runnerjp
asked on
adding validation to current code..
adding validation to current code..
the thing is if i dont type in either topic or i dont type in the message box then it goes from this where i would expect the error to show along side where the error was made
the thing is if i dont type in either topic or i dont type in the message box then it goes from this where i would expect the error to show along side where the error was made
function initialise() {
var element = document.getElementById('element-id');
if (element && element.style)
element.style.display = 'none';
}
function toggleDisplay(element) {
var style;
if (typeof element == 'string')
element = document.getElementById(element);
if (element && (style = element.style))
style.display = (style.display == 'none') ? '' : 'none';
}
if (!document.getElementById)
document.getElementById = function() {return null;};
function wrapText(el, openTag, closeTag) {
if (el.setSelectionRange) {
// W3C/Mozilla
el.value = el.value.substring(0,el.selectionStart) + openTag + el.value.substring(el.selectionStart,el.selectionEnd) + closeTag + el.value.substring(el.selectionEnd,el.value.length);
}
else if (document.selection && document.selection.createRange) {
// IE code goes here
el.focus(); //or else text is added to the activating control
var range = document.selection.createRange();
range.text = openTag + range.text + closeTag;
}
}
</script>
<?php
session_start();
//connection string
require_once '../settings.php';
include "../BBClass.php"; //store the BBClass.php in the same place as settings.php or change the path.
include "connect.php";
$id = $_SESSION['user_id'];
$puser = get_username($id);
$timestamp = time();
$timeout = $timestamp - 180;
$username= get_username($_SESSION['user_id']);
function selfURL() {
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; }
function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }
$filename = (selfURL());
//Insert User
$insert = mysql_query("REPLACE INTO `useronline` SET `timestamp`='$timestamp', `ip`='".$_SERVER['REMOTE_ADDR']."', `file`='$filename',`user`='$username',`user_id`='".$_SESSION['user_id']."'")
or die(mysql_error());
$uid = $_SESSION['user_id']; //never use the same varible name twice.
$forum=$_GET['forum'];
$forumid=$_GET['id'];
session_start();
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
if ($result = mysql_query($query)){
if (mysql_num_rows($result)) {
$array = mysql_fetch_assoc($result);
$puser = $array['Username'];
$pimage = $array['image'];
?>
<p><table width="100%" class="loggedin">
<tr>
<td >
<div class="c1">
<div align="center"><em>
<script type='text/javascript'>
var date=new Date(); // Gets the full date!
var day=date.getHours(); // Gets the hours!
if(day<=11) {
document.write('Good Morning,'); // If it's before 12 PM then display this!
} else if(day<18){
document.write('Good Afternoon,'); // After 12 PM display this!
} else {
document.write('Good Evening,'); // After 6 PM display this!
}
</script>
You are logged in as <?php echo ucwords(strtolower($username)) ?>.Your ip address is <?php echo
$_SERVER["REMOTE_ADDR"]; ?>; this is stored for security reasons.</em> </div>
</div> </td>
</tr>
</table>
<table class='maintables'>
</p>
<p>
</p>
</div>
<tr class='headline'><td>Post a message</td></tr>
<tr class='maintables'><td>
<?
$errMsg="";
if(isset($_POST['submit']))
{
$name=$puser;
$yourpost=$_POST['yourpost'];
$forum=$_GET['forum'];
$subject=$_POST['subject'];
if(strlen($yourpost)<1)
{
$errMsg= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsg="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
$yourpost=strip_tags($yourpost);
$insertpost="INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$name','$subject','$yourpost','$thedate','$thedate','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum&forum=$forum'>Forum</a>.";
print "</td></tr></table>";
exit;
}
}
//else
//{
?>
<form action='<?php "$_SERVER[PHP_SELF]" ?>' method='post'>
<div align="center"><br>
Subject:
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsg; ?></span>
<br>
</div>
<tr class='maintables'>
<td align="center">
<?php
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$name=$puser;
$yourpost=$_POST['yourpost'];
$subject=$_POST['title'];
if(strlen($yourpost)<1)
{
print "You did not type in a post."; //no post entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime = time();
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
//This is where the bbcode come in.
$message = new BBCode;
$message->selection = $yourpost;
$message->parseCode(); // set to 1 if you want to disable bbcode
$message->parseEmoticons();
$yourpost = $message->parsed;
$insertpost="INSERT INTO `forumtutorial_posts` (`author`,`forum`,`title`,`post`,`showtime`,`realtime`,`lastposter`,`parentid`) values('$name','$forum','$subject','$yourpost','$thedate','$thedate','$name','$id')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatepost="UPDATE `forumtutorial_posts` SET `numreplies`=`numreplies`+'1', `lastposter`='$name', `lastrepliedto`='$thedate' WHERE `postid`='$id'";
mysql_query($updatepost) or die("Could not update post");
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=message&id=$id&forum=$forum'>Message</a>.";
}
}
else
{
$gettopic="SELECT * FROM `forumtutorial_posts` WHERE `postid`='$id'";
$gettopic2=mysql_query($gettopic) or die("Could not get topic");
$gettopic3=mysql_fetch_array($gettopic2);
$message=strip_tags($getreplies3['post']);
$message=nl2br($message);
?><br>
<form action='index.php?page=reply&forum=<? echo $forum; ?>&id=<? echo $_GET['id']; ?>' method='post' name='myform'>
<div style='padding-left: 5px; padding-top:5px;'></div>
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
<textarea id="inputforum" class="inputforum" name='yourpost' rows='5' cols='40'></textarea>
<br>
<input type='submit'class="submit-btn" name='submit' value=''>
</p>
</form>
<?
}
?>
</td>
</tr></form>
<?
//}
print "</td></tr></table>";
}}
?>
ERROR.jpg
I am not totally sure if I understand your question right, but from what I get you see the error at the wrong place.
If this is what you want to fix, you will need to use 2 error messages, right now you have only "$errMsg" for both the subject and the post. If you use something like "$errMsgSubject" and "$errMsgPost" and print them at the right place it should work.
So:
if(strlen($yourpost)<1)
{
$errMsg= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsg="You did not enter a subject."; //no subject entered
}
else
{
// ....
}
?>
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsg; ?></span>
Should be something like:
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
// ....
}
?>
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsgSubject; ?></span>
If this is what you want to fix, you will need to use 2 error messages, right now you have only "$errMsg" for both the subject and the post. If you use something like "$errMsgSubject" and "$errMsgPost" and print them at the right place it should work.
So:
if(strlen($yourpost)<1)
{
$errMsg= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsg="You did not enter a subject."; //no subject entered
}
else
{
// ....
}
?>
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsg; ?></span>
Should be something like:
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
// ....
}
?>
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsgSubject; ?></span>
ASKER
yes thats waht i want :).. i did as you said and when posted it shows nothing with no error messages and also posts the post still..
i have posted the full code below.. feel free to attack it anyway u can lol
i have posted the full code below.. feel free to attack it anyway u can lol
<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css">
<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/members/include/style.css">
<script>
function setColor(color) {
var textbox = document.getElementById('inputforum');
textbox.value += "[color=" + color + "][/color]";
}
function setsize(size) {
var textbox = document.getElementById('inputforum');
textbox.value += "[size=" + size + "][/size]";
}
function initialise() {
var element = document.getElementById('element-id');
if (element && element.style)
element.style.display = 'none';
}
function toggleDisplay(element) {
var style;
if (typeof element == 'string')
element = document.getElementById(element);
if (element && (style = element.style))
style.display = (style.display == 'none') ? '' : 'none';
}
if (!document.getElementById)
document.getElementById = function() {return null;};
function wrapText(el, openTag, closeTag) {
if (el.setSelectionRange) {
// W3C/Mozilla
el.value = el.value.substring(0,el.selectionStart) + openTag + el.value.substring(el.selectionStart,el.selectionEnd) + closeTag + el.value.substring(el.selectionEnd,el.value.length);
}
else if (document.selection && document.selection.createRange) {
// IE code goes here
el.focus(); //or else text is added to the activating control
var range = document.selection.createRange();
range.text = openTag + range.text + closeTag;
}
}
</script>
<?php
session_start();
//connection string
require_once '../settings.php';
include "../BBClass.php"; //store the BBClass.php in the same place as settings.php or change the path.
include "connect.php";
$id = $_SESSION['user_id'];
$puser = get_username($id);
$timestamp = time();
$timeout = $timestamp - 180;
$username= get_username($_SESSION['user_id']);
function selfURL() {
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; }
function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }
$filename = (selfURL());
//Insert User
$insert = mysql_query("REPLACE INTO `useronline` SET `timestamp`='$timestamp', `ip`='".$_SERVER['REMOTE_ADDR']."', `file`='$filename',`user`='$username',`user_id`='".$_SESSION['user_id']."'")
or die(mysql_error());
$uid = $_SESSION['user_id']; //never use the same varible name twice.
$forum=$_GET['forum'];
$forumid=$_GET['id'];
session_start();
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
if ($result = mysql_query($query)){
if (mysql_num_rows($result)) {
$array = mysql_fetch_assoc($result);
$puser = $array['Username'];
$pimage = $array['image'];
?>
<p><table width="100%" class="loggedin">
<tr>
<td >
<div class="c1">
<div align="center"><em>
<script type='text/javascript'>
var date=new Date(); // Gets the full date!
var day=date.getHours(); // Gets the hours!
if(day<=11) {
document.write('Good Morning,'); // If it's before 12 PM then display this!
} else if(day<18){
document.write('Good Afternoon,'); // After 12 PM display this!
} else {
document.write('Good Evening,'); // After 6 PM display this!
}
</script>
You are logged in as <?php echo ucwords(strtolower($username)) ?>.Your ip address is <?php echo
$_SERVER["REMOTE_ADDR"]; ?>; this is stored for security reasons.</em> </div>
</div> </td>
</tr>
</table>
<table class='maintables'>
</p>
<p>
</p>
</div>
<tr class='headline'><td>Post a message</td></tr>
<tr class='maintables'><td>
<?
if(isset($_POST['submit']))
{
$name=$puser;
$yourpost=$_POST['yourpost'];
$forum=$_GET['forum'];
$subject=$_POST['subject'];
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
$yourpost=strip_tags($yourpost);
$insertpost="INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$name','$subject','$yourpost','$thedate','$thedate','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum&forum=$forum'>Forum</a>.";
}
}
else
{
?>
<form action='<?php "$_SERVER[PHP_SELF]" ?>' method='post'>
<div align="center"><br>
Subject:
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsgSubject; ?></span>
<br>
</div>
<tr class='maintables'>
<td align="center">
<?php
$id=$_GET['id'];
if(isset($_POST['submit'])) {
$name=$puser;
$yourpost=$_POST['yourpost'];
$subject=$_POST['title'];
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}else{
$thedate=date("U"); //get unix timestamp
$displaytime = time();
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
//This is where the bbcode come in.
$message = new BBCode;
$message->selection = $yourpost;
$message->parseCode(); // set to 1 if you want to disable bbcode
$message->parseEmoticons();
$yourpost = $message->parsed;
$insertpost="INSERT INTO `forumtutorial_posts` (`author`,`forum`,`title`,`post`,`showtime`,`realtime`,`lastposter`,`parentid`) values('$name','$forum','$subject','$yourpost','$thedate','$thedate','$name','$id')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatepost="UPDATE `forumtutorial_posts` SET `numreplies`=`numreplies`+'1', `lastposter`='$name', `lastrepliedto`='$thedate' WHERE `postid`='$id'";
mysql_query($updatepost) or die("Could not update post");
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=message&id=$id&forum=$forum'>Message</a>.";
}
}else{
$gettopic="SELECT * FROM `forumtutorial_posts` WHERE `postid`='$id'";
$gettopic2=mysql_query($gettopic) or die("Could not get topic");
$gettopic3=mysql_fetch_array($gettopic2);
$message=strip_tags($getreplies3['post']);
$message=nl2br($message);
?><br>
<form action='index.php?page=reply&forum=<? echo $forum; ?>&id=<? echo $_GET['id']; ?>' method='post' name='myform'>
<div style='padding-left: 5px; padding-top:5px;'>
<input type='button' value='B' name='btnBold' onclick='wrapText(document.getElementById('inputforum'),'[b]','[/b]');'>
<input type='button' value='I' name='btnItalic' onclick='wrapText(document.getElementById('inputforum'),'[i]','[/i]');'>
<input type='button' value='U' name='btnUnderline' onclick='wrapText(document.getElementById('inputforum'),'[u]','[/u]');'>
<input type='button' value='IMG' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[img]','[/img]');'>
<input type='button' value='Email' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[email]','[/email]');'>
<input type='button' value='URL' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[url]','[/url]');'>
<input type='button' value='Center' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[center]','[/center]');'>
<input type="button" value="Smilies" onclick="toggleDisplay('element-id');">
<div id="element-id" style="display: none;">
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/smiley.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','('); return false"><img
src="http://www.runningprofiles.com/emoticons/sad.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),';',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/wink.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','D'); return false"><img
src="http://www.runningprofiles.com/emoticons/cheesy.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),';','D'); return false"><img
src="http://www.runningprofiles.com/emoticons/grin.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'::',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/rolleyes.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'>:','('); return false"><img
src="http://www.runningprofiles.com/emoticons/angry.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','o'); return false"><img
src="http://www.runningprofiles.com/emoticons/shocked.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'8',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/cool.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'??','?'); return false"><img
src="http://www.runningprofiles.com/emoticons/huh.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','p'); return false"><img
src="http://www.runningprofiles.com/emoticons/tongue.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','['); return false"><img
src="http://www.runningprofiles.com/emoticons/embarrassed.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','*'); return false"><img
src="http://www.runningprofiles.com/emoticons/undecided.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','\\'); return false"><img
src="http://www.runningprofiles.com/emoticons/lipssealed.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','*'); return false"><img
src="http://www.runningprofiles.com/emoticons/kiss.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','*('); return false"><img
src="http://www.runningprofiles.com/emoticons/cry.gif" border="0"></a>
</div>
<select id="size" onchange="setsize(this.value);">
<option value="" selected="selected">Font Size</option>
<option value="1">8pt</option>
<option value="2">10pt</option>
<option value="3">12pt</option>
<option value="4">14pt</option>
<option value="5">18pt</option>
<option value="6">24pt</option>
<option value="7">36pt</option>
<select id="color" onchange="setColor(this.value);">
<option value="" selected="selected">Change Color</option>
<option value="black">Black</option>
<option value="red">Red</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="orange">Orange</option>
<option value="purple">Purple</option>
<option value="blue">Blue</option>
<option value="beige">Beige</option>
<option value="brown">Brown</option>
<option value="teal">Teal</option>
<option value="navy">Navy</option>
<option value="maroon">Maroon</option>
<option value="limeGreen">Lime Green</option>
<option value="white">White</option>
</select>
</div>
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
<textarea id="inputforum" class="inputforum" name='yourpost' rows='5' cols='40'> <span style="color:red;"><?php echo $errMsgpost; ?></span></textarea>
<br>
<input type='submit'class="submit-btn" name='submit' value=''>
</p>
</form>
<?
}
?>
</td>
</tr></form>
<?
}
print "</td></tr></table>";
}}
?>
To be honest, I think there needs to be alot of improvement on this code.
I would like to help but it needs to be done in pieces.
For starters I think this needs to be first (I left out alot of code now):
I would like to help but it needs to be done in pieces.
For starters I think this needs to be first (I left out alot of code now):
<?php
session_start();
//connection string
require_once '../settings.php';
include "../BBClass.php"; //store the BBClass.php in the same place as settings.php or change the path.
include "connect.php";
$id = $_SESSION['user_id'];
$puser = get_username($id);
$timestamp = time();
$timeout = $timestamp - 180;
$username = get_username($_SESSION['user_id']);
function selfURL()
{
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
}
function strleft($s1, $s2)
{
return substr($s1, 0, strpos($s1, $s2));
}
$filename = (selfURL());
//Insert User
$insert = mysql_query("REPLACE INTO `useronline` SET `timestamp`='$timestamp', `ip`='".$_SERVER['REMOTE_ADDR']."', `file`='$filename',`user`='$username',`user_id`='".$_SESSION['user_id']."'") or die(mysql_error());
$uid = $_SESSION['user_id']; //never use the same varible name twice.
$forum=$_GET['forum'];
$forumid=$_GET['id'];
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
if ($result = mysql_query($query))
{
if (mysql_num_rows($result))
{
// THE REST OF THE CODE
}
}
?>
Of course you can also just add the stylesheet and javascript stuff that you have above your php code.
Then for // THE REST OF THE CODE, replace that with the code snippet below. I left out the smilie part, just add it.
Remember that I only try to correct the most important things.
Then for // THE REST OF THE CODE, replace that with the code snippet below. I left out the smilie part, just add it.
Remember that I only try to correct the most important things.
$array = mysql_fetch_assoc($result);
$puser = $array['Username'];
$pimage = $array['image'];
?>
<p>
<table width="100%" class="loggedin">
<tr>
<td>
<div class="c1">
<div align="center"><em>
<script type='text/javascript'>
var date=new Date(); // Gets the full date!
var day=date.getHours(); // Gets the hours!
if(day<=11) {
document.write('Good Morning,'); // If it's before 12 PM then display this!
} else if(day<18){
document.write('Good Afternoon,'); // After 12 PM display this!
} else {
document.write('Good Evening,'); // After 6 PM display this!
}
</script>
You are logged in as <?php echo ucwords(strtolower($username)) ?>.
Your ip address is <?php echo $_SERVER["REMOTE_ADDR"]; ?>; this is stored for security reasons.</em>
</div>
</div>
</td>
</tr>
</table>
</p>
<p> </p>
<form action='index.php?page=reply&forum=<? echo $forum; ?>&id=<? echo $_GET['id']; ?>' method='post' name='myform'>
<table class='maintables'>
<tr class='headline'><td>Post a message</td></tr>
<tr class='maintables'>
<td>
<div align="center">
<br>
Subject:
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsgSubject; ?></span>
<br>
</div>
</td>
</tr>
<tr class='maintables'>
<td align="center">
<?php
$id=$_GET['id'];
$gettopic="SELECT * FROM `forumtutorial_posts` WHERE `postid`='$id'";
$gettopic2=mysql_query($gettopic) or die("Could not get topic");
$gettopic3=mysql_fetch_array($gettopic2);
$message=strip_tags($getreplies3['post']);
$message=nl2br($message);
?>
<br>
<div style='padding-left: 5px; padding-top:5px;'>
<input type='button' value='B' name='btnBold' onclick='wrapText(document.getElementById('inputforum'),'[b]','[/b]');'>
<input type='button' value='I' name='btnItalic' onclick='wrapText(document.getElementById('inputforum'),'[i]','[/i]');'>
<input type='button' value='U' name='btnUnderline' onclick='wrapText(document.getElementById('inputforum'),'[u]','[/u]');'>
<input type='button' value='IMG' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[img]','[/img]');'>
<input type='button' value='Email' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[email]','[/email]');'>
<input type='button' value='URL' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[url]','[/url]');'>
<input type='button' value='Center' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[center]','[/center]');'>
<input type="button" value="Smilies" onclick="toggleDisplay('element-id');">
<div id="element-id" style="display: none;">
<?php
// PLACE YOUR SMILIES PART HERE
?>
</div>
<select id="size" onchange="setsize(this.value);">
<option value="" selected="selected">Font Size</option>
<option value="1">8pt</option>
<option value="2">10pt</option>
<option value="3">12pt</option>
<option value="4">14pt</option>
<option value="5">18pt</option>
<option value="6">24pt</option>
<option value="7">36pt</option>
</select>
<select id="color" onchange="setColor(this.value);">
<option value="" selected="selected">Change Color</option>
<option value="black">Black</option>
<option value="red">Red</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="orange">Orange</option>
<option value="purple">Purple</option>
<option value="blue">Blue</option>
<option value="beige">Beige</option>
<option value="brown">Brown</option>
<option value="teal">Teal</option>
<option value="navy">Navy</option>
<option value="maroon">Maroon</option>
<option value="limeGreen">Lime Green</option>
<option value="white">White</option>
</select>
</div>
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
<textarea id="inputforum" class="inputforum" name='yourpost' rows='5' cols='40'></textarea><span style="color:red;"><?php echo $errMsgPost; ?></span>
<br>
<input type='submit'class="submit-btn" name='submit' value=''>
</td>
</tr>
</table>
</form>
<?
The last thing is to add the following code snippet between the lines:
$forumid=$_GET['id'];
and
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
$forumid=$_GET['id'];
and
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
if(isset($_POST['submit']))
{
$name=$puser;
$yourpost=$_POST['yourpost'];
$forum=$_GET['forum'];
$subject=$_POST['subject'];
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
$yourpost=strip_tags($yourpost);
$insertpost="INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$name','$subject','$yourpost','$thedate','$thedate','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum&forum=$forum'>Forum</a>.";
exit;
}
}
Ok, overall you should have something like below. I hope it works and that I did not forget something.
Anyway, I just tried to re-arrange your code and I did some minor corrections. But I left the rest like it was.
Anyway, I just tried to re-arrange your code and I did some minor corrections. But I left the rest like it was.
<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css">
<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/members/include/style.css">
<script>
function setColor(color) {
var textbox = document.getElementById('inputforum');
textbox.value += "[color=" + color + "][/color]";
}
function setsize(size) {
var textbox = document.getElementById('inputforum');
textbox.value += "[size=" + size + "][/size]";
}
function initialise() {
var element = document.getElementById('element-id');
if (element && element.style)
element.style.display = 'none';
}
function toggleDisplay(element) {
var style;
if (typeof element == 'string')
element = document.getElementById(element);
if (element && (style = element.style))
style.display = (style.display == 'none') ? '' : 'none';
}
if (!document.getElementById)
document.getElementById = function() {return null;};
function wrapText(el, openTag, closeTag) {
if (el.setSelectionRange) {
// W3C/Mozilla
el.value = el.value.substring(0,el.selectionStart) + openTag + el.value.substring(el.selectionStart,el.selectionEnd) + closeTag + el.value.substring(el.selectionEnd,el.value.length);
}
else if (document.selection && document.selection.createRange) {
// IE code goes here
el.focus(); //or else text is added to the activating control
var range = document.selection.createRange();
range.text = openTag + range.text + closeTag;
}
}
</script>
<?php
session_start();
//connection string
require_once '../settings.php';
include "../BBClass.php"; //store the BBClass.php in the same place as settings.php or change the path.
include "connect.php";
$id = $_SESSION['user_id'];
$puser = get_username($id);
$timestamp = time();
$timeout = $timestamp - 180;
$username= get_username($_SESSION['user_id']);
function selfURL()
{
$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
}
function strleft($s1, $s2)
{
return substr($s1, 0, strpos($s1, $s2));
}
$filename = (selfURL());
//Insert User
$insert = mysql_query("REPLACE INTO `useronline` SET `timestamp`='$timestamp', `ip`='".$_SERVER['REMOTE_ADDR']."', `file`='$filename',`user`='$username',`user_id`='".$_SESSION['user_id']."'") or die(mysql_error());
$uid = $_SESSION['user_id']; //never use the same varible name twice.
$forum=$_GET['forum'];
$forumid=$_GET['id'];
if(isset($_POST['submit']))
{
$name=$puser;
$yourpost=$_POST['yourpost'];
$forum=$_GET['forum'];
$subject=$_POST['subject'];
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subject);
$name=strip_tags($name);
$yourpost=strip_tags($yourpost);
$insertpost="INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$name','$subject','$yourpost','$thedate','$thedate','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum&forum=$forum'>Forum</a>.";
exit;
}
}
$query = "SELECT * FROM users WHERE ID = '$id' LIMIT 1";
if ($result = mysql_query($query))
{
if (mysql_num_rows($result))
{
$array = mysql_fetch_assoc($result);
$puser = $array['Username'];
$pimage = $array['image'];
?>
<p>
<table width="100%" class="loggedin">
<tr>
<td>
<div class="c1">
<div align="center"><em>
<script type='text/javascript'>
var date=new Date(); // Gets the full date!
var day=date.getHours(); // Gets the hours!
if(day<=11) {
document.write('Good Morning,'); // If it's before 12 PM then display this!
} else if(day<18){
document.write('Good Afternoon,'); // After 12 PM display this!
} else {
document.write('Good Evening,'); // After 6 PM display this!
}
</script>
You are logged in as <?php echo ucwords(strtolower($username)) ?>.
Your ip address is <?php echo $_SERVER["REMOTE_ADDR"]; ?>; this is stored for security reasons.</em>
</div>
</div>
</td>
</tr>
</table>
</p>
<p> </p>
<form action='index.php?page=reply&forum=<? echo $forum; ?>&id=<? echo $_GET['id']; ?>' method='post' name='myform'>
<table class='maintables'>
<tr class='headline'><td>Post a message</td></tr>
<tr class='maintables'>
<td>
<div align="center">
<br>
Subject:
<input class='inputinbox' type='text' name='subject' size='20'> <span style="color:red;"><?php echo $errMsgSubject; ?></span>
<br>
</div>
</td>
</tr>
<tr class='maintables'>
<td align="center">
<?php
$id=$_GET['id'];
$gettopic="SELECT * FROM `forumtutorial_posts` WHERE `postid`='$id'";
$gettopic2=mysql_query($gettopic) or die("Could not get topic");
$gettopic3=mysql_fetch_array($gettopic2);
$message=strip_tags($getreplies3['post']);
$message=nl2br($message);
?>
<br>
<div style='padding-left: 5px; padding-top:5px;'>
<input type='button' value='B' name='btnBold' onclick='wrapText(document.getElementById('inputforum'),'[b]','[/b]');'>
<input type='button' value='I' name='btnItalic' onclick='wrapText(document.getElementById('inputforum'),'[i]','[/i]');'>
<input type='button' value='U' name='btnUnderline' onclick='wrapText(document.getElementById('inputforum'),'[u]','[/u]');'>
<input type='button' value='IMG' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[img]','[/img]');'>
<input type='button' value='Email' name='btnImg' onclick='wrapText(document.getElementById('inputforum'),'[email]','[/email]');'>
<input type='button' value='URL' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[url]','[/url]');'>
<input type='button' value='Center' name='btnUrl' onclick='wrapText(document.getElementById('inputforum'),'[center]','[/center]');'>
<input type="button" value="Smilies" onclick="toggleDisplay('element-id');">
<div id="element-id" style="display: none;">
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/smiley.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','('); return false"><img
src="http://www.runningprofiles.com/emoticons/sad.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),';',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/wink.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','D'); return false"><img
src="http://www.runningprofiles.com/emoticons/cheesy.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),';','D'); return false"><img
src="http://www.runningprofiles.com/emoticons/grin.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'::',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/rolleyes.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'>:','('); return false"><img
src="http://www.runningprofiles.com/emoticons/angry.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','o'); return false"><img
src="http://www.runningprofiles.com/emoticons/shocked.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'8',')'); return false"><img
src="http://www.runningprofiles.com/emoticons/cool.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),'??','?'); return false"><img
src="http://www.runningprofiles.com/emoticons/huh.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','p'); return false"><img
src="http://www.runningprofiles.com/emoticons/tongue.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','['); return false"><img
src="http://www.runningprofiles.com/emoticons/embarrassed.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','*'); return false"><img
src="http://www.runningprofiles.com/emoticons/undecided.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','\\'); return false"><img
src="http://www.runningprofiles.com/emoticons/lipssealed.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':-','*'); return false"><img
src="http://www.runningprofiles.com/emoticons/kiss.gif" border="0"></a>
<a href="http://www.runningprofiles.com/emoticons/smiley.gif" title="smile"
onclick="wrapText(document.getElementById('inputforum'),':','*('); return false"><img
src="http://www.runningprofiles.com/emoticons/cry.gif" border="0"></a>
</div>
<select id="size" onchange="setsize(this.value);">
<option value="" selected="selected">Font Size</option>
<option value="1">8pt</option>
<option value="2">10pt</option>
<option value="3">12pt</option>
<option value="4">14pt</option>
<option value="5">18pt</option>
<option value="6">24pt</option>
<option value="7">36pt</option>
</select>
<select id="color" onchange="setColor(this.value);">
<option value="" selected="selected">Change Color</option>
<option value="black">Black</option>
<option value="red">Red</option>
<option value="yellow">Yellow</option>
<option value="pink">Pink</option>
<option value="green">Green</option>
<option value="orange">Orange</option>
<option value="purple">Purple</option>
<option value="blue">Blue</option>
<option value="beige">Beige</option>
<option value="brown">Brown</option>
<option value="teal">Teal</option>
<option value="navy">Navy</option>
<option value="maroon">Maroon</option>
<option value="limeGreen">Lime Green</option>
<option value="white">White</option>
</select>
</div>
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
<textarea id="inputforum" class="inputforum" name='yourpost' rows='5' cols='40'></textarea><span style="color:red;"><?php echo $errMsgPost; ?></span>
<br>
<input type='submit'class="submit-btn" name='submit' value=''>
</td>
</tr>
</table>
</form>
<?
}
}
?>
ASKER
its not showing the errors sadly and if i just add a message with no title then it still posts it!
Replace this part:
if(isset($_POST['submit']) )
{
$name=$puser;
$yourpost=$_POST['yourpost '];
$forum=$_GET['forum'];
$subject=$_POST['subject'] ;
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subje ct);
$name=strip_tags($name);
$yourpost=strip_tags($your post);
$insertpost="INSERT INTO forumtutorial_posts(forum, author,tit le,post,sh owtime,rea ltime,last repliedto, lastposter ) values('$forum','$name','$ subject',' $yourpost' ,'$thedate ','$thedat e','$theda te','$name ')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+ '1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum &forum=$fo rum'>Forum </a>.";
exit;
}
}
with the code snippet below.
And what do you mean by title? Do you mean the subject? Because title is a hidden field:
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
And that field is filled automaticly and there is no check for this in the submit part.
if(isset($_POST['submit'])
{
$name=$puser;
$yourpost=$_POST['yourpost
$forum=$_GET['forum'];
$subject=$_POST['subject']
if(strlen($yourpost)<1)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
else if(strlen($subject)<1)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$subject=strip_tags($subje
$name=strip_tags($name);
$yourpost=strip_tags($your
$insertpost="INSERT INTO forumtutorial_posts(forum,
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum
exit;
}
}
with the code snippet below.
And what do you mean by title? Do you mean the subject? Because title is a hidden field:
<input name="title" type="hidden" value="<?php echo $gettopic3['title'];?>" />
And that field is filled automaticly and there is no check for this in the submit part.
if(isset($_POST['submit']))
{
$name=$puser;
$thePost=$_POST['yourpost'];
$forum=$_GET['forum'];
$theSubject=$_POST['subject'];
if($thePost == "" || $thePost == null)
{
$errMsgPost= "You did not type in a post."; //no post entered
}
elseif($theSubject == "" || $theSubject == null)
{
$errMsgSubject="You did not enter a subject."; //no subject entered
}
else
{
$thedate=date("U"); //get unix timestamp
$displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$theSubject=strip_tags($theSubject);
$name=strip_tags($name);
$thePost=strip_tags($thePost);
$insertpost="INSERT INTO forumtutorial_posts(forum,author,title,post,showtime,realtime,lastrepliedto,lastposter) values('$forum','$name','$theSubject','$thePost','$thedate','$thedate','$thedate','$name')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
$updatep="UPDATE `users` SET `post_count`=`post_count`+'1' WHERE `Username`='$name'";
mysql_query($updatep) or die("Could not update post");
print "Message posted, go back to <A href='index.php?page=forum&forum=$forum'>Forum</a>.";
exit;
}
}
ASKER
ahh yes thats great... could i ask a few more questions in this learning experience>
1. if say the subject or the message was allready filled in during the error... how could i make it still show up?
2. how did u clean my code, was it a program or just yourself?
3. what other tips to cut down on my code would u give?
1. if say the subject or the message was allready filled in during the error... how could i make it still show up?
2. how did u clean my code, was it a program or just yourself?
3. what other tips to cut down on my code would u give?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
error2.jpg