button...none of the errors are working :s
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

what does your code for the login page look like?


I also noticed an error in protected.php.
Click here to see you portfolio!!
the link redirects to http://www.jasonmassieportfolio.com/mem ... ?uid={$uid}
{$uid} should not be visible :) You're probably forgetting to wrap it in php tags.
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

user id

<?php
//check if given username exsists in the database
function user_exsists($user){
        $user = mysql_real_escape_string($user);
       
        $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}'");
       
        return (mysql_result($total, 0) == '1') ? true : false;
       
}
//check if the given username and password combinations are valid
function valid_credentials($user, $pass){
        $user = mysql_real_escape_string($user);
        $pass = mysql_real_escape_string($pass);
       
        $total= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");
         
        return (mysql_result($total, 0) == '1') ? true : false;
       
}
// checks to see is user account is active
        function is_active($user){
                $user = mysql_real_escape_string($user);
               
                $sql = "SELECT
                                        COUNT (`activations`.`user_id`)
                                FROM`users`
                                INNER JOIN `activations`.`user_id`
                                ON `users`.`user_id` = `activations`.`user_id`
                                WHERE `users`.`user_username` = '{$user}'";
                               
        $result = mysql_query($sql);
       
        return (mysql_result($result, 0) == '0') ? true : false;
       
               
}
//acctivates the account related to the given activation code
function activate_account($aid){
        $aid = mysql_real_escape_string($aid);
       
        mysql_query("DELETE FROM `activations` WHERE `activation_code` = '{$aid}'");
 
}
 
//adds a user to the database
function add_user($user, $email, $pass){
        $user   = mysql_real_escape_string(htmlentities($user));
        $email  = mysql_real_escape_string($email);
        $pass   = sha1($pass);
       
        $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
        $aid =implode('', array_rand($charset, 10));
       
        $body = <<<EMAIL
       
        Thank you for signing up with knowquest. To activate your account, please click the link below
       
        http://www.jasonmassieportfolio.com/activate.php?{$aid}
       
EMAIL;
       
        mail($email, 'Your new account at Knowquest.com', $body, 'From: admin@knowquest.com');
       
        mysql_query("INSERT INTO `users` (`user_username`, `user_email`, `user_password`) VALUES ('{$user}', '{$email}', '{$pass}')");
       
        $user_id = mysql_insert_id();
       
        mysql_query("INSERT INTO `activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
       
}
?>


index/login

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty ($_POST['username'])){
		$errors[] = 'The username cannot be empty!';
	}
	
	if (empty ($_POST['password'])){
		$errors[] = 'The password cannot be empty!';
	}
	
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
		$errors[] = 'Username or Password incorrect!';
	}
	
	if (($errors) && is_active($_POST['username']) === false){
		$errors[] = 'This account has not yet been activated!';
	}
	
	if(($errors)){
	if (isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
		setcookie('username', $_POST['username'], time() + 604800);
		setcookie('password', sha1($_POST['password']), time() + 604800);
	}
	
	$_SESSION['username'] = htmlentities($_POST['username']);
	
	header('Location: protected.php');
	die();
	
	}
}

?>



<?php
	echo 'Need an account? <a href="sign up1.php">Sign Up </a>';
    if (empty($errors) === false){
	?>
    <ul>
    <?php
	foreach ($errors as $error){
		echo "<li>{$error}</li>";
		}
	?>
    </ul>
    <?php
	}
		
	?>
<?php

session_start ();

$exceptions = array ('sign up1', 'index', 'activate');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

mysql_connect("phplogin113.db.8811650.hostedresource.com","phplogin113","Hookups1");
mysql_select_db("phplogin113");

$path = dirname(__FILE__);

include ("{$path}/init/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false){
	if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
		$_SESSION['username'] = htmlentities($_COOKIE['username']);
	
		setcookie('username', $_COOKIE['username'], time() + 604800);
		setcookie('password', $_COOKIE['password'], time() + 604800);
	
	}

}

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: index.php');
		die();
	}

}

?>

i know this is wrong right lol....i hate being new!!!! you guys are helping so much!!!!!

<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php </br><a href='member1.php?uid={$uid}'>Click here</a> to see you portfolio!!?>
  
</p>
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

 if(($errors)){
        if (isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
                setcookie('username', $_POST['username'], time() + 604800);
                setcookie('password', sha1($_POST['password']), time() + 604800);
        }
what you're doing here is logging the user in if $errors is set, which it will be if there is any errors.

what you need to do is check if it's empty. To do that you wrap it in the empty() function, like this:
 if(empty($errors)){
Do things...
        }
<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php </br><a href='member1.php?uid={$uid}'>Click here</a> to see you portfolio!!?>
 
</p>
You need to echo the $uid variable like this:

<p>You are loged in as, <?php echo $_SESSION['username'];?>!!  <?php echo" </br><a href='member1.php?uid={$uid}; '>Click here</a> to see you portfolio!! ";?>
 
</p>
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

Temor you are saving my life right now you guys are amazing!!!!! ok so here is the next issue, btw the last thing...man I'm stupid i over looked that like 50 times ugh lol, anyways it still just says incorrect password / username???? and won't log me in...and i made sure they were correct!!!
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

A fairly common mistake is that the password length cap in your databse is too low. Sha1 produces a 40 character string. Make sure the password length cap is 40 as well.
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

Unknown column 'comments.total_comments' in 'field list'
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/50/8811650/html/coreblog/initblog/posts.inc.php on line 42


whats wrong with this code????


posts.inc.php



<?php

//checks if the given post id is in the table
function valid_pid($pid){
	$pid = (int)$pid;
	
	$total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
	$total = mysql_result($total, 0);

	if ($total != 1){
		return false;
	}else{
		return true;
	}
}

//festches a summery of all the blog posts
function get_posts(){
	$sql = "SELECT
				`posts`.`post_id` AS `id`,
				`posts`.`post_title` AS `title`,
				LEFT(`posts`.`post_body`, 512) AS `preview`,
				`posts`.`post_user` AS `user`,
				DATE_FORMAT(`posts`.`post_date`, '%d/%m/%Y %H:%i:%s') AS `date`,
				`comments`.`total_comments`,
				DATE_FORMAT(`comments`.`last_comment`, '%d/%m/%Y %H:%i:%s') AS `last_comment`
			FROM `posts`
			LEFT JOIN (
				 SELECT
				  `post_id`,
					COUNT(`comment_id`) AS `title_comments`,
					MAX(`comment_date`) AS `last_comment`
				FROM `comments`
				GROUP BY `post_id`
			) AS `comments`
			ON `posts`.`post_id` = `comments`.`post_id`
			ORDER BY `posts`.`post_date` DESC";
	
	$posts = mysql_query($sql);echo mysql_error();
	
	$rows = array();
	while (($row = mysql_fetch_assoc($posts)) !== false){
		echo mysql_error();
		$rows[] = array(
			 'id'					=> $row['id'],
			 'title'				=> $row['title'],
			 'preview'				=> $row['preview'],
			 'user'					=> $row['user'],
			 'date'					=> $row['date'],
			 'total_comments'		=> ($row['total_comments'] === null) ? 0 : $row['total_comments'],
			 'last_comment'			=> ($row['last_comment'] === null) ? 'never' : $row['last_comment']
		);
		
	}
	return $rows;
}

//fetches a single post from the table
function get_post($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
			`post_title` AS `title`,
			`post_body` AS `body`,
			`post_user` AS `user`,
			`post_date` AS `date`
		FROM `posts`
		WHERE `post_id` = {$pid}";
		
	$post = mysql_query($sql);
	$post = mysql_fetch_assoc($post);
	
	$post['comments'] = get_comments($pid);
	
	
	return $post;
}

//adds new blog entry
function add_post($name, $title, $body){
	$name 	= mysql_real_escape_string(htmlentities($name));
	$title 	= mysql_real_escape_string(htmlentities($title));
	$body 	= mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `posts` (`post_user`, `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$body}', NOW())");
echo mysql_error();
}


?>





Warning: Invalid argument supplied for foreach() in /home/content/50/8811650/html/blog_read.php on line 40




blog_read.php



<?php
include ("coreblog/initblog.php");

if(isset($_GET['pid'], $_POST['user'], $POST['body'])){
	if (add_comment($GET['pid'], $_POST['user'], $_POST['body'])){
		
		header("Location: blog_read.php?pid={$_GET['pid']}");
	}else{
		header('Location: blog_list.php');
	}
	die();
}

?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php

if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
	echo 'Invalid post ID.';
}else{
	$post = get_post($_GET['pid'])

	?>
    <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post['title']; ?></a></h2>
    <h4>By: <?php echo $post['user']; ?> on: <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>
    
    <hr />
    
    <p><?php echo $post['body']; ?></p>
    
    <hr />
    <?php
	
	foreach ($post['comments'] as $comment){
		?>
    
	 <h4>By: <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
     <p><?php echo $comment['body']; ?></p>
     <hr />
     <?php
	}

	?>
<form action="" method="post">
<p>
	<label for="user">Name</label>
    <input type="text" name="user" id="user" />
</p>
<p>
	<textarea name="body" rows="20" cols="60"></textarea>
</p>
<p>
	<input type="submit" value="Add Comment" />
</p>
</form>    
<?php

}

?>
</body>
</html>
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

where are you defining the get_comments() function?

Also, may I have a look at your database structure?
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.11%20AM.png[/img]
[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.27%20AM.png[/img]
[img]/Users/wite_out2/Desktop/Screen%20Shot%202012-03-09%20at%2011.13.38%20AM.png[/img]


i belive i am defining it in blog_read......

<?php
include ("coreblog/initblog.php");

if(isset($_GET['pid'], $_POST['user'], $POST['body'])){
	if (add_comment($GET['pid'], $_POST['user'], $_POST['body'])){
		
		header("Location: blog_read.php?pid={$_GET['pid']}");
	}else{
		header('Location: blog_list.php');
	}
	die();
}

?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php

if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
	echo 'Invalid post ID.';
}else{
	$post = get_post($_GET['pid'])

	?>
    <h2><a href="blog_read.php?pid=<?php echo $post['id']; ?>"><?php echo $post['title']; ?></a></h2>
    <h4>By: <?php echo $post['user']; ?> on: <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>
    
    <hr />
    
    <p><?php echo $post['body']; ?></p>
    
    <hr />
    <?php
	
	foreach ($post['comments'] as $comment){
		?>
    
	 <h4>By: <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
     <p><?php echo $comment['body']; ?></p>
     <hr />
     <?php
	}

	?>
<form action="" method="post">
<p>
	<label for="user">Name</label>
    <input type="text" name="user" id="user" />
</p>
<p>
	<textarea name="body" rows="20" cols="60"></textarea>
</p>
<p>
	<input type="submit" value="Add Comment" />
</p>
</form>    
<?php

}

?>
</body>
</html>
Just a helpless cause!!!!
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Need Help with my website.....

Post by Temor »

you can upload the pictures as an attachment if you click " Upload Attachment " under the submit button.

You're not creating the function in the file you posted.
I'm interested in where you're creating the function.
function get_comments(){

}
that part.
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

huh...me too lemme get back to you on that one haha
Attachments
Screen Shot 2012-03-09 at 11.13.38 AM.png
Screen Shot 2012-03-09 at 11.13.38 AM.png (165.68 KiB) Viewed 2110 times
Screen Shot 2012-03-09 at 11.13.27 AM.png
Screen Shot 2012-03-09 at 11.13.27 AM.png (89.61 KiB) Viewed 2110 times
Screen Shot 2012-03-09 at 11.13.11 AM.png
Screen Shot 2012-03-09 at 11.13.11 AM.png (88.96 KiB) Viewed 2110 times
Just a helpless cause!!!!
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

oh aha i found it.... i fixed the issue...however it isn't adding the comments now??
<?php

//fetches all the comments for a given blog post
function get_comments($pid){
	$pid = (int)$pid;
	
	$sql = "SELECT
				`comment_body` AS `body`,
				`comment_user` AS `user`,
				DATE_FORMAT(`comment_date`, '%d/%m/%Y %H:%i:%s') AS `date`
			FROM `comments`
			WHERE `post_id` = {$pid}";
	
	$comments = mysql_query($sql);echo mysql_error();
	
	$return = array();
	while (($row = mysql_fetch_assoc($comments)) !== false){
		$return[] = $row;
	}
		return $return;
}

//add a comment
function add_comment($pid, $user, $body){
	if (valid_pid($pid) === false){
		return false;
	}
	
	$pid	= (int)$pid;
	$user	= mysql_real_escape_string(htmlentities($user));
	$body	= mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `comments` (`post_id`, `comment_body`, `comment_user`, `comment_date`) VALUES ({$pid}, '{$body}', '{$user}', NOW())");echo mysql_error();

	return true;
	
}

?>
Just a helpless cause!!!!
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Need Help with my website.....

Post by jacek »

If you don't get any output from the mysql_error() it must be that the query is never running.

The first place I would look would be the valid_pid function since if that is returning false all of the time no comments would be added.
Image
User avatar
jaysus7
Posts: 95
Joined: Wed Feb 22, 2012 9:06 pm
Location: Canada

Re: Need Help with my website.....

Post by jaysus7 »

if i manually input the comment into the comments in the phpmyadmin it will show up but it won't add the comment itself more put it into the database????

the edit page does not seem to want to update the user profile. it fetches it from the database but it won't actually update it to the database, and show the errors array????

is there a way to interconnect each user to have there own blog and show up on there profile page???....
this is what i have....<?php echo "<a href='member1.php?uid={$_SESSION['uid']}'>Your Research</a>"; ?>

also what is the the link so you click it and it goes to thier actual profile page??


Edit
<?php

include ("core.user/init.inc.user.php");

if (isset($_POST['institution'], $_POST['aboutinstitution'], $_POST['professionaltitle'], $_POST['professionalresearch'], $_POST['professionalwerbsite'], $_POST['personalwebsite'], $_POST['personalemail'], $_POST['professionalemail'], $_POST['abotyourresearch'], $_POST['aboutyourself'], $_POST['socialmedia'])){
	$errors = array();

	if (filter_var($_POST['personalemail'], $_POST['professionalemail'], FILTER_VALIDATE_EMAIL) === false){
	$errors[] = 'The email address you entered is not valid.';

	}

	if (empty($errors)){
	set_profile_info($_POST['institution'], $_POST['aboutinstitution'], $_POST['professionaltitle'], $_POST['professionalresearch'], $_POST['professionalwebsite'], $_POST['personalwebsite'], $_POST['personalemail'], $_POST['professionalemail'], $_POST['abotyourresearch'], $_POST['aboutyourself'], $_POST['socialmedia']);
	
	}

	$user_info = array(
				'institution' 			=> htmlentities($_POST['institution']),
				'aboutinstitution' 		=> htmlentities($_POST['aboutinstitution']),
				'professionaltitle'		=> htmlentities($_POST['professionaltitle']),
				'professionalresearch'	=> htmlentities($_POST['professionalresearch']),
				'professionalwebsite' 	=> htmlentities($_POST['professionalwebsite']),
				'personalwebsite'		=> htmlentities($_POST['personalwebsite']),
				'personalemail'			=> htmlentities($_POST['personalemail']),
				'professionalemail'		=> htmlentities($_POST['professionalemail']),
				'aboutyourresearch'		=> htmlentities($_POST['aboutyourresearch']),
				'aboutyourself'			=> htmlentities($_POST['aboutyourself']),
				'socialmedia'			=> htmlentities($_POST['socialmedia'])
	);
}else{	
	$user_info = fetch_user_info($_SESSION['uid']);
}
	
?>

<?php
	
	if (isset($errors) === false){
		echo 'Click update to update your portfolio.';
	}else if (empty($errors)){
		echo 'Your portfolio has been updated';
	}else{
		echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
	}
	
	?>

<form action="" method="post" name="sign up">
  <table width="100%" border="0">
       <tr>
         <td width="23%"><label for='institution'>Institution:</label></td>
         <td width="77%"><input type="text" name="Institution" id="institution" value="<?php echo $user_info['institution']; ?>"></td>
       </tr>
    <tr>
        <td><label for='aboutinstituition'>About Instituition:</label></td>
        <td><textarea name"aboutinstitution" id="aboutinstitution" rows="15" cols="50"><?php echo strip_tags($user_info['aboutinstitution']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='professionaltitle'>Professional Title:</label></td>
        <td><input type="text" name="professionaltitle" id="professionaltitle" value="<?php echo $user_info['professionaltitle']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalresearch'>Professional Research:</label></td>
        <td><input type="textarea" name="professionalresearch" id="professionalresearch" value="<?php echo $user_info['professionalresearch']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalwebsite:'>Professional Website:</label></td>
        <td><input type="text" name="Professional Website" id="" value="<?php echo $user_info['professionalwebsite']; ?>"></td>
      </tr>
       <tr>
        <td width="23%"><label for='personalwebsites'>Personal Websites:</label></td>
        <td width="77%"><input type="text" name="personalwebsites" id="personalwebsites" value="<?php echo $user_info['persosnalwebsite']; ?>"></td>
    </tr>
    <tr>
        <td><label for='personalemail'>personal Email:</label></td>
        <td><input type="text" name="personalemail"id="personalemail"  value="<?php echo $user_info['persinalemail']; ?>"></td>
      </tr>
      <tr>
        <td><label for='professionalemail'>Professional Email:</label></td>
        <td><input type="text" name="professionalemail" id="professionalemail" value="<?php echo $user_info['professionalemail']; ?>"></td>
      </tr>
      <tr>
        <td><label for='aboutyourresearch'>About your Research:</label></td>
        <td><textarea name"aboutyourresearch" id="aboutyourresearch" rows="15" cols="50"><?php echo strip_tags($user_info['aboutyourresearch']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='aboutyourself'>Autobiography:</label></td>
        <td><textarea name"aboutyourself" id="aboutyourself" rows="15" cols="50"><?php echo strip_tags($user_info['aboutyourself']); ?></textarea></td>
      </tr>
      <tr>
        <td><label for='socialmedia'>Social Networking:</label></td>
        <td><input type="text" name="socialmedia" id="socialmedia" value="<?php echo $user_info['socialmedia']; ?>"></td>
      </tr>
      <tr>
        <td><label for='pictureid'>Picture Id:</label></td>
        <td><input type="file" name="pictureid" id="pictureid" value=""></td>
      </tr>
  </table>
  <p><br><br>
    <input type="submit" name="submit" value="Update">
  </p>
  
    </form>

User.init
<?php

//fetches all of the users from the table
function fetch_users(){
	$result = mysql_query("SELECT `user_id` AS `id`, `user_username` AS `username` FROM `users`");	
	echo mysql_error();
	$users = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false){
		$users[] = $row;
	}
	
	return $users;
}

//fetches profile info for given user
function fetch_user_info($uid){
	$uid = (int)$uid;
	
	$sql = "SELECT
				`user_username` AS `username`,
				`user_email` AS `email`,
				`user_firstname` AS `firstname`,
				`user_lastname` AS `lastname`,
				`user_institution` AS `institution`,
				`user_about institution` AS `aboutinstitution`,
				`user_professional title` AS `professionaltitle`,
				`user_professional research` AS `professionalresearch`,
				`user_professional website` AS `professionalwebsite`,
				`user_personal website` AS `personalwebsite`,
				`user_personal email` AS `personalemail`,
				`user_professional email` AS `professionalemail`,
				`user_about your research` AS `aboutyourresearch`,
				`user_about yourself` AS `aboutyourself`,
				`user_social media` AS `socialmedia`
			FROM`users`
			WHERE `user_id` = {$uid}";
			
			$result = mysql_query($sql);
			
			return mysql_fetch_assoc($result);
}

//updates current user portfolio info
function set_profile_info($institution, $aboutinstitution, $professionaltitle, $professionalresearch, $professionalwebsite, $presonalwebsite, $personalemail, $professionalemail, $aboutyourresearch, $aboutyourself, $socialmedia){
	$institution 			= mysql_real_escape_string(htmlentities($institution));
	$aboutinstitution 		= mysql_real_escape_string(nl2br(htmlentities($aboutinstitution)));
	$professionaltitle		= mysql_real_escape_string(htmlentities($professionaltitle));
	$professionalresearch 	= mysql_real_escape_string(htmlentities($professionalresearch));
	$professionalwebsite 	= mysql_real_escape_string(htmlentities($professionalwebsite));
	$personalwebsite 		= mysql_real_escape_string(htmlentities($personalwebsite));
	$personalemail			= mysql_real_escape_string(htmlentities($personalemail));
	$professionalemail 		= mysql_real_escape_string(htmlentities($professionalemail));
	$aboutyourresearch 		= mysql_real_escape_string(nl2br(htmlentities($aboutyourresearch)));
	$aboutyourself			= mysql_real_escape_string(nl2br(htmlentities($aboutyourself)));
	$socialmedia			= mysql_real_escape_string(htmlentities($socialmedia));

	$sql = "UPDATE `users` SET
				`user_institution` = '{$institution}',
				`user_about institution` = '{$aboutinstitution}',
				`user_professional title` = '{$professionaltitle}',
				`user_professional research` = '{$professionalresearch}',
				`user_professional website` = '{$professionalwebsite}',
				`user_personal website` = '{$presonalwebsite}',
				`user_personal email` = '{$personalemail}',
				`user_professional email` = '{$professionalemail}',
				`user_about your research` = '{$aboutyourresearch}',
				`user_about yourself` = '{$aboutyourself}',
				`user_social media` = '{$socialmedia}'
			WHERE `user_id` = {$_SESSION['uid']}";
		
	mysql_query($sql);echo mysql_error();
		
}

?>
Just a helpless cause!!!!
Post Reply