PHP page running SQL statement twice or incorrectly running it
I'm writing forum code and I've run into a very bizarre problem that I can't seem to figure out, it's driving me crazy.
Anyway, there's a part of the code where I run a SQL statement when a user views a topic that increments the counter for the times that topic has been viewed.
However, everytime the page is loaded, it increments the counter by two instead of one
The code in question:
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id;
You can see it in context of the rest of the page below. For the life of me I can't figure out why it's incrementing the topic_views field by two instead of one each time that query is run.
If I run the code elsewhere or in a query window, it increments the counter by one, properly.
Anyone have any ideas?
Very perplexing!
Anyway, there's a part of the code where I run a SQL statement when a user views a topic that increments the counter for the times that topic has been viewed.
However, everytime the page is loaded, it increments the counter by two instead of one
The code in question:
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id;
You can see it in context of the rest of the page below. For the life of me I can't figure out why it's incrementing the topic_views field by two instead of one each time that query is run.
If I run the code elsewhere or in a query window, it increments the counter by one, properly.
Anyone have any ideas?
Very perplexing!
<?php
include "../library/dbconnect.php";
include "../library/sessionhandler.php";
$userid = $_SESSION["userid"];
$topic_id = $_GET["id"];
if (!isset($topic_id))
{
mysql_close();
header ("Location:index.php");
exit();
}
$sql = "SELECT COUNT(*) ";
$sql .= "FROM forums_posts ";
$sql .= "WHERE topic_id = " . $topic_id;
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) == 0)
{
mysql_close();
header ("Location:index.php");
exit();
}
$sql = "SELECT f.forum_name, ";
$sql .= "t.* ";
$sql .= "FROM forums_forums f, ";
$sql .= "forums_topics t ";
$sql .= "WHERE t.forum_id = f.forum_id AND ";
$sql .= "t.topic_id = " . $topic_id;
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) == 0)
{
mysql_close();
header ("Location:index.php");
exit();
}
$forum_name = mysql_result($recordset, 0, "forum_name");
$forum_id = mysql_result($recordset, 0, "forum_id");
$topic_title = mysql_result($recordset, 0, "topic_title");
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id;
mysql_select_db($mysql);
mysql_query($sql);
$isadministrator = false;
if (isset($_SESSION["userid"]))
{
$sql = "SELECT administrator ";
$sql .= "FROM users ";
$sql .= "WHERE userid = " . $_SESSION["userid"] . " AND ";
$sql .= "administrator = -1";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) > 0)
{ $isadministrator = true; }
}
?>
<html lang="en">
<head>
<title>Find Your Geek | Forums | <?php echo $topic_title; ?></title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="../library/style.css" rel="stylesheet" type="text/css" media="screen, projection" />
<link href="library/forum.css" rel="stylesheet" type="text/css" media="screen, projection" />
<script type="text/javascript" src="../library/imagerollover.js"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<div align="center">
<?php include "../library/header.php" ?>
<?php include "../library/menu.php" ?>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
if (isset($_SESSION["errormessage"]))
{
$paddingtop = "";
?>
<tr>
<td style="padding-left:11px;padding-top:5px;" colspan="2">
<font color="red">
<b>
<?php echo $_SESSION["errormessage"]; ?>
</b>
</font>
</td>
</tr>
<tr><td style="padding-left:11px;padding-right:11px;" colspan="2"><hr size="1px" color="#ffc600"></td></tr>
<?php
}
else
{ $paddingtop = "padding-top:5px;"; }
?>
<tr>
<td style="width:380px;padding-left:11px;<?php echo $paddingtop; ?>">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=<?php echo $forum_id; ?>"><?php echo $forum_name; ?></a>
</td>
<td style="width:380px;padding-right:11px;padding-top:5px;" align="right"></td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;" colspan="2">
<font style="font-size:20px;font-weight:bold;">
<?php echo $topic_title; ?>
</font>
</td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=<?php echo $topic_id; ?>"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<?php
//Pagination
$page = $_GET["page"];
$limit = 25;
$select = "SELECT s.sessionid, ";
$select .= "u.displayname, ";
$select .= "u.avatar, ";
$select .= "u.title, ";
$select .= "u.signature, ";
$select .= "u.posts, ";
$select .= "u.hideonlinestatus, ";
$select .= "u.lastlogindatetime, ";
$select .= "u.administrator, ";
$select .= "p.* ";
$from = "FROM users u, ";
$from .= "forums_posts p ";
$from .= "LEFT JOIN sessions s ";
$from .= "ON p.poster_id = s.sessionuserid ";
$where = "WHERE p.poster_id = u.userid AND ";
$where .= "p.topic_id = " . $topic_id . " ";
$orderby = "ORDER BY post_time ";
$resultcount = mysql_query("SELECT COUNT(*) " . $from . $where);
if (mysql_num_rows($resultcount) > 0)
{
$totalrows = mysql_result($resultcount, 0);
$numofpages = ceil($totalrows / $limit);
if(empty($page))
{
$page = 1;
$limitvalue = 0;
}
else
{ $limitvalue = $page * $limit - ($limit); }
if ($page != 1)
{
$pageprev = $page - 1;
$previous = "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $pageprev . "\">« Prev</a>";
}
if ($numofpages > 1)
{
for ($count = 1; $count <= $numofpages; $count++)
{
if ($count == $page)
{ $pages .= $count . " "; }
else
{ $pages .= "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $count . "\">" . $count . "</a> "; }
}
}
if ($totalrows - ($limit * $page) > 0)
{
$pagenext = $page + 1;
$next = "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $pagenext . "\">Next »</a>";
}
}
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($select . $from . $where . $orderby . "LIMIT " . $limitvalue . ", " . $limit);
$postsrecordset = mysql_query($sql);
if ($numofpages == 0) { $numofpages = 1; }
echo mysql_num_rows($postsrecordset);
echo " ";
if (mysql_num_rows($postsrecordset) == 1)
{ echo "post"; }
else
{ echo "posts"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
</table>
<div style="height:5px;"></div>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
$count = 0;
while ($count < mysql_num_rows($postsrecordset))
{
if ($count % 2 == 1)
{ $trid = "topic_rowA"; }
else
{ $trid = "topic_rowB"; }
if ($count + 1 == mysql_num_rows($postsrecordset))
{ $borderbottom = "border-bottom:#ffc600 1px solid;"; }
else
{ $borderbottom = ""; }
?>
<tr id="<? echo $trid; ?>">
<td style="width:200px;border-top: #ffc600 1px solid;<?php echo $borderbottom; ?>padding: 11px 11px 11px 11px;" valign="top">
<?php
if (mysql_result($postsrecordset, $count, "avatar") != null)
{
echo "<a href=\"../profile.php?id=" . mysql_result($postsrecordset, $count, "poster_id") . "\">";
echo "<img src=\"" . mysql_result($postsrecordset, $count, "avatar") . "\" border=\"0px\">";
echo "</a><br />";
}
if (mysql_result($postsrecordset, $count, "administrator"))
{ echo "<a href=\"../administrators.php\"><img src=\"../images/administrator_esm.gif\" border=\"0px\"></a> "; }
echo "<a href=\"../profile.php?id=" . mysql_result($postsrecordset, $count, "poster_id") . "\">";
echo "<b>" . mysql_result($postsrecordset, $count, "displayname") . "</b>";
echo "</a><br />";
if (mysql_result($postsrecordset, $count, "title") != null)
{ echo mysql_result($postsrecordset, $count, "title"); }
//online / offline
echo "<table style=\"padding-top:15px;padding-bottom:15px;\" width=\"100%\" cellpadding=\"0px\" cellspacing=\"0px\">";
echo "<tr>";
if (mysql_result($postsrecordset, $count, "sessionid") == null)
{
echo "<td width=\"20px\">";
echo "<img src=\"../images/offline.gif\"> ";
echo "</td>";
echo "<td>";
echo "<font style=\"font-size:9px;color:#ff2f15\"><b>Offline</b></font>";
echo "</td>";
}
else
{
//add hidden code here
echo "<td width=\"20px\">";
echo "<img src=\"../images/online.gif\"> ";
echo "</td>";
echo "<td>";
echo "<font style=\"font-size:9px;color:#84ff15\"><b>Online</b></font>";
echo "</td>";
}
echo "</tr>";
echo "</table>";
echo "Posts: " . mysql_result($postsrecordset, $count, "posts");
?>
</td>
<td style="width:560px;border-top: #ffc600 1px solid;<?php echo $borderbottom; ?>border-left: #ffc600 1px solid;" valign="top">
<table width="100%" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-left:11px;padding-top:11px;">
<a name="p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"></a>
<font style="font-size:12px;">
<b>
<a href="#p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><?php echo mysql_result($postsrecordset, $count, "post_subject"); ?></a>
</b>
</font>
</td>
<td style="padding-right:11px;padding-top:5px;" align="right">
<a href="posting.php?mode=quote&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/quote_button_off.gif" srcover="images/quote_button_on.gif" border="0px"></a>
<?php
if (isset($_SESSION["userid"]))
{
if ($isadministrator || $_SESSION["userid"] == mysql_result($postsrecordset, $count, "poster_id"))
{
?>
<a href="posting.php?mode=edit&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/edit_off.gif" srcover="images/edit_on.gif" border="0px"></a>
<?php
}
if ($isadministrator)
{
?>
<a href="posting.php?mode=delete&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/delete_off.gif" srcover="images/delete_on.gif" border="0px"></a>
<?php
}
}
?>
</td>
</tr>
<tr><td colspan="2" style="height:5px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;">
<a href="#p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/post.gif" border="0px"></a> by
<a href="../profile.php?id=<?php echo mysql_result($postsrecordset, $count, "poster_id"); ?>"><b><?php echo mysql_result($postsrecordset, $count, "displayname") ?></b></a> on
<?php echo date("M d, Y g:i a", mysql_result($postsrecordset, $count, "post_time")) . " EST"; ?>
</td>
</tr>
<tr><td colspan="2" style="height:10px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;padding-right:11px;">
<!-- post text -->
<font style="font-size:1.2em;">
<?php
echo FormatBBCode(mysql_result($postsrecordset, $count, "post_text"), $count);
?>
</font>
<?php
if (mysql_result($postsrecordset, $count, "signature") != null)
{
?>
<br /><br />
<table style="width:100%;border-top:#ffc600 1px solid;" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-top:10px;padding-bottom:10px;">
<?php echo FormatBBCode(mysql_result($postsrecordset, $count, "signature")); ?>
</td>
</tr>
</table>
<?php
}
?>
</td>
</tr>
</table>
</td>
</tr>
<?php
$count++;
}
if ($previous || $pages || $next) {
?>
<tr id="header">
<td colspan="3" style="padding-left:11px;"><?php echo $previous; ?></td>
<td colspan="2" style="padding-right:11px;" align="right"><?php echo $next; ?></td>
</tr>
<?php } ?>
</table>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=<?php echo $topic_id; ?>"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<?php
echo mysql_num_rows($postsrecordset);
echo " ";
if (mysql_num_rows($postsrecordset) == 1)
{ echo "post"; }
else
{ echo "posts"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=<?php echo $forum_id; ?>"><?php echo $forum_name; ?></a>
</td>
<td></td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
</table>
<div style="height:5px;"></div>
<img src="../images/line.gif">
<p><?php include "../library/footer.php" ?></p>
</div>
</body>
</html>
<?php
unset($_SESSION["errormessage"]);
mysql_close();
function FormatBBCode($message)
{
$simple_search = array(
'/\:\)/is',
'/\;\)/is',
'/\:\(/is',
'/\:cool:/is',
'/\:mad:/is',
'/\:confused:/is',
'/\:shock:/is',
'/\:bigsmile:/is',
'/\:oops:/is',
'/\:roll:/is',
'/\:twisted:/is',
'/\:lol:/is',
'/\:neutral:/is',
'/\:drool:/is',
'/\:ninja:/is',
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[quote\](.*?)\[\/quote\]/is',
'/\[quote\=(.*?)\](.*?)\[\/quote\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is',
'/\[spoiler\](.*?)\[\/spoiler\]/is',
'/\[nsfw\](.*?)\[\/nsfw\]/is'
);
$simple_replace = array(
'<img src="../images/smileys/smile.gif">',
'<img src="../images/smileys/wink.gif">',
'<img src="../images/smileys/sad.gif">',
'<img src="../images/smileys/cool.gif">',
'<img src="../images/smileys/mad.gif">',
'<img src="../images/smileys/confused.gif">',
'<img src="../images/smileys/shock.gif">',
'<img src="../images/smileys/bigsmile.gif">',
'<img src="../images/smileys/oops.gif">',
'<img src="../images/smileys/eyeroll.gif">',
'<img src="../images/smileys/twisted.gif">',
'<img src="../images/smileys/laugh.gif">',
'<img src="../images/smileys/neutral.gif">',
'<img src="../images/smileys/drool.gif">',
'<img src="../images/smileys/ninja.gif">',
'<b>$1</b>',
'<i>$1</i>',
'<u>$1</u>',
'<a href="$1" target="_new">$1</a>',
'<a href="$1" target="_new">$2</a>',
'<img src="$1">',
'<table width="90%" style="background:#2a2a2a;border:1px solid #555555;padding-bottom:5px;" cellspacing="1px" cellpadding="3px" align="center"><tr><td style="font-size:11px;"><img src="images/quote.gif"></td></tr><tr><td style="font-size:12px;">$1</tr></table>',
'<table width="90%" style="background:#2a2a2a;border:1px solid #555555;padding-bottom:5px;" cellspacing="1px" cellpadding="3px" align="center"><tr><td style="font-size:11px;"><img src="images/quote.gif"> <b>$1 wrote:</b></td></tr><tr><td style="font-size:12px;">$2</tr></table>',
'<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/trim($1)"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>',
"<div style=\"margin-top:5px\"><div><font style=\"font-size:12px;\"><b>Spoiler:</b></font> <input type=\"button\" value=\"Show\" style=\"width:45px;font-size:10px;margin:0px;padding:0px;\" onclick=\"if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = '';this.innerText = '';this.value = 'Hide'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none';this.innerText = '';this.value = 'Show'; }\" /></div><div class=\"quotecontent\"><div style=\"display: none;\"><br />$1</div></div></div>",
"<div style=\"margin-top:5px\"><div><font style=\"font-size:12px;\"><b>NSFW:</b></font> <input type=\"button\" value=\"Show\" style=\"width:45px;font-size:10px;margin:0px;padding:0px;\" onclick=\"if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = '';this.innerText = '';this.value = 'Hide'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none';this.innerText = '';this.value = 'Show'; }\" /></div><div class=\"quotecontent\"><div style=\"display: none;\"><br />$1</div></div></div>"
);
$message = preg_replace ($simple_search, $simple_replace, $message);
return nl2br($message);
}
?>
ASKER
I added some auditing code and indeed, the view topics page is calling itself.
From where, I have no idea. I mean the only reference to itself is where I construct the pagination links and they don't even get run through a location command anywhere.
In fact, the only location commands run on the viewtopic page are redirects back to the index if there is URL manipulation.
I am totally lost here.
From where, I have no idea. I mean the only reference to itself is where I construct the pagination links and they don't even get run through a location command anywhere.
In fact, the only location commands run on the viewtopic page are redirects back to the index if there is URL manipulation.
I am totally lost here.
$sql = "INSERT INTO audit2 ";
$sql .= "SELECT '" . getenv('HTTP_REFERER') . "', ";
$sql .= time();
mysql_select_db($mysql);
mysql_query($sql);
$sql = "INSERT INTO audit ";
$sql .= "SELECT " . $topic_id . ", ";
$sql .= time();
mysql_select_db($mysql);
mysql_query($sql);
AUDIT
15 1201017251
15 1201017252
16 1201017306
16 1201017306
AUDIT 2 (first is the correct referer, 2nd is the page calling itself)
http://findyourgeek.com/forums/viewforum.php?id=5 1201017439
http://findyourgeek.com/forums/viewtopic.php?id=16 1201017440
http://findyourgeek.com/forums/index.php 1201017468
http://findyourgeek.com/forums/viewtopic.php?id=16 1201017468
http://findyourgeek.com/forums/viewforum.php?id=5 1201017525
http://findyourgeek.com/forums/viewtopic.php?id=16 1201017525
http://findyourgeek.com/forums/index.php 1201017561
http://findyourgeek.com/forums/viewtopic.php?id=15 1201017561
http://findyourgeek.com/forums/viewforum.php?id=13 1201017580
http://findyourgeek.com/forums/viewtopic.php?id=15 1201017580
http://findyourgeek.com/forums/viewforum.php?id=13 1201017596
http://findyourgeek.com/forums/viewtopic.php?id=15 1201017596
hang in there... at least we now know where to look. Let me look over your latest snippit for a bit.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You definitely found a logic flaw there in that if the user is navigating through a topic, it should not increment the counter. The counter should only be implemented if the user enters the topic.
What I did for that is add another query string parameter to the pagination links.
For next, I added &nav=next; for a page click within a topic, &nav=page and for previous, &nav=prev
So I grab that parameter when the page is loaded and only increment the counter if that variable is empty
if (empty($nav))
{
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id . " AND ";
$sql .= "forum_id = " . $forum_id;
mysql_select_db($mysql);
mysql_query($sql);
}
Still doesn't solve my original problem though and it's more wide spread than I originally thought.
I put that audit code in a few other pages and the result is the same, two rows are added per page load.
Yikes, I am majorly confused here.
Any code auditors for hire for this? =) ;)
What I did for that is add another query string parameter to the pagination links.
For next, I added &nav=next; for a page click within a topic, &nav=page and for previous, &nav=prev
So I grab that parameter when the page is loaded and only increment the counter if that variable is empty
if (empty($nav))
{
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id . " AND ";
$sql .= "forum_id = " . $forum_id;
mysql_select_db($mysql);
mysql_query($sql);
}
Still doesn't solve my original problem though and it's more wide spread than I originally thought.
I put that audit code in a few other pages and the result is the same, two rows are added per page load.
Yikes, I am majorly confused here.
Any code auditors for hire for this? =) ;)
How about showing some code snippits from the code that calls this script, ie viewforum.php and index.php?
I could use the work! But, let's first try to identify the problem. Then, once found, if you have a lot of changes to make, we can talk!
I could use the work! But, let's first try to identify the problem. Then, once found, if you have a lot of changes to make, we can talk!
ASKER
Ok, here is everything.
index.php
viewforum.php
viewtopic.php
And everything that is referenced in them, ready? ;)
I'll probably put a listing on Rent-a-coder but will wait to hear from you before I look at bids there.
index.php
viewforum.php
viewtopic.php
And everything that is referenced in them, ready? ;)
I'll probably put a listing on Rent-a-coder but will wait to hear from you before I look at bids there.
index.php
<?php
include "../library/dbconnect.php";
include "../library/sessionhandler.php";
if ($_SESSION['loggedin'] || $_GET['lo'] == 1)
{
if ($_COOKIE['loggedin_at'] == null)
{
header('Location: ../cookiecheck.php');
mysql_close();
exit();
}
}
$userid = $_SESSION["userid"];
?>
<html lang="en">
<head>
<title>Find Your Geek | Forums</title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="../library/style.css" rel="stylesheet" type="text/css" media="screen, projection" />
<link href="library/forum.css" rel="stylesheet" type="text/css" media="screen, projection" />
<script type="text/javascript" src="../library/imagerollover.js"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<div align="center">
<?php include "../library/header.php" ?>
<?php include "../library/menu.php" ?>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
if (isset($_SESSION["errormessage"]))
{
$paddingtop = "";
?>
<tr>
<td style="padding-left:11px;padding-top:5px;" colspan="5">
<font color="red">
<b>
<?php echo $_SESSION["errormessage"]; ?>
</b>
</font>
</td>
</tr>
<tr><td style="padding-left:11px;padding-right:11px;" colspan="5"><hr size="1px" color="#d5d5d5"></td></tr>
<?php
}
else
{ $paddingtop = "padding-top:5px;"; }
?>
<tr>
<td style="padding-left:11px;<?php echo $paddingtop; ?>" colspan="3"><a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a></td>
<td style="padding-right:11px;padding-top:5px;" colspan="2" align="right"></td>
</tr>
<tr><td style="padding-left:11px;padding-right:11px;" colspan="5"><hr size="1px" color="#d5d5d5"></td></tr>
<tr>
<td style="padding-left:11px;padding-bottom:5px;" colspan="3"><?php echo date("F j, Y g:i a ") . " EST"; ?></td>
<td style="padding-right:11px;padding-bottom:5px;" colspan="2" align="right"><a href="">Mark forums read</a></td>
</tr>
<?php
$sql = "SELECT f.*, ";
$sql .= "p.topic_id ";
$sql .= "FROM forums_forums f ";
$sql .= "LEFT JOIN forums_posts p ";
$sql .= "ON f.forum_last_post_id = p.post_id ";
$sql .= "ORDER BY sort_order";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
$count = 0;
while ($count < mysql_num_rows($recordset))
{
if (mysql_result($recordset, $count, "parent_id") == 0)
{
if ($count == 0)
{ $bordertop = "border-top: #ffc600 1px solid;"; }
else
{ $bordertop = ""; }
?>
<tr id="header">
<td colspan="2" style="padding-left:11px;<?php echo $bordertop; ?>border-bottom:#ffc600 1px solid;"><b><?php echo strtoupper(mysql_result($recordset, $count, "forum_name")); ?></td>
<td align="center" style="padding-left:5px;<?php echo $bordertop; ?>border-bottom:#ffc600 1px solid;"><b>Topics</b></td>
<td align="center" style="padding-left:5px;<?php echo $bordertop; ?>border-bottom:#ffc600 1px solid;"><b>Posts</b></td>
<td style="padding-left:5px;<?php echo $bordertop; ?>border-bottom:#ffc600 1px solid;"><b>Last Post</b></td>
</tr>
<?php
}
else
{
if (mysql_num_rows($recordset) == $count + 1)
{ $borderbottom = ""; }
else
{ $borderbottom = "border-bottom: #ffc600 1px solid;"; }
?>
<tr id="forum">
<td style="width:30px;padding-left:11px;<?php echo $borderbottom; ?>"><img src="images/newposts.gif" alt="New posts" title="New posts"></td>
<td style="width:385px;padding-left:5px;<?php echo $borderbottom; ?>">
<?php
echo "<a href=\"viewforum.php?id=" . mysql_result($recordset, $count, "forum_id") . "\"><font style=\"font-size:12px;font-weight:bold;\">" . mysql_result($recordset, $count, "forum_name") . "</font></a><br />";
echo "<font style=\"font-size:11px;\">" . mysql_result($recordset, $count, "forum_description") . "</font>";
?>
</td>
<td align="center" style="width:70px;padding-left:5px;<?php echo $borderbottom; ?>border-left: #ffc600 1px solid;"><?php echo mysql_result($recordset, $count, "forum_topics") ?></td>
<td align="center" style="width:70px;padding-left:5px;<?php echo $borderbottom; ?>border-left: #ffc600 1px solid;"><?php echo mysql_result($recordset, $count, "forum_posts") ?></td>
<td style="width:205px;padding-left:5px;<?php echo $borderbottom; ?>border-left: #ffc600 1px solid;">
<?php
if (mysql_result($recordset, $count, "forum_last_post_time") > 0)
{
$viewtopic = "<a href=\"viewtopic.php?id=" . mysql_result($recordset, $count, "topic_id") . "#p" . mysql_result($recordset, $count, "forum_last_post_id") . "\">";
$viewtopic .= "<img src=\"images/last_post.gif\" border=\"0px\" alt=\"View latest post\" title=\"View latest post\">";
$viewtopic .= "</a>";
echo "by ";
echo "<a href=\"../profile.php?id=" . mysql_result($recordset, $count, "forum_last_poster_id") . "\">" . mysql_result($recordset, $count, "forum_last_poster_name") . "</a> ";
echo $viewtopic . "<br />";
echo "on ";
echo date("M d, Y g:i a", mysql_result($recordset, $count, "forum_last_post_time")) . " EST";
}
else
{
echo " ";
}
?>
</td>
</tr>
<?php
}
$count ++;
}
?>
</table>
<img src="../images/line.gif">
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-top:5px;padding-left:11px;font-size:10px;font-weight:bold;">
<?php
$sql = "SELECT COUNT(*) totalmembers ";
$sql .= "FROM users";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$usersonlinerecordset = mysql_query($sql);
$totalmembers = mysql_result($usersonlinerecordset, 0, "totalmembers");
$sql = "SELECT COUNT(s.sessionuserid) membersonline ";
$sql .= "FROM sessions s, ";
$sql .= "users u ";
$sql .= "WHERE s.sessionuserid = u.userid AND ";
$sql .= "hideonlinestatus = 0 AND ";
$sql .= "TIMESTAMPDIFF(SECOND, sessiondatetime, now()) <= 300";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$usersonlinerecordset = mysql_query($sql);
$membersonline = mysql_result($usersonlinerecordset, 0, "membersonline");
$sql = "SELECT COUNT(s.sessionuserid) membersonline ";
$sql .= "FROM sessions s, ";
$sql .= "users u ";
$sql .= "WHERE s.sessionuserid = u.userid AND ";
$sql .= "hideonlinestatus = -1 AND ";
$sql .= "TIMESTAMPDIFF(SECOND, sessiondatetime, now()) <= 300";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$usersonlinerecordset = mysql_query($sql);
$hiddenmembersonline = mysql_result($usersonlinerecordset, 0, "membersonline");
$sql = "SELECT COUNT(*) membersonline ";
$sql .= "FROM sessions ";
$sql .= "WHERE sessionuserid = 0 AND ";
$sql .= "TIMESTAMPDIFF(SECOND, sessiondatetime, now()) <= 300";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$usersonlinerecordset = mysql_query($sql);
$guestsonline = mysql_result($usersonlinerecordset, 0, "membersonline");
$totalusers = $membersonline + $hiddenmembersonline + $guestsonline;
echo "We currently have <a href=\"../memberlist.php\">" . $totalmembers . "</a> members and ";
echo "there ";
if ($totalusers > 1 || $totalusers == 0)
{ echo "are "; }
else
{ echo "is "; }
echo $totalusers . " ";
if ($totalusers > 1 || $totalusers == 0)
{ echo "users "; }
else
{ echo "user "; }
echo "online :: ";
if ($membersonline > 0)
{
$head = "<a href=\"../whosonline.php\">";
$tail = "</a>";
}
else
{
$head = "";
$tail = "";
}
echo $head . $membersonline . $tail . " ";
if ($membersonline > 1 || $membersonline == 0)
{ echo "members, "; }
else
{ echo "member, "; }
echo $hiddenmembersonline . " hidden ";
if ($hiddenmembersonline > 1 || $hiddenmembersonline == 0)
{ echo "members, "; }
else
{ echo "member, "; }
echo "and ";
echo $guestsonline . " ";
if ($guestsonline == 0 || $guestsonline > 1)
{ echo "guests"; }
else
{ echo "guest"; }
?>
</b>
</td>
</tr>
<?php if ($membersonline > 0) { echo "<tr><td height=\"10px\"></td></tr>"; } ?>
<tr>
<td style="padding-bottom:5px;padding-left:11px;padding-right:11px;font-size:10px;">
<?php
if ($membersonline > 0)
{
//add hidden code here
echo "<b>Registered users: </b>";
$sql = "SELECT DISTINCT u.userid, ";
$sql .= "u.displayname, ";
$sql .= "u.administrator ";
$sql .= "FROM sessions s, ";
$sql .= "users u ";
$sql .= "WHERE s.sessionuserid = u.userid AND ";
$sql .= "hideonlinestatus = 0 AND ";
$sql .= "TIMESTAMPDIFF(SECOND, sessiondatetime, now()) <= 300 ";
$sql .= "ORDER BY u.displayname";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
$count = 0;
while ($count < mysql_num_rows($recordset))
{
if (mysql_result($recordset, $count, "administrator"))
{ echo "<a href=\"../administrators.php\"><img src=\"../images/administrator_esm.gif\" border=\"0px\"></a> "; }
echo "<a href=\"../profile.php?id=" . mysql_result($recordset, $count, "userid") . "\">";
echo mysql_result($recordset, $count, "displayname");
echo "</a>";
$count ++;
if ($count != mysql_num_rows($recordset)) { echo ", "; }
}
}
?>
</td>
</tr>
</table>
<img src="../images/line.gif">
<p><?php include "../library/footer.php" ?></p>
</div>
</body>
</html>
<?php
unset($_SESSION["errormessage"]);
mysql_close();
?>
viewforum.php
<?php
include "../library/dbconnect.php";
include "../library/sessionhandler.php";
if ($_SESSION['loggedin'] || $_GET['lo'] == 1)
{
if ($_COOKIE['loggedin_at'] == null)
{
header('Location: ../cookiecheck.php');
mysql_close();
exit();
}
}
$userid = $_SESSION["userid"];
$forum_id = $_GET["id"];
if (!isset($forum_id))
{
mysql_close();
header ("Location:index.php");
exit();
}
$sql = "SELECT * ";
$sql .= "FROM forums_forums ";
$sql .= "WHERE forum_id = " . $forum_id;
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) == 0)
{
mysql_close();
header ("Location:index.php");
exit();
}
$forum_name = mysql_result($recordset, 0, "forum_name");
$isadministrator = false;
if (isset($_SESSION["userid"]))
{
$sql = "SELECT administrator ";
$sql .= "FROM users ";
$sql .= "WHERE userid = " . $_SESSION["userid"] . " AND ";
$sql .= "administrator = -1";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) > 0)
{ $isadministrator = true; }
}
?>
<html lang="en">
<head>
<title>Find Your Geek | Forums | <?php echo $forum_name; ?></title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="../library/style.css" rel="stylesheet" type="text/css" media="screen, projection" />
<link href="library/forum.css" rel="stylesheet" type="text/css" media="screen, projection" />
<script type="text/javascript" src="../library/imagerollover.js"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<div align="center">
<?php include "../library/header.php" ?>
<?php include "../library/menu.php" ?>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
if (isset($_SESSION["errormessage"]))
{
$paddingtop = "";
?>
<tr>
<td style="padding-left:11px;padding-top:5px;" colspan="2">
<font color="red">
<b>
<?php echo $_SESSION["errormessage"]; ?>
</b>
</font>
</td>
</tr>
<tr><td style="padding-left:11px;padding-right:11px;" colspan="2"><hr size="1px" color="#ffc600"></td></tr>
<?php
}
else
{ $paddingtop = "padding-top:5px;"; }
?>
<tr>
<td style="width:380px;padding-left:11px;<?php echo $paddingtop; ?>">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<?php echo $forum_name; ?>
</td>
<td style="width:380px;padding-right:11px;padding-top:5px;" align="right"></td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;" colspan="2">
<font style="font-size:20px;font-weight:bold;">
<?php echo $forum_name; ?>
</font>
</td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=post&fid=<?php echo $forum_id; ?>"><img src="images/newtopic_off.gif" srcover="images/newtopic_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<?php
//Pagination
$page = $_GET["page"];
$limit = 50;
$select = "SELECT * ";
$from = "FROM forums_topics ";
$where = "WHERE forum_id = " . $forum_id . " ";
$orderby .= "ORDER BY topic_type DESC, ";
$orderby .= "topic_last_post_time DESC ";
$resultcount = mysql_query("SELECT COUNT(*) " . $from . $where);
if (mysql_num_rows($resultcount) > 0)
{
$totalrows = mysql_result($resultcount, 0);
$numofpages = ceil($totalrows / $limit);
if(empty($page))
{
$page = 1;
$limitvalue = 0;
}
else
{ $limitvalue = $page * $limit - ($limit); }
if ($page != 1)
{
$pageprev = $page - 1;
$previous = "<a href=\"viewforum.php?id=" . $forum_id . "&page=" . $pageprev . "\">« Prev</a>";
}
if ($numofpages > 1)
{
for ($count = 1; $count <= $numofpages; $count++)
{
if ($count == $page)
{ $pages .= $count . " "; }
else
{ $pages .= "<a href=\"viewforum.php?id=" . $forum_id . "&page=" . $count . "\">" . $count . "</a> "; }
}
}
if ($totalrows - ($limit * $page) > 0)
{
$pagenext = $page + 1;
$next = "<a href=\"viewforum.php?id=" . $forum_id . "&page=" . $pagenext . "\">Next »</a>";
}
}
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($select . $from . $where . $orderby . "LIMIT " . $limitvalue . ", " . $limit);
$topicsrecordset = mysql_query($sql);
if (mysql_num_rows($topicsrecordset) == 0)
{
if ($page != 1)
{
mysql_close();
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewforum.php?id=" . $forum_id . "\">";
exit();
}
}
if ($numofpages == 0) { $numofpages = 1; }
?>
<a href="">Mark topics read</a>
•
<?php
echo mysql_num_rows($topicsrecordset);
echo " ";
if (mysql_num_rows($topicsrecordset) == 1)
{ echo "topic"; }
else
{ echo "topics"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
</table>
<div style="height:5px;"></div>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr id="header">
<td colspan="2" style="padding-left:11px;border-top: #ffc600 1px solid;border-bottom: #ffc600 1px solid;"><b>TOPICS</b></td>
<td align="center" style="padding-left:5px;border-top: #ffc600 1px solid;border-bottom: #ffc600 1px solid;"><b>Replies</b></td>
<td align="center" style="padding-left:5px;border-top: #ffc600 1px solid;border-bottom: #ffc600 1px solid;"><b>Views</b></td>
<td style="padding-left:5px;border-top: #ffc600 1px solid;border-bottom:#ffc600 1px solid;"><b>Last Post</b></td>
</tr>
<?php if (mysql_num_rows($topicsrecordset) == 0) { ?>
<tr>
<td style="width:30px"></td>
<td style="width:385px"></td>
<td style="width:70px"></td>
<td style="width:70px"></td>
<td style="width:205px"></td>
</tr>
<tr>
<td style="height:50px;border-bottom: #ffc600 1px solid;" colspan="5" align="center">
There are no topics or posts in this forum
</td>
</tr>
<?php
}
else
{
$count = 0;
while ($count < mysql_num_rows($topicsrecordset))
{
if ($count % 2 == 1)
{ $trid = "forum_rowA"; }
else
{ $trid = "forum_rowB"; }
?>
<tr id="<?php echo $trid; ?>">
<td style="width:30px;padding-left:11px;border-bottom: #ffc600 1px solid;">
<?php
if (mysql_result($topicsrecordset, $count, "topic_type") == 0)
{
?>
<img src="images/newposts.gif" alt="New posts" title="New posts">
<?php
}
else
{
?>
<img src="images/newposts_sticky.gif" alt="New posts" title="New posts">
<?php
}
?>
</td>
<td style="width:385px;padding-left:5px;border-bottom: #ffc600 1px solid;">
<?php
echo "<a href=\"viewtopic.php?id=" . mysql_result($topicsrecordset, $count, "topic_id") . "\"><font style=\"font-size:12px;font-weight:bold;\">" . mysql_result($topicsrecordset, $count, "topic_title") . "</font></a><br />";
echo "by ";
echo "<a href=\"../profile.php?id=" . mysql_result($topicsrecordset, $count, "topic_first_poster_id") . "\">" . mysql_result($topicsrecordset, $count, "topic_first_poster_name") . "</a> ";
echo "on ";
echo date("M d, Y g:i a", mysql_result($topicsrecordset, $count, "topic_time")) . " EST";
?>
</td>
<td style="width:70px;padding-left:5px;border-bottom: #ffc600 1px solid;border-left: #ffc600 1px solid;" align="center">
<?php
echo mysql_result($topicsrecordset, $count, "topic_replies");
?>
</td>
<td style="width:70px;padding-left:5px;border-bottom: #ffc600 1px solid;border-left: #ffc600 1px solid;" align="center">
<?php
echo mysql_result($topicsrecordset, $count, "topic_views");
?>
</td>
<td style="width:205px;padding-left:5px;border-bottom: #ffc600 1px solid;border-left: #ffc600 1px solid;">
<?php
$viewtopic = "<a href=\"viewtopic.php?id=" . mysql_result($topicsrecordset, $count, "topic_id") . "#p" . mysql_result($topicsrecordset, $count, "topic_last_post_id") . "\">";
$viewtopic .= "<img src=\"images/last_post.gif\" border=\"0px\" alt=\"View latest post\" title=\"View latest post\">";
$viewtopic .= "</a>";
echo "by ";
echo "<a href=\"../profile.php?id=" . mysql_result($topicsrecordset, $count, "topic_last_poster_id") . "\">" . mysql_result($topicsrecordset, $count, "topic_last_poster_name") . "</a> ";
echo $viewtopic . "<br />";
echo "on ";
echo date("M d, Y g:i a", mysql_result($topicsrecordset, $count, "topic_last_post_time")) . " EST";
?>
</td>
</tr>
<?php
$count++;
}
}
if ($previous || $pages || $next) {
?>
<tr id="header">
<td colspan="3" style="padding-left:11px;"><?php echo $previous; ?></td>
<td colspan="2" style="padding-right:11px;" align="right"><?php echo $next; ?></td>
</tr>
<?php } ?>
</table>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=post&fid=<?php echo $forum_id; ?>"><img src="images/newtopic_off.gif" srcover="images/newtopic_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<a href="">Mark topics read</a>
•
<?php
echo mysql_num_rows($topicsrecordset);
echo " ";
if (mysql_num_rows($topicsrecordset) == 1)
{ echo "topic"; }
else
{ echo "topics"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
<tr>
<td style="padding-left:11px;padding-top:5px;">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<?php echo $forum_name; ?>
</td>
<td style="padding-right:11px;padding-top:5px;" align="right"></td>
</tr>
</table>
<div style="height:5px;"></div>
<img src="../images/line.gif">
<p><?php include "../library/footer.php" ?></p>
</div>
</body>
</html>
<?php
unset($_SESSION["errormessage"]);
mysql_close();
?>
viewtopic.php
<?php
include "../library/dbconnect.php";
include "../library/sessionhandler.php";
if ($_SESSION['loggedin'] || $_GET['lo'] == 1)
{
if ($_COOKIE['loggedin_at'] == null)
{
header('Location: ../cookiecheck.php');
mysql_close();
exit();
}
}
$userid = $_SESSION["userid"];
$topic_id = $_GET["id"];
$page = $_GET["page"];
$nav = $_GET["nav"];
if (!isset($topic_id))
{
mysql_close();
header ("Location:index.php");
exit();
}
$sql = "SELECT COUNT(*) ";
$sql .= "FROM forums_posts ";
$sql .= "WHERE topic_id = " . $topic_id;
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) == 0)
{
mysql_close();
header ("Location:index.php");
exit();
}
$sql = "SELECT f.forum_name, ";
$sql .= "t.* ";
$sql .= "FROM forums_forums f, ";
$sql .= "forums_topics t ";
$sql .= "WHERE t.forum_id = f.forum_id AND ";
$sql .= "t.topic_id = " . $topic_id;
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) == 0)
{
mysql_close();
header ("Location:index.php");
exit();
}
$forum_name = mysql_result($recordset, 0, "forum_name");
$forum_id = mysql_result($recordset, 0, "forum_id");
$topic_title = mysql_result($recordset, 0, "topic_title");
if (empty($nav))
{
$sql = "UPDATE forums_topics ";
$sql .= "SET topic_views = topic_views + 1 ";
$sql .= "WHERE topic_id = " . $topic_id . " AND ";
$sql .= "forum_id = " . $forum_id;
mysql_select_db($mysql);
mysql_query($sql);
}
$isadministrator = false;
if (isset($_SESSION["userid"]))
{
$sql = "SELECT administrator ";
$sql .= "FROM users ";
$sql .= "WHERE userid = " . $_SESSION["userid"] . " AND ";
$sql .= "administrator = -1";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
if (mysql_num_rows($recordset) > 0)
{ $isadministrator = true; }
}
?>
<html lang="en">
<head>
<title>Find Your Geek | Forums | <?php echo $topic_title; ?></title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="../library/style.css" rel="stylesheet" type="text/css" media="screen, projection" />
<link href="library/forum.css" rel="stylesheet" type="text/css" media="screen, projection" />
<script type="text/javascript" src="../library/imagerollover.js"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<a name="topofpage"></a>
<div align="center">
<?php include "../library/header.php" ?>
<?php include "../library/menu.php" ?>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
if (isset($_SESSION["errormessage"]))
{
$paddingtop = "";
?>
<tr>
<td style="padding-left:11px;padding-top:5px;" colspan="2">
<font color="red">
<b>
<?php echo $_SESSION["errormessage"]; ?>
</b>
</font>
</td>
</tr>
<tr><td style="padding-left:11px;padding-right:11px;" colspan="2"><hr size="1px" color="#ffc600"></td></tr>
<?php
}
else
{ $paddingtop = "padding-top:5px;"; }
?>
<tr>
<td style="width:380px;padding-left:11px;<?php echo $paddingtop; ?>">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=<?php echo $forum_id; ?>"><?php echo $forum_name; ?></a>
</td>
<td style="width:380px;padding-right:11px;padding-top:5px;" align="right"></td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;" colspan="2">
<font style="font-size:20px;font-weight:bold;">
<?php echo $topic_title; ?>
</font>
</td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=<?php echo $topic_id; ?>"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<?php
//Pagination
$limit = 25;
$select = "SELECT s.sessionid, ";
$select .= "u.displayname, ";
$select .= "u.avatar, ";
$select .= "u.title, ";
$select .= "u.signature, ";
$select .= "u.posts, ";
$select .= "u.hideonlinestatus, ";
$select .= "u.lastlogindatetime, ";
$select .= "u.administrator, ";
$select .= "p.* ";
$from = "FROM users u, ";
$from .= "forums_posts p ";
$from .= "LEFT JOIN sessions s ";
$from .= "ON p.poster_id = s.sessionuserid ";
$where = "WHERE p.poster_id = u.userid AND ";
$where .= "p.topic_id = " . $topic_id . " ";
$orderby = "ORDER BY post_time ";
$resultcount = mysql_query("SELECT COUNT(*) " . $from . $where);
if (mysql_num_rows($resultcount) > 0)
{
$totalrows = mysql_result($resultcount, 0);
$numofpages = ceil($totalrows / $limit);
if(empty($page))
{
$page = 1;
$limitvalue = 0;
}
else
{ $limitvalue = $page * $limit - ($limit); }
if ($page != 1)
{
$pageprev = $page - 1;
$previous = "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $pageprev . "&nav=prev\">« Prev</a>";
}
if ($numofpages > 1)
{
for ($count = 1; $count <= $numofpages; $count++)
{
if ($count == $page)
{ $pages .= $count . " "; }
else
{ $pages .= "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $count . "&nav=page\">" . $count . "</a> "; }
}
}
if ($totalrows - ($limit * $page) > 0)
{
$pagenext = $page + 1;
$next = "<a href=\"viewtopic.php?id=" . $topic_id . "&page=" . $pagenext . "&nav=next\">Next »</a>";
}
}
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($select . $from . $where . $orderby . "LIMIT " . $limitvalue . ", " . $limit);
$postsrecordset = mysql_query($sql);
if (mysql_num_rows($postsrecordset) == 0)
{
if ($page != 1)
{
mysql_close();
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewtopic.php?id=" . $topic_id . "\">";
exit();
}
}
if ($numofpages == 0) { $numofpages = 1; }
echo mysql_num_rows($postsrecordset);
echo " ";
if (mysql_num_rows($postsrecordset) == 1)
{ echo "post"; }
else
{ echo "posts"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
</table>
<div style="height:5px;"></div>
<table width="760px" cellpadding="0px" cellspacing="0px">
<?php
$count = 0;
while ($count < mysql_num_rows($postsrecordset))
{
if ($count % 2 == 1)
{ $trid = "topic_rowA"; }
else
{ $trid = "topic_rowB"; }
if ($count + 1 == mysql_num_rows($postsrecordset))
{ $borderbottom = "border-bottom:#ffc600 1px solid;"; }
else
{ $borderbottom = ""; }
?>
<tr id="<? echo $trid; ?>">
<td style="height:240px;width:200px;border-top: #ffc600 1px solid;padding: 11px 11px 11px 11px;" valign="top">
<?php
if (mysql_result($postsrecordset, $count, "avatar") != null)
{
echo "<a href=\"../profile.php?id=" . mysql_result($postsrecordset, $count, "poster_id") . "\">";
echo "<img src=\"" . mysql_result($postsrecordset, $count, "avatar") . "\" border=\"0px\">";
echo "</a><br />";
}
if (mysql_result($postsrecordset, $count, "administrator"))
{ echo "<a href=\"../administrators.php\"><img src=\"../images/administrator_esm.gif\" border=\"0px\"></a> "; }
echo "<a href=\"../profile.php?id=" . mysql_result($postsrecordset, $count, "poster_id") . "\">";
echo "<b>" . mysql_result($postsrecordset, $count, "displayname") . "</b>";
echo "</a><br />";
if (mysql_result($postsrecordset, $count, "title") != null)
{ echo mysql_result($postsrecordset, $count, "title"); }
//online / offline
echo "<table style=\"padding-top:15px;padding-bottom:15px;\" width=\"100%\" cellpadding=\"0px\" cellspacing=\"0px\">";
echo "<tr>";
if (mysql_result($postsrecordset, $count, "sessionid") == null)
{
echo "<td width=\"20px\">";
echo "<img src=\"../images/offline.gif\"> ";
echo "</td>";
echo "<td>";
echo "<font style=\"font-size:9px;color:#ff2f15\"><b>Offline</b></font>";
echo "</td>";
}
else
{
//add hidden code here
echo "<td width=\"20px\">";
echo "<img src=\"../images/online.gif\"> ";
echo "</td>";
echo "<td>";
echo "<font style=\"font-size:9px;color:#84ff15\"><b>Online</b></font>";
echo "</td>";
}
echo "</tr>";
echo "</table>";
echo "Posts: " . mysql_result($postsrecordset, $count, "posts");
?>
</td>
<td style="width:560px;border-top: #ffc600 1px solid;border-left: #ffc600 1px solid;" valign="top">
<table width="100%" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-left:11px;padding-top:11px;">
<a name="p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"></a>
<font style="font-size:12px;">
<b>
<a href="#p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><?php echo mysql_result($postsrecordset, $count, "post_subject"); ?></a>
</b>
</font>
</td>
<td style="padding-right:11px;padding-top:5px;" align="right">
<a href="posting.php?mode=quote&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/quote_button_off.gif" srcover="images/quote_button_on.gif" border="0px" alt="Reply with quote" title="Reply with quote"></a>
<?php
if (isset($_SESSION["userid"]))
{
if ($isadministrator || $_SESSION["userid"] == mysql_result($postsrecordset, $count, "poster_id"))
{
?>
<a href="posting.php?mode=edit&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/edit_off.gif" srcover="images/edit_on.gif" border="0px" alt="Edit post" title="Edit post"></a>
<?php
}
if ($isadministrator)
{
?>
<a href="posting.php?mode=delete&pid=<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/delete_off.gif" srcover="images/delete_on.gif" border="0px" alt="Delete post" title="Delete post"></a>
<?php
}
}
?>
</td>
</tr>
<tr><td colspan="2" style="height:5px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;">
<a href="#p<?php echo mysql_result($postsrecordset, $count, "post_id"); ?>"><img src="images/post.gif" border="0px"></a> by
<a href="../profile.php?id=<?php echo mysql_result($postsrecordset, $count, "poster_id"); ?>"><b><?php echo mysql_result($postsrecordset, $count, "displayname") ?></b></a> on
<?php echo date("M d, Y g:i a", mysql_result($postsrecordset, $count, "post_time")) . " EST"; ?>
</td>
</tr>
<tr><td colspan="2" style="height:10px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;padding-right:11px;">
<!-- post text -->
<font style="font-size:1.2em;">
<?php
echo FormatBBCode(mysql_result($postsrecordset, $count, "post_text"), $count);
?>
</font>
<?php
if (mysql_result($postsrecordset, $count, "signature") != null)
{
?>
<br /><br />
<table style="width:100%;border-top:#ffc600 1px solid;" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-top:10px;padding-bottom:10px;">
<?php echo FormatBBCode(mysql_result($postsrecordset, $count, "signature")); ?>
</td>
</tr>
</table>
<?php
}
?>
</td>
</tr>
</table>
</td>
</tr>
<tr id="<?php echo $trid ?>">
<td style="padding-left:11px;<?php echo $borderbottom; ?>"> </td>
<td style="padding-right:11px;<?php echo $borderbottom; ?>padding-bottom:10px;border-left:#ffc600 1px solid;" align="right">
<a href="#topofpage"><img src="images/up_arrow.gif" border="0px" alt="Top" title="Top"></a>
</td>
</tr>
<?php
$count++;
}
if ($previous || $pages || $next) {
?>
<tr id="header">
<td colspan="3" style="padding-left:11px;"><?php echo $previous; ?></td>
<td colspan="2" style="padding-right:11px;" align="right"><?php echo $next; ?></td>
</tr>
<?php } ?>
</table>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=<?php echo $topic_id; ?>"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
<?php
echo mysql_num_rows($postsrecordset);
echo " ";
if (mysql_num_rows($postsrecordset) == 1)
{ echo "post"; }
else
{ echo "posts"; }
?>
•
Page <?php echo $page . " of " . $numofpages; ?>
<?php if ($pages) { echo " • " . $pages; } ?>
</td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=<?php echo $forum_id; ?>"><?php echo $forum_name; ?></a>
</td>
<td></td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
</table>
<div style="height:5px;"></div>
<img src="../images/line.gif">
<p><?php include "../library/footer.php" ?></p>
</div>
</body>
</html>
<?php
unset($_SESSION["errormessage"]);
mysql_close();
function FormatBBCode($message)
{
$simple_search = array(
'/\:\)/is',
'/\;\)/is',
'/\:\(/is',
'/\:cool:/is',
'/\:mad:/is',
'/\:confused:/is',
'/\:shock:/is',
'/\:bigsmile:/is',
'/\:oops:/is',
'/\:roll:/is',
'/\:twisted:/is',
'/\:lol:/is',
'/\:neutral:/is',
'/\:drool:/is',
'/\:ninja:/is',
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[quote\](.*?)\[\/quote\]/is',
'/\[quote\=(.*?)\](.*?)\[\/quote\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is',
'/\[spoiler\](.*?)\[\/spoiler\]/is',
'/\[nsfw\](.*?)\[\/nsfw\]/is'
);
$simple_replace = array(
'<img src="../images/smileys/smile.gif">',
'<img src="../images/smileys/wink.gif">',
'<img src="../images/smileys/sad.gif">',
'<img src="../images/smileys/cool.gif">',
'<img src="../images/smileys/mad.gif">',
'<img src="../images/smileys/confused.gif">',
'<img src="../images/smileys/shock.gif">',
'<img src="../images/smileys/bigsmile.gif">',
'<img src="../images/smileys/oops.gif">',
'<img src="../images/smileys/eyeroll.gif">',
'<img src="../images/smileys/twisted.gif">',
'<img src="../images/smileys/laugh.gif">',
'<img src="../images/smileys/neutral.gif">',
'<img src="../images/smileys/drool.gif">',
'<img src="../images/smileys/ninja.gif">',
'<b>$1</b>',
'<i>$1</i>',
'<u>$1</u>',
'<a href="$1" target="_new">$1</a>',
'<a href="$1" target="_new">$2</a>',
'<img src="$1">',
'<table width="90%" style="background:#2a2a2a;border:1px solid #555555;padding-bottom:5px;" cellspacing="1px" cellpadding="3px" align="center"><tr><td style="font-size:11px;"><img src="images/quote.gif"></td></tr><tr><td style="font-size:12px;">$1</tr></table>',
'<table width="90%" style="background:#2a2a2a;border:1px solid #555555;padding-bottom:5px;" cellspacing="1px" cellpadding="3px" align="center"><tr><td style="font-size:11px;"><img src="images/quote.gif"> <b>$1 wrote:</b></td></tr><tr><td style="font-size:12px;">$2</tr></table>',
'<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/trim($1)"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>',
"<div style=\"margin-top:5px\"><div><font style=\"font-size:12px;\"><b>Spoiler:</b></font> <input type=\"button\" value=\"Show\" style=\"width:45px;font-size:10px;margin:0px;padding:0px;\" onclick=\"if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = '';this.innerText = '';this.value = 'Hide'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none';this.innerText = '';this.value = 'Show'; }\" /></div><div class=\"quotecontent\"><div style=\"display: none;\"><br />$1</div></div></div>",
"<div style=\"margin-top:5px\"><div><font style=\"font-size:12px;\"><b>NSFW:</b></font> <input type=\"button\" value=\"Show\" style=\"width:45px;font-size:10px;margin:0px;padding:0px;\" onclick=\"if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = '';this.innerText = '';this.value = 'Hide'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none';this.innerText = '';this.value = 'Show'; }\" /></div><div class=\"quotecontent\"><div style=\"display: none;\"><br />$1</div></div></div>"
);
$message = preg_replace ($simple_search, $simple_replace, $message);
return nl2br($message);
}
?>
dbconnect.php
<?php
$user = "root";
$password = "XXXXXX";
$database = "XXXXXX";
mysql_connect(localhost, $user, $password);
@mysql_select_db($database) or die("Unable to select database");
require "SafeSQL.class.php"
?>
sessionhandler.php
<?php
ini_set('display_errors', E_ALL);
session_set_cookie_params(3600);
session_start();
if (isset($_SESSION['userid']))
{
$previous_session_id = session_id();
if (strpos($_SERVER["SCRIPT_NAME"], "/scripts/") > 0 || strpos($_SERVER["SCRIPT_NAME"], "/pop/") > 0)
{ require_once '../library/securesession.class.php'; }
else
{ require_once 'securesession.class.php'; }
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_';
$ss->regenerate_id = false;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
if (strpos($_SERVER["SCRIPT_NAME"], "/scripts/") > 0 || strpos($_SERVER["SCRIPT_NAME"], "/pop/") > 0)
{
header('Location: ../index.php');
die();
}
else
{
header('Location: index.php');
die();
}
}
$sql = "UPDATE sessions ";
$sql .= "SET sessionid = \"" . session_id() . "\", ";
$sql .= "sessiondatetime = now() ";
$sql .= "WHERE sessionid = \"" . $previous_session_id . "\"";
mysql_select_db($mysql);
mysql_query($sql);
setcookie('loggedin_at', time(), time() + 3602, '/');
}
//first check to see if sessionid exists
$sql = "SELECT * ";
$sql .= "FROM sessions ";
$sql .= "WHERE sessionid = \"" . session_id() . "\"";
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$recordset = mysql_query($sql);
//remove records inactive for five minutes or more
$sqldelete = "DELETE FROM sessions ";
$sqldelete .= "WHERE TIMESTAMPDIFF(SECOND, sessiondatetime, now()) > 300";
if (mysql_numrows($recordset) > 0)
{
$sql = "UPDATE sessions ";
$sql .= "SET sessiondatetime = now() ";
$sql .= "WHERE sessionid = \"" . session_id() . "\"";
}
else
{
$sql = "INSERT INTO sessions ";
$sql .= "SELECT \"" . session_id() . "\", ";
if (isset($_SESSION['userid']))
{ $userid = $_SESSION["userid"]; }
else
{ $userid = 0; }
$sql .= $userid . ", ";
$sql .= "\"" . $_SERVER['REMOTE_ADDR'] . "\", ";
$sql .= "now()";
}
mysql_select_db($mysql);
mysql_query("BEGIN");
mysql_query($sqldelete);
mysql_query($sql);
mysql_query("COMMIT");
?>
securesession.class.php
<?php
/*
SecureSession class
Written by Vagharshak Tozalakyan <vagh@armdex.com>
Released under GNU Public License
*/
class SecureSession
{
// Include browser name in fingerprint?
var $check_browser = true;
// How many numbers from IP use in fingerprint?
var $check_ip_blocks = 0;
// Control word - any word you want.
var $secure_word = 'SECURESTAFF';
// Regenerate session ID to prevent fixation attacks?
var $regenerate_id = true;
// Call this when init session.
function Open()
{
$_SESSION['ss_fprint'] = $this->_Fingerprint();
$this->_RegenerateId();
}
// Call this to check session.
function Check()
{
$this->_RegenerateId();
return (isset($_SESSION['ss_fprint'])
&& $_SESSION['ss_fprint'] == $this->_Fingerprint());
}
// Internal function. Returns MD5 from fingerprint.
function _Fingerprint()
{
$fingerprint = $this->secure_word;
if ($this->check_browser)
{
$fingerprint .= $_SERVER['HTTP_USER_AGENT'];
}
if ($this->check_ip_blocks)
{
$num_blocks = abs(intval($this->check_ip_blocks));
if ($num_blocks > 4)
{
$num_blocks = 4;
}
$blocks = explode('.', $_SERVER['REMOTE_ADDR']);
for ($i=0; $i<$num_blocks; $i++)
{
$fingerprint .= $blocks[$i] . '.';
}
}
return md5($fingerprint);
}
// Internal function. Regenerates session ID if possible.
function _RegenerateId()
{
if ($this->regenerate_id && function_exists('session_regenerate_id'))
{
session_regenerate_id();
}
}
}
?>
header.php
<?php
if (strpos($_SERVER["REQUEST_URI"], "forums/"))
{ $slashback = "../"; }
?>
<table width="762px" cellpadding="0px" cellspacing="0px">
<tr>
<td width="412px" style="padding-left:11px;padding-top:13px;padding-bottom:13px;">
<?php
$pos = strpos($_SERVER["REQUEST_URI"], "index.php");
if ($pos > 0 && $slashback == '')
{ echo "<img src=\"images/fyg_header_beta.gif\">"; }
else
{ echo "<a href=\"" . $slashback . "index.php\"><img src=\"" . $slashback . "images/fyg_header_beta.gif\" border=\"0\"></a>"; }
?>
</td>
<td width="350px" valign="middle">
<?php
if (strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) != "cookiecheck.php" && strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) != "forgotpassword.php")
{
if (!$_SESSION["loggedin"])
{
?>
<table width="100%" cellpadding="0px" cellspacing="0px">
<form name="login" method="post" action="<?php echo $slashback; ?>scripts/login.php">
<tr>
<td width="55px">Email:</td>
<td width="65px" align="right">
<?php
if (isset($_SESSION["emailnotfound"]))
{
echo "<b><font color=\"red\">Not found</font></b>";
}
if (isset($_SESSION["emptyemail"]))
{
echo "<b><font color=\"red\">Required</font></b>";
}
?>
</td>
<td width="20px"></td>
<td width="55px">Password:</td>
<td width="65px" align="right">
<?php
if (isset($_SESSION["incorrectpassword"]))
{
echo "<b><font color=\"red\">Incorrect</font></b>";
}
if (isset($_SESSION["emptypassword"]))
{
echo "<b><font color=\"red\">Required</font></b>";
}
?>
</td>
<td width="79px"></td>
</tr>
<tr><td colspan="6" height="3px"></td></tr>
<tr>
<td colspan="2"><input type="text" name="email" style="width:125px;" value="<?php if (isset($_SESSION["emailnotfound"]) || isset($_SESSION["incorrectpassword"]) || isset($_SESSION["emptypassword"])) { echo $_SESSION["loginemail"]; } ?>"></td>
<td></td>
<td colspan="2"><input type="password" name="password" style="width:125px;"></td>
<td align="right" style="padding-right:11px;">
<input type="image" src="<?php echo $slashback; ?>images/login_off.gif" srcover="<?php echo $slashback; ?>images/login_on.gif" />
</td>
</tr>
<tr><td colspan="6" height="3px"></td></tr>
<tr>
<td colspan="6">
<a href="<?php echo $slashback; ?>forgotpassword.php">Forgot password</a>
</td>
</tr>
</form>
</table>
<?php
}
else
{
$sql = "SELECT displayname ";
$sql = $sql . "FROM users ";
$sql = $sql . "WHERE userid = " . $_SESSION["userid"];
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$loginrecordset = mysql_query($sql);
$headerdisplayname = mysql_result($loginrecordset, 0, "displayname");
$sql = "SELECT COUNT(*) messagecount ";
$sql .= "FROM messages m, ";
$sql .= "messagerecipients r ";
$sql .= "WHERE m.messageid = r.messageid AND ";
$sql .= "m.type = 0 AND ";
$sql .= "r.read = 0 AND ";
$sql .= "r.trashed = 0 AND ";
$sql .= "r.deleted = 0 AND ";
$sql .= "r.userid = " . $_SESSION["userid"] . " AND ";
$sql .= "r.authorid <> " . $_SESSION["userid"] . " ";
$sql .= "UNION ALL ";
$sql .= "SELECT COUNT(*) messagecount ";
$sql .= "FROM messages m, ";
$sql .= "messagerecipients r ";
$sql .= "WHERE m.messageid = r.messageid AND ";
$sql .= "m.type = 1 AND ";
$sql .= "r.read = 0 AND ";
$sql .= "r.trashed = 0 AND ";
$sql .= "r.deleted = 0 AND ";
$sql .= "r.userid = " . $_SESSION["userid"] . " AND ";
$sql .= "r.authorid <> " . $_SESSION["userid"];
$safesql = & new SafeSQL_MySQL;
$sql = $safesql->query($sql);
$loginrecordset = mysql_query($sql);
$messagecount = mysql_result($loginrecordset, 0, "messagecount");
$winkcount = mysql_result($loginrecordset, 1, "messagecount");
?>
<table width="350px" style="padding-right:11px;" cellpadding="0px" cellspacing="0px">
<tr>
<td width="50px"></td>
<td width="300px"><font style="font-size:14px;color:#ffc600;"><a href="<?php echo $slashback; ?>profile.php?id=<?php echo $_SESSION["userid"]; ?>"><b><? echo $headerdisplayname; ?></b></a></font></td>
</tr>
<tr>
<td></td>
<td>
<table width="300px" cellpadding="0px" cellspacing="0px">
<tr>
<td>
<table width="225px" cellpadding="0px" cellspacing="0px">
<tr>
<td width="25px"><a href="<?php echo $slashback; ?>messages.php"><img src="<?php echo $slashback; ?>images/message.gif" border="0" /></a></td>
<td width="200px">You have <a href="<?php echo $slashback; ?>messages.php"><b><?php echo $messagecount ?></b></a> new <?php if ($messagecount == 1) { echo "message"; } else { echo "messages"; } ?></b></td>
</tr>
<tr>
<td><a href="<?php echo $slashback; ?>messages.php"><img src="<?php echo $slashback; ?>images/wink_sm.gif" border="0" /></a></td>
<td>You have <a href="<?php echo $slashback; ?>messages.php"><b><?php echo $winkcount ?></b></a> new <?php if ($winkcount == 1) { echo "wink"; } else { echo "winks"; } ?></td>
</tr>
</table>
</td>
<td>
<table width="75px" cellpadding="0px" cellspacing="0px" align="right">
<tr><td style="vertical-align:middle;" align="right"><a href="<?php echo $slashback; ?>scripts/logout.php"><img src="<?php echo $slashback; ?>images/logout_off.gif" srcover="<?php echo $slashback; ?>images/logout_on.gif" border="0"/></a></td></tr>
</table>
</td>
</tr>
</table>
</td>
</table>
<?php
}
}
?>
</td>
</tr>
</table>
<?php
unset($_SESSION["emptyemail"]);
unset($_SESSION["emptypassword"]);
unset($_SESSION["loginemail"]);
unset($_SESSION["emailnotfound"]);
unset($_SESSION["incorrectpassword"]);
?>
menu.php
<?php
if (!$_SESSION["loggedin"])
{
?>
<table style="width:760px;height:33px;" cellpadding="0px" cellspacing="0px" align="center">
<tr style="background: url(http://www.findyourgeek.com/images/menu/menu_background.gif) repeat-x;">
<td align="right">
<a href="<?php echo $slashback; ?>index.php"><img src="<?php echo $slashback; ?>images/menu/home_<?php ReturnClass("index.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/home_hover.gif" border="0px"></a><a href="<?php echo $slashback; ?>join.php"><img src="<?php echo $slashback; ?>images/menu/join_<?php ReturnClass("join.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/join_hover.gif" border="0px"></a><a href="<?php echo $slashback; ?>whosonline.php"><img src="<?php echo $slashback; ?>images/menu/whosonline_<?php ReturnClass("whosonline.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/whosonline_hover.gif" border="0px"></a><a href="<?php echo $slashback; ?>contact.php"><img src="<?php echo $slashback; ?>images/menu/contact_<?php ReturnClass("contact.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/contact_hover.gif" border="0px"></a>
</td>
</tr>
</table>
<?php
}
else
{
?>
<table style="width:760px;height:33px;" cellpadding="0px" cellspacing="0px">
<tr>
<td><a href="<?php echo $slashback; ?>index.php"><img src="<?php echo $slashback; ?>images/menu/home_<?php ReturnClass("index.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/home_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>messages.php"><img src="<?php echo $slashback; ?>images/menu/messages_<?php ReturnClass("messages.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/messages_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>favorites.php"><img src="<?php echo $slashback; ?>images/menu/favorites_<?php ReturnClass("favorites.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/favorites_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>profile.php?id=<?php echo $_SESSION["userid"]; ?>"><img src="<?php echo $slashback; ?>images/menu/myprofile_<?php ReturnClass("profile.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/myprofile_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>mygeek.php"><img src="<?php echo $slashback; ?>images/menu/mygeek_<?php ReturnClass("mygeek.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/mygeek_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>mymatches.php"><img src="<?php echo $slashback; ?>images/menu/mymatches_<?php ReturnClass("mymatches.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/mymatches_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>search.php"><img src="<?php echo $slashback; ?>images/menu/search_<?php ReturnClass("search.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/search_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>whosonline.php"><img src="<?php echo $slashback; ?>images/menu/whosonline_<?php ReturnClass("whosonline.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/whosonline_hover.gif" border="0px"></a></td>
<td><a href="<?php echo $slashback; ?>contact.php"><img src="<?php echo $slashback; ?>images/menu/contact_<?php ReturnClass("contact.php"); ?>.gif" srcover="<?php echo $slashback; ?>images/menu/contact_hover.gif" border="0px"></a></td>
</tr>
</table>
<?php
}
function ReturnClass($currentpage)
{
if ($currentpage == "profile.php")
{
if ($_GET["id"] == $_SESSION["userid"])
{
if (strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "profile.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "editprofile.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "editphotos.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "accountsettings.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "cancelaccount.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "blockedusers.php")
{ echo "on"; }
else
{ echo "off"; }
}
else
{ echo "off"; }
}
else if ($currentpage == "messages.php")
{
if (strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "messages.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "viewmessage.php" || strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == "sendmessage.php")
{ echo "on"; }
else
{ echo "off"; }
}
else
{
if (strtolower(substr($_SERVER["SCRIPT_NAME"], strrpos($_SERVER["SCRIPT_NAME"], "/") + 1)) == $currentpage)
{ echo "on"; }
else
{ echo "off"; }
}
}
?>
footer.php
© <?php echo date("Y") ?> FindYourGeek.com
|
<a href="<?php echo $slashback; ?>tellafriend.php">Tell a Friend</a>
|
<a href="<?php echo $slashback; ?>termsofservice.php">Terms of Service</a>
|
<a href="<?php echo $slashback; ?>privacypolicy.php">Privacy Policy</a>
|
<a href="<?php echo $slashback; ?>safetytips.php">Safety Tips</a>
<div style="height:2px;"></div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-592780-4";
urchinTracker();
</script>
OK, I think I have it... in the viewtopic.php you have this line
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewtopic.
You probably need to add your page parameter there too
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewtopic.
If that doesn't work, Rent-A-Coder is a good idea. I'm on there too .
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewtopic.
You probably need to add your page parameter there too
echo "<meta http-equiv=\"refresh\" content=\"0;url=viewtopic.
If that doesn't work, Rent-A-Coder is a good idea. I'm on there too .
ASKER
I don't think so, that meta refresh only gets outputted to the browser if the user has navigated to an invalid page or a page that has no data.
I took it out and loaded the page and the same thing is happening.
Besides, that wouldn't explain why all the pages are getting called twice =(
I took it out and loaded the page and the same thing is happening.
Besides, that wouldn't explain why all the pages are getting called twice =(
Can you navigate to one of those ViewTopic pages and then save the source and paste it here? It might be easier to look at the HTML that is output from the script.
I was sure that refresh was going to do it! Actually, though, what if a user clicks on the link in the ViewForums page to go to a topic, then clicks refresh immediately? Even with your current scheme, it will cause it to update twice. Any way to check the referrer and only do the update if the referrer is not the page itself?
I was sure that refresh was going to do it! Actually, though, what if a user clicks on the link in the ViewForums page to go to a topic, then clicks refresh immediately? Even with your current scheme, it will cause it to update twice. Any way to check the referrer and only do the update if the referrer is not the page itself?
ASKER
Here's the HTML output.
Good suggestion on that second part though, will definitely add some logic in there for that.
Good suggestion on that second part though, will definitely add some logic in there for that.
<html lang="en">
<head>
<title>Find Your Geek | Forums | TEST</title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="../library/style.css" rel="stylesheet" type="text/css" media="screen, projection" />
<link href="library/forum.css" rel="stylesheet" type="text/css" media="screen, projection" />
<script type="text/javascript" src="../library/imagerollover.js"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<a name="topofpage"></a>
<div align="center">
<table width="762px" cellpadding="0px" cellspacing="0px">
<tr>
<td width="412px" style="padding-left:11px;padding-top:13px;padding-bottom:13px;">
<a href="../index.php"><img src="../images/fyg_header_beta.gif" border="0"></a> </td>
<td width="350px" valign="middle">
<table width="350px" style="padding-right:11px;" cellpadding="0px" cellspacing="0px">
<tr>
<td width="50px"></td>
<td width="300px"><font style="font-size:14px;color:#ffc600;"><a href="../profile.php?id=1"><b>HarpuaFSB</b></a></font></td>
</tr>
<tr>
<td></td>
<td>
<table width="300px" cellpadding="0px" cellspacing="0px">
<tr>
<td>
<table width="225px" cellpadding="0px" cellspacing="0px">
<tr>
<td width="25px"><a href="../messages.php"><img src="../images/message.gif" border="0" /></a></td>
<td width="200px">You have <a href="../messages.php"><b>0</b></a> new messages</b></td>
</tr>
<tr>
<td><a href="../messages.php"><img src="../images/wink_sm.gif" border="0" /></a></td>
<td>You have <a href="../messages.php"><b>0</b></a> new winks</td>
</tr>
</table>
</td>
<td>
<table width="75px" cellpadding="0px" cellspacing="0px" align="right">
<tr><td style="vertical-align:middle;" align="right"><a href="../scripts/logout.php"><img src="../images/logout_off.gif" srcover="../images/logout_on.gif" border="0"/></a></td></tr>
</table>
</td>
</tr>
</table>
</td>
</table>
</td>
</tr>
</table>
<table style="width:760px;height:33px;" cellpadding="0px" cellspacing="0px">
<tr>
<td><a href="../index.php"><img src="../images/menu/home_off.gif" srcover="../images/menu/home_hover.gif" border="0px"></a></td>
<td><a href="../messages.php"><img src="../images/menu/messages_off.gif" srcover="../images/menu/messages_hover.gif" border="0px"></a></td>
<td><a href="../favorites.php"><img src="../images/menu/favorites_off.gif" srcover="../images/menu/favorites_hover.gif" border="0px"></a></td>
<td><a href="../profile.php?id=1"><img src="../images/menu/myprofile_off.gif" srcover="../images/menu/myprofile_hover.gif" border="0px"></a></td>
<td><a href="../mygeek.php"><img src="../images/menu/mygeek_off.gif" srcover="../images/menu/mygeek_hover.gif" border="0px"></a></td>
<td><a href="../mymatches.php"><img src="../images/menu/mymatches_off.gif" srcover="../images/menu/mymatches_hover.gif" border="0px"></a></td>
<td><a href="../search.php"><img src="../images/menu/search_off.gif" srcover="../images/menu/search_hover.gif" border="0px"></a></td>
<td><a href="../whosonline.php"><img src="../images/menu/whosonline_off.gif" srcover="../images/menu/whosonline_hover.gif" border="0px"></a></td>
<td><a href="../contact.php"><img src="../images/menu/contact_off.gif" srcover="../images/menu/contact_hover.gif" border="0px"></a></td>
</tr>
</table>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr>
<td style="width:380px;padding-left:11px;padding-top:5px;">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=2">Announcements</a>
</td>
<td style="width:380px;padding-right:11px;padding-top:5px;" align="right"></td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;" colspan="2">
<font style="font-size:20px;font-weight:bold;">
TEST </font>
</td>
</tr>
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=11"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
1 post •
Page 1 of 1 </td>
</tr>
</table>
<div style="height:5px;"></div>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr id="topic_rowB">
<td style="height:240px;width:200px;border-top: #ffc600 1px solid;padding: 11px 11px 11px 11px;" valign="top">
<a href="../profile.php?id=1"><img src="http://img526.imageshack.us/img526/5973/atatavatarsf6nv9.gif" border="0px"></a><br /><a href="../administrators.php"><img src="../images/administrator_esm.gif" border="0px"></a> <a href="../profile.php?id=1"><b>HarpuaFSB</b></a><br />Intentionally left blank<table style="padding-top:15px;padding-bottom:15px;" width="100%" cellpadding="0px" cellspacing="0px"><tr><td width="20px"><img src="../images/online.gif"> </td><td><font style="font-size:9px;color:#84ff15"><b>Online</b></font></td></tr></table>Posts: 34 </td>
<td style="width:560px;border-top: #ffc600 1px solid;border-left: #ffc600 1px solid;" valign="top">
<table width="100%" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-left:11px;padding-top:11px;">
<a name="p29"></a>
<font style="font-size:12px;">
<b>
<a href="#p29">TEST</a>
</b>
</font>
</td>
<td style="padding-right:11px;padding-top:5px;" align="right">
<a href="posting.php?mode=quote&pid=29"><img src="images/quote_button_off.gif" srcover="images/quote_button_on.gif" border="0px" alt="Reply with quote" title="Reply with quote"></a>
<a href="posting.php?mode=edit&pid=29"><img src="images/edit_off.gif" srcover="images/edit_on.gif" border="0px" alt="Edit post" title="Edit post"></a>
<a href="posting.php?mode=delete&pid=29"><img src="images/delete_off.gif" srcover="images/delete_on.gif" border="0px" alt="Delete post" title="Delete post"></a>
</td>
</tr>
<tr><td colspan="2" style="height:5px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;">
<a href="#p29"><img src="images/post.gif" border="0px"></a> by
<a href="../profile.php?id=1"><b>HarpuaFSB</b></a> on
Jan 21, 2008 1:33 pm EST </td>
</tr>
<tr><td colspan="2" style="height:10px;"></td></tr>
<tr>
<td colspan="2" style="padding-left:11px;padding-right:11px;">
<!-- post text -->
<font style="font-size:1.2em;">
TESWT </font>
<br /><br />
<table style="width:100%;border-top:#ffc600 1px solid;" cellpadding="0px" cellspacing="0px">
<tr>
<td style="padding-top:10px;padding-bottom:10px;">
<b>bold signature</b> </td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr id="topic_rowB">
<td style="padding-left:11px;border-bottom:#ffc600 1px solid;"> </td>
<td style="padding-right:11px;border-bottom:#ffc600 1px solid;padding-bottom:10px;border-left:#ffc600 1px solid;" align="right">
<a href="#topofpage"><img src="images/up_arrow.gif" border="0px" alt="Top" title="Top"></a>
</td>
</tr>
</table>
<table width="760px" cellpadding="0px" cellspacing="0px">
<tr><td height="10px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="posting.php?mode=reply&tid=11"><img src="images/postreply_off.gif" srcover="images/postreply_on.gif" border="0px"></a>
</td>
<td style="padding-right:11px;" align="right">
1 post •
Page 1 of 1 </td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
<tr>
<td style="padding-left:11px;">
<a href="index.php"><img src="images/up_arrow.gif" border="0px"></a> <a href="index.php">Index</a>
<b> « </b>
<a href="viewforum.php?id=2">Announcements</a>
</td>
<td></td>
</tr>
<tr><td height="5px" colspan="2"></td></tr>
</table>
<div style="height:5px;"></div>
<img src="../images/line.gif">
<p> © 2008 FindYourGeek.com
|
<a href="../tellafriend.php">Tell a Friend</a>
|
<a href="../termsofservice.php">Terms of Service</a>
|
<a href="../privacypolicy.php">Privacy Policy</a>
|
<a href="../safetytips.php">Safety Tips</a>
<div style="height:2px;"></div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-592780-4";
urchinTracker();
</script> </p>
</div>
</body>
</html>
Just to be sure, as you are running these tests, you should change the Head title text in your script after making each change... such as
<title>Find Your Geek | Forums | TEST 1</title>
<title>Find Your Geek | Forums | TEST 2</title>
In this way, you can always be sure that your latest change is actually executing. Depending on your browser settings, you might actually be re-running the old version of the script cached in your browser. When in doubt, close all open browsers windows (to clear the session), and re-open the browser to begin your next test... and, be sure that your browser settings will always retrieve a new version of a page with every new session.
OK, just a wild guess, but does anything change when you comment out the very last DIV statement? I'm just trying to think of anything that might cause a hit to the same URL.
<div style="height:2px;"></div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-592780-4";
urchinTracker();
</script> </p>
</div>
<title>Find Your Geek | Forums | TEST 1</title>
<title>Find Your Geek | Forums | TEST 2</title>
In this way, you can always be sure that your latest change is actually executing. Depending on your browser settings, you might actually be re-running the old version of the script cached in your browser. When in doubt, close all open browsers windows (to clear the session), and re-open the browser to begin your next test... and, be sure that your browser settings will always retrieve a new version of a page with every new session.
OK, just a wild guess, but does anything change when you comment out the very last DIV statement? I'm just trying to think of anything that might cause a hit to the same URL.
<div style="height:2px;"></div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-592780-4";
urchinTracker();
</script> </p>
</div>
ASKER
Yeah, I tried taking that out, no dice.
This is very weird.
Anyway, I put up a request at RentA if you want to take a look.
http://www.rentacoder.com/RentACoder/misc/BidRequests/ShowBidRequest.asp?lngBidRequestId=850320
This is very weird.
Anyway, I put up a request at RentA if you want to take a look.
http://www.rentacoder.com/RentACoder/misc/BidRequests/ShowBidRequest.asp?lngBidRequestId=850320
ASKER
Ok, check this out.
It's only happening with Firefox in Windows.
I've tested it with Safari and Firefox on a Mac and IE under Windows and none of those browsers are incrementing the counter or loading twice.
It's only happening with Firefox in Windows.
I've tested it with Safari and Firefox on a Mac and IE under Windows and none of those browsers are incrementing the counter or loading twice.
ASKER
Now it's stopped happening completely.
Wow that is weird, I'm going to consider this matter closed and award you the points for the good advice you've given me in this thread.
And if you want to check out my RentA request, feel free, there's still work to be done!
Wow that is weird, I'm going to consider this matter closed and award you the points for the good advice you've given me in this thread.
And if you want to check out my RentA request, feel free, there's still work to be done!
Wow, don't you hate that?
Well, at least we identified a couple of other issues in the code that might help in the future.
Sure, I'll check out the listing, thanks!
Well, at least we identified a couple of other issues in the code that might help in the future.
Sure, I'll check out the listing, thanks!
But, since you say that this works when you run the sql stand-alone... I would look through the rest of the code to see if there is any place where you might be re-directing the page to itself? Or could you be re-directing to some index page that would then re-direct back to this one? In other words, this script is getting called twice? You could try creating another table, temporarily, with the topic_id and a timestamp, and update that table every time you run the update statement. If this script is being called recursively (or somehow multiple times), then you'll see two entries in this timestamp table with timestamps that are very close, though not identical. If that is the case, then look at the code that calls this script to see if the problem is there.