BetterPHP

Hi..

Up until now, I've succeed to follow the tutorial until the new conversation part where when i try to post to unknown or non-existing user, the message "The following user could not be found" won't appear. There are many errors message I've got.Now I'm really stuck and could you or anyone help me? I really appreciate your help =) Here I include my code

index.php

<?php
include('core/init.inc.php');
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html versions:-//w3c//DTD XHTML 1.1//EN" xmlns="http://www.w3.org/1999/xhtml"> 
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<link rel="stylesheet" type="text/css" href="ext/css/main.css" />
	<title>private Message</title>
</head>

<body>
	<div id="wrap">
    	<?php
		
		include($include_file);
		
		?>
        </div>
</body>
</html>

new_conversation.page.inc.php

<?php

if (isset($_POST['to'], $_POST['subject'], $_POST['body'])){
	$errors = array();
	
	
	echo mysql_error();
	if(empty($_POST['to'])){
		$errors[] = 'you must enter at least one name.';
	} else if (preg_match('%^[a-z, ]+$%i', $_POST['to']) === 0){
		$errors[] = 'the list of names you gave does not look valid.';
	}else{
		$user_names = explode(',', $_POST['to']);
		
		foreach ($user_name as &$name){
			$name = trim($name);
		}
		
		$user_ids = fetch_user_ids($user_names);
		
		if (count($user_ids) !== count($user_names)){
			$errors[] = 'the following user could not be found: '. implode(', ', array_diff($user_names, array_keys($user_ids)));
		}		
	}
	
	if(empty($_POST['subject'])){
		$errors[] = 'you must enter subject.';
	}

	if(empty($_POST['body'])){
		$errors[] = 'you must enter body.';
	}
	
	
	
	
	
	
	
	if(empty($errors)){
		//  
	}
}

if (isset($errors)){
	if (empty($errors)){
		echo '<div class="msg success">Your message has been sent 
		<a href="index.php?page=inbox"> Return to your inbox </a></div>';
		
	} else {
		foreach ($errors as $error){
			echo '<div class="msg error">', $error, '</div>';
		}
	}





}
?>

<form action="" method="post">

<div>
	<label for="to">To</label>
	<input type="text" name="to" id="to" value="<?php if (isset($_POST['to'])) echo htmlentities($_POST['to']); ?>"/>
</div>

<div>
	<label for="subject">Subject</label>
	<input type="text" name="subject" id="subject" value="<?php if (isset($_POST['subject'])) echo htmlentities($_POST['subject']); ?>" />

</div>

<div>
	<textarea name="body" rows="20" cols="110"><?php if (isset($_POST['body'])) echo htmlentities($_POST['body']); ?></textarea>
</div>
<div>
	<input type="submit" value="Send" />
</div>

</form>

user.inc.php

<?php
//check username and password combination
function validate_credentials($user_name, $user_password){
	$user_name = mysql_real_escape_string($user_name);
	$user_password = sha1($user_password);

	$result = mysql_query("SELECT user_id FROM users WHERE user_name = '$user_name' AND user_password = '$user_password' ");
	
	echo mysql_error();
	if (mysql_num_rows($result) != 1){
		return false;
	}
	return mysql_result($result, 0);
}

function fetch_user_ids($user_names){
	foreach ($user_names as &$name){
		$name = mysql_real_escape_string($name);
	}
	
	$result = mysql_query("SELECT user_id, user_name FROM user WHERE user_name IN ('" . implode("','", $user_names) . "')");
	
	$names = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false){
		$name[$row['user_name']] = $row['user_id'];
	}
	
	return $names;
}
?>

inbox.page.inc.php

 <div class="actions">
	<p> Welcome..</p>
    <a href="index.php?page=new_conversation">New conversation</a>
    <a href="index.php?page=logout">Logout</a>
</div>

init.inc.php

<?php
$core_path = dirname(__FILE__);
if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php",scandir("{$core_path}/pages")) == false){
	header('HTTP/1.1 404 Not Found');
	header('Location: index.php?page=inbox');
	die();
}
session_start();
mysql_connect("localhost","root","") or die ("Couldn't connect!");
mysql_select_db("private_message_system") or  die ("Couldn't find db!");
include("{$core_path}/inc/user.inc.php");

if (isset($_POST['user_name'], $_POST['user_password'])){
	if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) !== false){
		$_SESSION['user_id'] = $user_id;
	header('Location: index.php?page=inbox');	
	die();
	}   
}

if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
	header('HTTP/1.1 403 forbidden');
	header('Location: index.php?page=login');
	die();
}
$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
echo $include_file;
?>

login.page.inc.php

<h1>Login</h1>
<?php
if (isset($_POST['user_name'], $_POST['user_password'])){
	echo 'Login Failed';
}
?>

<form action="index.php?page=login" method="post">
	<div>
    	<label for="user_name">Name</label>
    	<input type="text" name="user_name" id="user_name" />
     </div>
     <div>
     
     	<label for="user_password">Password</label>
     	<input type="password" name="user_password" id="user_password" />
     </div>
     
      <div>
     	<input type="submit" value="login"/>
     </div>
     
</form>

logout.page.inc.php

<?php
session_destroy();
?>

<div class="msg success"> You have logout.</div>

Try removing one of the equal signs on line 21 in new_conversation.page.inc.php.

if (count($user_ids) !== count($user_names)){

Yes I've tried but still not working..huhuhu..

try echoing mysql_error(); under the query on line 21 in user.inc.php

It could be an error with the SQL query. I see you removed all backticks, not just those around variable names.
You're still supposed to have those around the row names.

Yes I've got it....heee.. The coding is working. Thank you so much =D

was that the problem? If not, please share the solution.

yes,the problem is at the sql query.. hehhe..but now there is a new problem..hahaha