BetterPHP

What URL do you get sent to after clicking on one of the links ?

If you add

[syntax=php]var_dump(fetch_users());[/syntax]
somewhere, do you get the ids from that ?

hmm...

can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.

the error_reposting() line should be the first thing in the script

Well that tells you that you can remove the session_start line

But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.

Try setting error_reporting to E_ALL for this file.

It's probably nothing, but in Line 50 [syntax=php]<?php $_GET['$uid']; [/syntax]

Is it supposed to have a $ in it? :S

nevermind, i think i had the wrong end of the stick lol

jacek wrote:Try setting error_reporting to E_ALL for this file.

Please try this.

On the page that shows the error, do you have a uid variable in the URL ?

on the latest pages you have there, you are calling for $user['acc_id'] when you are setting it as $user['id']

That one is straight forward enough.

I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.

uhshosting wrote:no ever since i done the e_all on the one page i had an error on the account page that was trying to fix
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/thailand/public_html/account/core/user.inc.php on line 79

This is a SQL injection vulnerability, essentially, the quotes in the URL are being treated as part of the query, making it's syntax invalid.

uhshosting wrote:so my url is
http:/.com/account/admin/accounts/account.php?uid=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20index:%20%20acc_id%20in%20%3Cb%3E/home/public_html/account/admin/accounts/index.php%3C/b%3E%20on%20line%20%3Cb%3E51%3C/b%3E%3Cbr%20/%3E

the undefined index here means that the link you are clicking uses a variable that is not defined, as the person above this said

uhshosting wrote:thank you i got it working.

Good news, but you also need to make sure you address

jacek wrote:This is a SQL injection vulnerability

Depending on how this is used in the query somebody may be able to use it to steal all of your data.

my SQL injection one should tell you how :