Mr_CHISOL

First you need to encrypt the passwords in the db, both when you add a new user and when the user or admin changes a password.Then you need to encrypt the password on login.To encrypt the password you can use either md5() or sha1().If you use md5() the login would look something like this:// Define $myusername and $mypassword$myusername = $_POST['myusername'];$mypassword = md5( $_POST['mypassword'] ); // Encrypt using md5$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result = mysql_query( $sql ); When inserting/updateing user-info, make sure you encrypt the password in the same way...

Hi!You should use session_start() and the $_SESSION variable/array.Here's how it could look, using your code.Note: You should encrypt the password. I renamed login_success.php to loggedin.php as I thought it was unnessary to have a page just for telling the user that the login was successful, that can be done on the same page that shows the content, menu or whatever you have behind the login...You could also move it all into one file, it would be a bit harder to do, but you get one file and a better logic...Here's the code:main login form on main_login.php: <?php// Start sessionsession_start();// Check if the user already is logged inif ($_SESSION['loggedin'])) { header( 'Location: loggedin.php' ); exit();}?><form name="form1" method="post" action="checklogin.php"><input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword"><input type="submit" name="Submit" value="Login"></form> checklogin.php: <?php// Start sessionsession_start();// Check if the user already is logged inif ($_SESSION['loggedin'])) { header( 'Location: loggedin.php' ); exit();}ob_start();$host = "localhost"; // Host name$username = ""; // Mysql username$password = ""; // Mysql password$db_name = "test"; // Database name$tbl_name = "members"; // Table name// Connect to server and select databse. /** NOTE: you don't need the quots **/mysql_connect( $host, $username, $password ) or die("cannot connect");mysql_select_db( $db_name ) or die("cannot select DB");// Define $myusername and $mypassword$myusername = $_POST['myusername'];$mypassword = $_POST['mypassword'];/** NOTE: You should encrypt the password with either md5() or sha1() **/$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result = mysql_query( $sql );// Mysql_num_row is counting table row$count = mysql_num_rows( $result );// If result matched $myusername and $mypassword, table row must be 1 rowif ($count == 1) { // Register $myusername, $mypassword and redirect to file "login_success.php" /*** Not sure on what you were doing here, but this should work fine... ***/ $_SESSION['loggedin'] = true; $_SESSION['username'] = $myusername; // No real need to save the password header( "location: loggedin.php?w=loginsuccess" );} else { echo "Wrong Username or Password";}ob_end_flush();?> loggedin.php: <?php// Start sessionsession_start();// Check if the user already is logged inif ((!isset( $_SESSION['loggedin'] )) || (!$_SESSION['loggedin'])) { header( 'Location: main_login.php' ); exit();}?><html><body><?php// Menu etc// Status messages (as login success, new messages, item deleted etc...)if ((isset( $_GET['w'] )) && ($_GET['w'] == 'loginsuccess')) { echo "Login Successful<br />\n";}?></body></html> Hope that helped...God Luck and Don't Panic!

Just add the "label" before the value.Like this: $message = 'Lastname: ' . $_POST['lastname'] . "\n\r";$message .= 'Firtstname: ' . $_POST['firstname'] . "\n\r";... Good Luck and Don't Panic!

Hi!Try this echo "<a href=\"java script: popuponclick( '" . $row['ProviderList'] ."' )\">Open Popup Window</a>"; Good Luck and Don't Panic!

I'm not sure on what you mean the problem is, but if you want to remove tags from the values you can strip the tags like this: echo "<tr>"; echo "<td>" . preg_replace( '/<(.*)>/', '', $info['skill'] ) . "</td>"; echo "<td>" . preg_replace( '/<(.*)>/', '', $info['rank'] ) . "</td>"; echo "<td>" . preg_replace( '/<(.*)>/', '', $info['level'] ) . "</td>"; echo "<td>" . preg_replace( '/<(.*)>/', '', $info['xp'] ) . "</td>"; echo "</tr>";

How do you name the checkboxes?If they have a name like item[] or product[] you get them as an array and can use this: $item_count = count($_POST['item']; If you have named them item1, item2, item3 etc it gets a little bit trickier, you need to use a for loop like this (there's probably a better way to do this): $item_count = 0;for ($i = 1; $i <= 100; $i++) { if (isset($_POST['item'.$i])) $item_count++;} Good Luck and Don't Panic! :?)

You wouldn't need an action (it's not wrong to add it), as without an action the formdata is sent to the same page when submitted, which is how the script should be used..I can't find any problem with your code. And the only question that raises is what the value of the "constant" AdminMail is, and if it's valid.Good Luck and Don't Panic!

Hi!Try using $_GET['id'] instead of $r['id'], as $r isn't set (you set it bellow) Not: $news = mysql_query("SELECT * FROM news WHERE `id` = '".$r['id']."' ") or die(mysql_error()); $r = mysql_fetch_array($news);---Like this: $news = mysql_query("SELECT * FROM news WHERE `id` = ".$_GET['id']." ") or die(mysql_error()); $r = mysql_fetch_array($news); Where do you get $news from?No need for quotes (') around the id btw..Good Luck and Don't Panic!

Hi!To keep the result to 12 you need to use LIMIT in your SQL MySQL Manual - Select (search for limit...) (There's alot of page-scripts outhere..)Ex: $start = (intval($_GET['page']) - 1) * 12$query = "SELECT * FROM tbl LIMIT $start,12"; Here's a short and real example of pagination: $post_count = ??; //Get the total count in the tablefor( $p = 0; $p < ($post_count / 12); $p++) { if ($p == $_GET['page']) { $tag1 = '<span class="bold">'; $tag2 = '</span>'; } else { $tag1 = '<a href="?page='.$p.'">'; $tag2 = '</a>'; } echo $tag1 . $p . $tag2;} To output 3 times 4 "cells" you could use something like this: // Start at zero$count = 0;// Go thru the rowswhile( $row = mysql_fetch_assoc( $res )) { // If it's a new row, add tr if ($count == 0) echo "<tr>\n"; echo "<td>"; .... echo "</td>\n"; // Count cells... $count++; // It was the last cell on this row if ($count == 3) { // end tr echo "</tr>"; // Reset count $count = 0; }}// If there was less than 12 (or three on a row)if ($count > 0) [ // Add a spanning "dummy cell" echo '<td colspan="'.(3-$count).'"> </td>'; echo "</tr>\n";} Hope that helpedGood Luck and Don't Panic!

EDIT:: Sorry: didn't read the last line in trey's post, but this is still true :?(There's selfextracting files for linux too, but not the same as in windows (which justsomeguy described).I have seen (among others) Sun use this for java-installations. They could look different depending how they are built (compiled or script), but most of them is just in the same way (run them).Some of these could be a problem as some are interactive (the java-installation shows a license with less and ask some questions) and I don't now a way to solve that with PHP, then you need shell-access.You could ignore this, but I wont remove it... :?)But there shouldn't be a problem if the script doesn't need user-input, take a look at shell_exec() or exec() to run the file. To upload it there's a lot of tutorials and examples outthere...Another edit:Not sure on this but unzip (a linux command) could (don't hold this against me, i'm guessing) be able to extract from self-extracting files.Then you always could extract it on your computer and then "re-zip it" and upload it as a normal zip-file...Hope that helped..Good Luck and Don't panic!

justsomeguy has perfectly right, BUT if you have exit or die in the after you've echoed youre error message (as I have stated before...) this shouldn't be a problem, as then the script would either exit before the call to header (if there's something wrong with the name/ip) or don't include that file (if everything is ok, and then there would be no problem and no error... :?)

HI!To get values from a form you need to use $_POST, Example (get a value from a field called name): <?php echo $_POST['name']; // Here we just echo it out to the browser...?> What you do with the values depends on what you want to do...It's hard to give good examples without more info.You could then save the information to an db, textfile or use a form and hidden fields to keep the data to the next (mailing) page.Then you can use mail() to send the email.Hope that helped some, if you need more help, just ask. :?)Good Luck and Don't Panic!

Welcome, <?php echo $_SESSION['user'] ?>

The only problem (I can find) with that code is that you don't have an exit or die after the echo when you checked the username and ip.This means that if the username is admin (or one of the others) and the ip isn't correct the script will echo the error message (Sorry, you can't use this name...) and then go on with adding it to the db and calling header() (which would generate the error...).

The problem is still there, it just don't show the error.It's like if you get morphin when you broken your leg; it don't hurt, but the leg is still broken... :?)You get that error if you have outputted something (with echo...) before you called header, when php get's the first "real output" it sends an ""end of header"" to the browser to let it know that it should expect some output that should be displayed.This is why you get that error, so somewhere in your code you have an echo-statement that's called before header().Can't find it in the code you posted, could be that you have some text (spaces, newlines or whatever) before the php-block (<?php)Try to remove those in such case.Then it should work...

I wrote this small test from your code: <?php$ip = "127.0.0.1";$admin_ip = "127.0.0.1";$name = 'jon';$admin_accs = array('Jon','admin','jon','Admin');if ( in_array ($name, $admin_accs ) && ($ip != $admin_ip) ) echo "no\n";else echo "yes\n";?> I tested different values on both ip and name and it works fine.Are your shure that you have the right IP?

Hi!I think this is your problem:You are setting the variables (ip, username and post) after you do the checking <?phpif(!isset($_POST['submit'])){ include("form_mess.php"); include("show_mess.php");} else { // Start of new block // The variables... $ip = $_SERVER['REMOTE_ADDR']; $username = $_POST['username']; $post = $_POST['post']; if(empty( $username )) { include("form_mess.php"); echo "<div align=\"center\" style=\"color:#FF0000; font-size:12px; font-weight:normal; font-style:normal; font-variant:normal;\">Error: Please Fill In Your First Name</div><br /><br />"; } elseif(empty( $post )) { include("form_mess.php"); echo "<div align=\"center\" style=\"color:#FF0000; font-size:12px; font-weight:normal; font-style:normal; font-variant:normal;\">Error: Please Fill In Your Post</div><br /><br />"; } else { $admin_ip = "My Ip Address goes here"; $admin_accs = array('Jon','admin','jon','Admin'); if ( in_array ($name, $admin_accs ) and $ip != $admin_ip ) { die ("Error: Your not allowed to use this User Name. Please use a different one."); } include("config_mysql.php"); $query = "INSERT INTO mess VALUES(null, '$ip','$username','$post')"; mysql_query($query) or die("Database error. Please contact admin."); //Reload Page to show updated post header("Location: [url="http://reviewgaming.com/mess1.php&quot%3b%29;"]http://reviewgaming.com/mess1.php");[/url] }} // End of new block?> Hope that helped..Good Luck and Don't Panic!

Hi!The script shouldn't keep running, it should halt when you closed your connection (client).If you have SSH-access or something like that you could connect and see if it was still running or you could send a mail to the host and talk to them.But i doubt that it should keep running...Good Luck and Don't Panic!:?)

You don't need to use div's and sertainly not "display: none" to make such menus (I think the 2nd article mentions why that's bad..), take a look at these links:Horizontal doropdownsSuckerfish <-- personal favoriteGood Luck and Don't Panic!

Hi!Take a look at this: <?phpif (!isset($_GET['id'])) { header( 'Location: index.php?id=1' ); exit();}?> That should work fine, if you use forms and have a server/host that don't support POST and GET on the same time, you can use this <?phpif (!isset($_REQUEST['id'])) { header( 'Location: index.php?id=1' ); exit();}?> Hope that helped..Good Luck and Don't Panic!

Hi!Change this: $res= mysql_query("UPDATE TABLE news SET title='$title' WHERE story_id='1'"); to this: $res= mysql_query("UPDATE news SET title='$title' WHERE story_id='".$_POST['id']."'"); (No TABLE and not a static id...)That should work fine..Good Luck and Don't Panic!

I think we just solved this over MSN ;?)EDIT:Posted at the same time as Grapp :?)

Hi!First, the code from mihalism works and there's no problems with it.But (as a "note") you could skip the "concating operators" (the dots) and just use the variable right in the string (as you had done), but only when using double-quotes.Take a look at this example: $Hello = 'Hey';echo $Hello.', what's up?'."\n";echo '$Hello what's up?'."\n";echo $Hello.", what's up?\n";echo "$Hello, what's up?\n";// This is what that would output:Hey, what's up?$Hello, what's up?Hey, what's up?Hey, what's up? Second, Why do you create on table for each category. I wouldn't do like that.I would have two tables one for the categories and one for the articles.In the article-table you have a column with the id of the catagory.Then simply cross-refference the two tables or just use the categorie id from ex. GET or POST.One problem I can see with your design is that you use a name as reference which, among other things, can be misspelled.Then you would have problems with listing the categories, I don''t know a way to loop thru tables, for instance...God Luck and Don't Panic!

Generally a 3rd party script (or 3rd party component...) is something that comes from an "external developer".Ex:When using M$ Windows you often use 3rd party software, such as OpenOffice.org, Firefox, ZoneAlarm etc.3rd party software is in that case simply software not developed by M$...What Yahoo means by "3rd party script" doesn't seem to be the same as the general one; as almost every script you install/use on your website can be viewed as 3rd party from Yahoo's point of view...That they don't support 3rd party scripts seems to me that they don't support yours (or any anyone elses scripts), only scripts from Yahoo, which would be strange (but maybe not Too suprising)...Hope that cleared some things up for you.Good Luck and Don't Panic!

You don't output the image in anyway, use imagejpeg() it can output to both the browser and file...Good Luck and Don't Panic!