Problem with my forum.. any help?

[nordlinder]

Hey guys!

I have a problem... In my forum, whenever you view a post, where it should say the user's username, it says "invalid User". It has done this before and I have solved it, but I can seem to solve it now. I'm not sure what files you will need, so here is my code:

Forum.php

PHP Code:

<?php

$id = mss($_GET['id']);

if($id){
    $sql = "SELECT * FROM `forum_sub_cats` WHERE `id`='".$id."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        echo "The forum category you supplied does not exist!\n";
    }else {
        $row = mysql_fetch_assoc($res);
        if($row['admin'] == 1 && $admin_user_level == 0){
            echo "You must be an administrator to view this forum!\n";
        }else {
            $sql2 = "SELECT * FROM `forum_topics` WHERE `cid`='".$row['id']."' ORDER BY time DESC";
            $res2 = mysql_query($sql2) or die(mysql_error());
            if(mysql_num_rows($res2) == 0){
                echo "There are no topics in this forum, <a href=\"./index.php?act=create&id=".$row['id']."\">click here</a> to create a topic!\n";
            }else {
                echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" width=\"100%\">\n";
                echo "<tr><td colspan=\"4\" align=\"right\"><a href=\"./index.php?act=create&id=".$row['id']."\">create a topic</a></td></tr>\n";
                echo "<tr align=\"center\"><td class=\"forum_header\">Title</td><td class=\"forum_header\">User</td><td class=\"forum_header\">Date Created</td><td class=\"forum_header\">Replies</td></tr>\n";
                while($row2 = mysql_fetch_assoc($res2)){
                    $sql3 = "SELECT count(*) AS num_replies FROM `forum_replies` WHERE `tid`='".$row2['id']."'";
                    $res3 = mysql_query($sql3) or die(mysql_error());
                    $row3 = mysql_fetch_assoc($res3);
                    echo "<tr align=\"center\"><td><a href=\"./index.php?act=topic&id=".$row2['id']."\">".s($row2['title'])."</a></td><td>".uid($row2['uid'])."</td><td>".$row2['date']."</td><td>".$row3['num_replies']."</td></tr>\n";
                }
                echo "</table>\n";
            }
        }
    }
}else {
    echo "Please supply a category ID!\n";
}

?>

Reply.php

PHP Code:

<?php

if(!$_SESSION['uid']){
    header("Location: index.php");
}

if(!$_POST['submit']){
    echo "Invalid usage of file";
}else {
    $tid = mss($_GET['id']);
    $msg = mss($_POST['reply']);
    
    if(!$tid){
        echo "You did not supply a topic to add a reply to";
    }else {
        $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$tid."'";
        $res = mysql_query($sql) or die(mysql_error());
        if(mysql_num_rows($res) == 0){
            echo "This topic does not exist";
        }else {
            $row = mysql_fetch_assoc($res);
            $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
            $res2 = mysql_query($sql2) or die(mysql_error());
            $row2 = mysql_fetch_assoc($res2);
            if($row2['admin'] == 1 && $admin_user_level == 0){
                echo "You do not have sufficient priveleges to add a reply to this topic";
            }else {
                if(!$msg){
                    echo "You did not supply a reply";
                }else {
                    if(strlen($msg) < 3 || strlen($msg) > 10000){
                        echo "Your reply must be between 3 and 10,000 characters!";
                    }else {
                        $date = date("m-d-y") . " at " . date("h:i:s");
                        $time = time();
                        $sql3 = "INSERT INTO `forum_replies` (`tid`,`uid`,`message`,`date`,`time`) VALUES('".$tid."','".$_SESSION['uid']."','".$msg."','".$date."','".$time."')";
                        $res3 = mysql_query($sql3) or die(mysql_error());
                        $sql4 = "UPDATE `forum_topics` SET `time`='".time()."' WHERE `id`='".$tid."'";
                        $res4 = mysql_query($sql4) or die(mysql_error());
                        header("Location: ./index.php?act=topic&id=".$tid);
                    }
                }
            }
        }
    }
}

?>

Topic.php

PHP Code:

 <?php

$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page'];
$page = ceil($page);
 
$limit = 10;
$start = $limit;
$end = $page*$limit-($limit);
 
 if($id){
    $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$id."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        echo "This topic does not exist!";
    }else {
        $row = mysql_fetch_assoc($res);
        $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        $row2 = mysql_fetch_assoc($res2);
        if($row2['admin'] == 1 && $admin_user_level == 0){
            echo "You cannot view this topic!";
        }else {
            $a = (isa($row['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
            echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
            echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b> - Posted On: <em>".$row['date']."</em></td></tr>\n";
            echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'], true)."<br>Post Count: ".post($row['uid'])."<br>".$a."</td>";
            echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
            echo topic($row['message']);
            echo "</td>\n";
            echo "</tr>\n";
            $amount_check = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."'";
            $amount_check_res = mysql_query($amount_check) or die(mysql_error());
            $amount_count = mysql_num_rows($amount_check_res);
            $pages = ceil($amount_count/$limit);
            
            $previous = ($page-1 <= 0) ? "&laquo; Prev" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page-1)."\">&laquo; Prev</a>";
            $nextpage = ($page+1 > $pages) ? "Next &raquo;" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page+1)."\">Next &raquo;</a>";
            echo "<tr><td align=\"right\" colspan=\"2\" class=\"forum_header\">\n";
            echo "Pages: ";
            echo $previous;
            for($i=1;$i<=$pages;$i++){
                $href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=topic&id=".$id."&page=".$i."\">".$i."</a> ";
                
                echo $href;
            }
            echo $nextpage;
            echo "</td></tr>\n";
            $select_sql = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start."";
            $select_res = mysql_query($select_sql) or die(mysql_error());
            echo "</table>\n";
            echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\" class=\"reply\">\n";
            while($rowr = mysql_fetch_assoc($select_res)){
                $b = (isa($rowr['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
                echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\">Posted On: <em>".$rowr['date']."</em></td></tr>\n";
                echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($rowr['uid'], true)."<br>Post Count: ".post($rowr['uid'])."<br>".$b."</td>";
                echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
                echo topic($rowr['message']);
                if($rowr['edit_time'] > 0){
                    echo "<tr><td colspan=\"2\" align=\"right\"><em>Last Edit: ".date("M d, Y",$rowr['edit_time']) . " at " . date("h:i:s",$rowr['edit_time'])."</em></td></tr>\n";
                }
                $adminz = isa($_SESSION['uid']);
                if($adminz == 1 || $rowr['uid'] == $_SESSION['uid']){
                    echo "<tr><td align=\"left\" colspan=\"2\"><a href=\"index.php?act=mod&act2=reply&id=".$rowr['id']."\">Edit This Reply</a></td></tr>\n";
                }
                echo "</td>\n";
                echo "</tr>\n";
            }
            
            echo "<form method=\"post\" action=\"./index.php?act=reply&id=".$row['id']."\">\n";
            echo "<tr><td colspan=\"2\" align=\"center\"><textarea style=\"width:90%\" name=\"reply\"></textarea><br><input type=\"submit\" name=\"submit\" value=\"Add Reply\" style=\"width:90%\"></td></tr>\n";
            echo "</table>\n";
        }
    }
}else {
    echo "Please view a valid topic!";
}
 
 ?>

index.php (The forum)

PHP Code:

<?php
ob_start();
session_start();
include "./global.php";

$action = $_GET['act'];
$actions_array = array('forum','create','topic','reply','mod');
?>
<html>

    <head>
        <title>Lobby Hobby Forum</title>
        
        <link rel="stylesheet" type="text/css" href="./style.css">
        <link href="templatemo_style.css" rel="stylesheet" type="text/css" />
        
        <script language="Javascript">
            function confirmLogout(){
                var agree = confirm("Are you sure you wish to logout?");
                
                if(agree){
                    return true ;
                }else {
                    return false ;
                }
            }
        </script>
    </head>
    
    <body>
    <script src="http://cdn.wibiya.com/Toolbars/dir_0989/Toolbar_989194/Loader_989194.js" type="text/javascript"></script>
<div id="templatemo_container">
<center><img src="../images/modern-warfare-3-call-of-duty11.jpg" alt="mw3banner" ></center>
     <?php
include 'php.php';
?>
    <center>
        <div id="holder">
            
            <div id="userInfo">
                <?php
                
                    if($_SESSION['userid']){
                        $sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['userid']."'";
                        $res = mysql_query($sql) or die(mysql_error());
                        
                        if(mysql_num_rows($res) == 0){
                            session_destroy();
                            echo "Please <a href=\"./login.php\">Login</a> to your account, or <a href=\"./register.php\">Register</a> a new account!\n";
                        }else {
                            $row = mysql_fetch_assoc($res);
                            echo "Welcome back, <a href=\"../view.php?id=".$row['id']."\">".$row['username']."</a>! <a href=\"./logout.php\" onClick=\"return confirmLogout()\">Logout</a>\n";
                            echo "<br>\n";
                            echo "<a href=\"./index.php\">Forum Index</a>\n";
                            if($row['admin'] == '1'){
                                echo " | <a href=\"./admin.php\">Administrative Section</a>\n";
                            }
                        }
                    }else {
                        echo "Please <a href=\"../registerlogin.php\">Login</a> to your account, or <a href=\"../registerlogin.php\">Register</a> a new account!\n";
                    }
                    
                    $admin_user_level = $row['admin'];
                
                ?>
            </div>
        
            <div id="content">
                <?php
                
                if(!$action || !in_array($action,$actions_array)){
                    $sql1 = "SELECT * FROM `forum_cats` WHERE `admin` < ".$row['admin']."+1";
                    $res1 = mysql_query($sql1) or die(mysql_error());
                    
                    $i=1;
                    while($row2 = mysql_fetch_assoc($res1)){
                        echo "<div id=\"fcontent\">\n";
                        echo "    <div class=\"header\" id=\"header_".$i."\" onMouseOver=\"this.className='headerb'\" onMouseOut=\"this.className='header'\">".$row2['name']."</div>\n";
                        
                        $sql2 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='".$row2['id']."' AND `admin` < ".$row['admin']."+1";
                        $res2 = mysql_query($sql2) or die(mysql_error());
                        
                        while($row3 = mysql_fetch_assoc($res2)){
                            echo "    <div id=\"content\">\n";
                            echo "    <a href=\"./index.php?act=forum&id=".$row3['id']."\">".$row3['name']."</a><br>\n";
                            echo "    " . $row3['desc'] . "\n";
                            echo "    </div>\n";
                        }
                        
                        echo "</div>\n";
                        $i++;
                    }
                }else {
                    if($action == 'forum'){
                        include "./includes/forum.php";
                    }
                    
                    if($action == 'create'){
                        if(!$_SESSION['userid']){
                            header("Location: login.php");
                        }else {
                            include "./includes/create.php";
                        }
                    }
                    
                    
                    if($action == 'topic'){
                        include "./includes/topic.php";
                    }
                    
                    if($action == 'reply'){
                        if(!$_SESSION['userid']){
                            header("Location; login.php");
                        }else {
                            include "./includes/reply.php";
                        }
                    }
                    
                    if($action == 'mod'){
                        if(!$_SESSION['userid']){
                            header("Location; login.php");
                        }else {
                            include "./includes/mod.php";
                        }
                    }
                }
                
                ?>
            </div>
    </div>
        </div>
<!--  Designed by w w w . t e m p l a t e m o . c o m  --> 
    <div id="templatemo_footer">
        <script src="site_footer.js"></script>
        </div>

    </center>
    </body>

</html>
<?php
ob_end_flush();
?>

global.php

PHP Code:

<?php

$con = mysql_connect("********","******","*********") or die(mysql_error());
$db = mysql_select_db("*******", $con);

function mss($value){
    return mysql_real_escape_string(trim(strip_tags($value)));
}

function topic_go($id){
    echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?act=topic&id=".$id."\">";
}

function s($value){
    return stripslashes($value);
}

function topic($input){
    // bbcode
    return nl2br(strip_tags(stripslashes(htmlentities(htmlspecialchars($input)))));
}

function uid($uid, $link = FALSE){
    $sql = "SELECT username FROM `users` WHERE `id`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        return "Invalid User";
    }else {
        $row = mysql_fetch_assoc($res);
        if(!$link){
            return $row['username'];
        }else {
            return "<a href=\"../view.php?id=".$uid."\">".$row['username']."</a>";
        }
    }
}

function post($uid){
    $sql = "SELECT * FROM `forum_replies` WHERE `uid`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    return mysql_num_rows($res);
}

function isa($uid){
    $sql = "SELECT admin FROM `users` WHERE `id`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_assoc($res);
    return $row['admin'];
}


?>

Thanks in advance!

[BluePanther]

Quote:

Originally Posted by nordlinder

Hey guys!

I have a problem... In my forum, whenever you view a post, where it should say the user's username, it says "invalid User". It has done this before and I have solved it, but I can seem to solve it now. I'm not sure what files you will need, so here is my code:

Forum.php

PHP Code:

<?php

$id = mss($_GET['id']);

if($id){
    $sql = "SELECT * FROM `forum_sub_cats` WHERE `id`='".$id."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        echo "The forum category you supplied does not exist!\n";
    }else {
        $row = mysql_fetch_assoc($res);
        if($row['admin'] == 1 && $admin_user_level == 0){
            echo "You must be an administrator to view this forum!\n";
        }else {
            $sql2 = "SELECT * FROM `forum_topics` WHERE `cid`='".$row['id']."' ORDER BY time DESC";
            $res2 = mysql_query($sql2) or die(mysql_error());
            if(mysql_num_rows($res2) == 0){
                echo "There are no topics in this forum, <a href=\"./index.php?act=create&id=".$row['id']."\">click here</a> to create a topic!\n";
            }else {
                echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" width=\"100%\">\n";
                echo "<tr><td colspan=\"4\" align=\"right\"><a href=\"./index.php?act=create&id=".$row['id']."\">create a topic</a></td></tr>\n";
                echo "<tr align=\"center\"><td class=\"forum_header\">Title</td><td class=\"forum_header\">User</td><td class=\"forum_header\">Date Created</td><td class=\"forum_header\">Replies</td></tr>\n";
                while($row2 = mysql_fetch_assoc($res2)){
                    $sql3 = "SELECT count(*) AS num_replies FROM `forum_replies` WHERE `tid`='".$row2['id']."'";
                    $res3 = mysql_query($sql3) or die(mysql_error());
                    $row3 = mysql_fetch_assoc($res3);
                    echo "<tr align=\"center\"><td><a href=\"./index.php?act=topic&id=".$row2['id']."\">".s($row2['title'])."</a></td><td>".uid($row2['uid'])."</td><td>".$row2['date']."</td><td>".$row3['num_replies']."</td></tr>\n";
                }
                echo "</table>\n";
            }
        }
    }
}else {
    echo "Please supply a category ID!\n";
}

?>

Reply.php

PHP Code:

<?php

if(!$_SESSION['uid']){
    header("Location: index.php");
}

if(!$_POST['submit']){
    echo "Invalid usage of file";
}else {
    $tid = mss($_GET['id']);
    $msg = mss($_POST['reply']);
    
    if(!$tid){
        echo "You did not supply a topic to add a reply to";
    }else {
        $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$tid."'";
        $res = mysql_query($sql) or die(mysql_error());
        if(mysql_num_rows($res) == 0){
            echo "This topic does not exist";
        }else {
            $row = mysql_fetch_assoc($res);
            $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
            $res2 = mysql_query($sql2) or die(mysql_error());
            $row2 = mysql_fetch_assoc($res2);
            if($row2['admin'] == 1 && $admin_user_level == 0){
                echo "You do not have sufficient priveleges to add a reply to this topic";
            }else {
                if(!$msg){
                    echo "You did not supply a reply";
                }else {
                    if(strlen($msg) < 3 || strlen($msg) > 10000){
                        echo "Your reply must be between 3 and 10,000 characters!";
                    }else {
                        $date = date("m-d-y") . " at " . date("h:i:s");
                        $time = time();
                        $sql3 = "INSERT INTO `forum_replies` (`tid`,`uid`,`message`,`date`,`time`) VALUES('".$tid."','".$_SESSION['uid']."','".$msg."','".$date."','".$time."')";
                        $res3 = mysql_query($sql3) or die(mysql_error());
                        $sql4 = "UPDATE `forum_topics` SET `time`='".time()."' WHERE `id`='".$tid."'";
                        $res4 = mysql_query($sql4) or die(mysql_error());
                        header("Location: ./index.php?act=topic&id=".$tid);
                    }
                }
            }
        }
    }
}

?>

Topic.php

PHP Code:

 <?php

$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page'];
$page = ceil($page);
 
$limit = 10;
$start = $limit;
$end = $page*$limit-($limit);
 
 if($id){
    $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$id."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        echo "This topic does not exist!";
    }else {
        $row = mysql_fetch_assoc($res);
        $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        $row2 = mysql_fetch_assoc($res2);
        if($row2['admin'] == 1 && $admin_user_level == 0){
            echo "You cannot view this topic!";
        }else {
            $a = (isa($row['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
            echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\">\n";
            echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b> - Posted On: <em>".$row['date']."</em></td></tr>\n";
            echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'], true)."<br>Post Count: ".post($row['uid'])."<br>".$a."</td>";
            echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
            echo topic($row['message']);
            echo "</td>\n";
            echo "</tr>\n";
            $amount_check = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."'";
            $amount_check_res = mysql_query($amount_check) or die(mysql_error());
            $amount_count = mysql_num_rows($amount_check_res);
            $pages = ceil($amount_count/$limit);
            
            $previous = ($page-1 <= 0) ? "&laquo; Prev" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page-1)."\">&laquo; Prev</a>";
            $nextpage = ($page+1 > $pages) ? "Next &raquo;" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page+1)."\">Next &raquo;</a>";
            echo "<tr><td align=\"right\" colspan=\"2\" class=\"forum_header\">\n";
            echo "Pages: ";
            echo $previous;
            for($i=1;$i<=$pages;$i++){
                $href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=topic&id=".$id."&page=".$i."\">".$i."</a> ";
                
                echo $href;
            }
            echo $nextpage;
            echo "</td></tr>\n";
            $select_sql = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start."";
            $select_res = mysql_query($select_sql) or die(mysql_error());
            echo "</table>\n";
            echo "<table border=\"0\" width=\"100%\" cellspacing=\"3\" cellpadding=\"3\" class=\"reply\">\n";
            while($rowr = mysql_fetch_assoc($select_res)){
                $b = (isa($rowr['uid'])) ? "<font style=\"color:#800000;\">ADMIN</font>" : "";
                echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\">Posted On: <em>".$rowr['date']."</em></td></tr>\n";
                echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($rowr['uid'], true)."<br>Post Count: ".post($rowr['uid'])."<br>".$b."</td>";
                echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
                echo topic($rowr['message']);
                if($rowr['edit_time'] > 0){
                    echo "<tr><td colspan=\"2\" align=\"right\"><em>Last Edit: ".date("M d, Y",$rowr['edit_time']) . " at " . date("h:i:s",$rowr['edit_time'])."</em></td></tr>\n";
                }
                $adminz = isa($_SESSION['uid']);
                if($adminz == 1 || $rowr['uid'] == $_SESSION['uid']){
                    echo "<tr><td align=\"left\" colspan=\"2\"><a href=\"index.php?act=mod&act2=reply&id=".$rowr['id']."\">Edit This Reply</a></td></tr>\n";
                }
                echo "</td>\n";
                echo "</tr>\n";
            }
            
            echo "<form method=\"post\" action=\"./index.php?act=reply&id=".$row['id']."\">\n";
            echo "<tr><td colspan=\"2\" align=\"center\"><textarea style=\"width:90%\" name=\"reply\"></textarea><br><input type=\"submit\" name=\"submit\" value=\"Add Reply\" style=\"width:90%\"></td></tr>\n";
            echo "</table>\n";
        }
    }
}else {
    echo "Please view a valid topic!";
}
 
 ?>

index.php (The forum)

PHP Code:

<?php
ob_start();
session_start();
include "./global.php";

$action = $_GET['act'];
$actions_array = array('forum','create','topic','reply','mod');
?>
<html>

    <head>
        <title>Lobby Hobby Forum</title>
        
        <link rel="stylesheet" type="text/css" href="./style.css">
        <link href="templatemo_style.css" rel="stylesheet" type="text/css" />
        
        <script language="Javascript">
            function confirmLogout(){
                var agree = confirm("Are you sure you wish to logout?");
                
                if(agree){
                    return true ;
                }else {
                    return false ;
                }
            }
        </script>
    </head>
    
    <body>
    <script src="http://cdn.wibiya.com/Toolbars/dir_0989/Toolbar_989194/Loader_989194.js" type="text/javascript"></script>
<div id="templatemo_container">
<center><img src="../images/modern-warfare-3-call-of-duty11.jpg" alt="mw3banner" ></center>
     <?php
include 'php.php';
?>
    <center>
        <div id="holder">
            
            <div id="userInfo">
                <?php
                
                    if($_SESSION['userid']){
                        $sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['userid']."'";
                        $res = mysql_query($sql) or die(mysql_error());
                        
                        if(mysql_num_rows($res) == 0){
                            session_destroy();
                            echo "Please <a href=\"./login.php\">Login</a> to your account, or <a href=\"./register.php\">Register</a> a new account!\n";
                        }else {
                            $row = mysql_fetch_assoc($res);
                            echo "Welcome back, <a href=\"../view.php?id=".$row['id']."\">".$row['username']."</a>! <a href=\"./logout.php\" onClick=\"return confirmLogout()\">Logout</a>\n";
                            echo "<br>\n";
                            echo "<a href=\"./index.php\">Forum Index</a>\n";
                            if($row['admin'] == '1'){
                                echo " | <a href=\"./admin.php\">Administrative Section</a>\n";
                            }
                        }
                    }else {
                        echo "Please <a href=\"../registerlogin.php\">Login</a> to your account, or <a href=\"../registerlogin.php\">Register</a> a new account!\n";
                    }
                    
                    $admin_user_level = $row['admin'];
                
                ?>
            </div>
        
            <div id="content">
                <?php
                
                if(!$action || !in_array($action,$actions_array)){
                    $sql1 = "SELECT * FROM `forum_cats` WHERE `admin` < ".$row['admin']."+1";
                    $res1 = mysql_query($sql1) or die(mysql_error());
                    
                    $i=1;
                    while($row2 = mysql_fetch_assoc($res1)){
                        echo "<div id=\"fcontent\">\n";
                        echo "    <div class=\"header\" id=\"header_".$i."\" onMouseOver=\"this.className='headerb'\" onMouseOut=\"this.className='header'\">".$row2['name']."</div>\n";
                        
                        $sql2 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='".$row2['id']."' AND `admin` < ".$row['admin']."+1";
                        $res2 = mysql_query($sql2) or die(mysql_error());
                        
                        while($row3 = mysql_fetch_assoc($res2)){
                            echo "    <div id=\"content\">\n";
                            echo "    <a href=\"./index.php?act=forum&id=".$row3['id']."\">".$row3['name']."</a><br>\n";
                            echo "    " . $row3['desc'] . "\n";
                            echo "    </div>\n";
                        }
                        
                        echo "</div>\n";
                        $i++;
                    }
                }else {
                    if($action == 'forum'){
                        include "./includes/forum.php";
                    }
                    
                    if($action == 'create'){
                        if(!$_SESSION['userid']){
                            header("Location: login.php");
                        }else {
                            include "./includes/create.php";
                        }
                    }
                    
                    
                    if($action == 'topic'){
                        include "./includes/topic.php";
                    }
                    
                    if($action == 'reply'){
                        if(!$_SESSION['userid']){
                            header("Location; login.php");
                        }else {
                            include "./includes/reply.php";
                        }
                    }
                    
                    if($action == 'mod'){
                        if(!$_SESSION['userid']){
                            header("Location; login.php");
                        }else {
                            include "./includes/mod.php";
                        }
                    }
                }
                
                ?>
            </div>
    </div>
        </div>
<!--  Designed by w w w . t e m p l a t e m o . c o m  --> 
    <div id="templatemo_footer">
        <script src="site_footer.js"></script>
        </div>

    </center>
    </body>

</html>
<?php
ob_end_flush();
?>

global.php

PHP Code:

<?php

$con = mysql_connect("********","******","*********") or die(mysql_error());
$db = mysql_select_db("*******", $con);

function mss($value){
    return mysql_real_escape_string(trim(strip_tags($value)));
}

function topic_go($id){
    echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?act=topic&id=".$id."\">";
}

function s($value){
    return stripslashes($value);
}

function topic($input){
    // bbcode
    return nl2br(strip_tags(stripslashes(htmlentities(htmlspecialchars($input)))));
}

function uid($uid, $link = FALSE){
    $sql = "SELECT username FROM `users` WHERE `id`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($res) == 0){
        return "Invalid User";
    }else {
        $row = mysql_fetch_assoc($res);
        if(!$link){
            return $row['username'];
        }else {
            return "<a href=\"../view.php?id=".$uid."\">".$row['username']."</a>";
        }
    }
}

function post($uid){
    $sql = "SELECT * FROM `forum_replies` WHERE `uid`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    return mysql_num_rows($res);
}

function isa($uid){
    $sql = "SELECT admin FROM `users` WHERE `id`='".$uid."'";
    $res = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_assoc($res);
    return $row['admin'];
}


?>

Thanks in advance!

The problem, I think, is the query in the function uid(). Echo out the query before using it in mysql_query() to debug, just in case one of the calls to uid() has something unexpected in the query.

[nordlinder]

Sorry, I recently started using PHP. What would I be echoing out?

[BluePanther]

I think there's a problem with this function

PHP Code:

function uid($uid, $link = FALSE){ 
    $sql = "SELECT username FROM `users` WHERE `id`='".$uid."'"; 
    $res = mysql_query($sql) or die(mysql_error()); 
    if(mysql_num_rows($res) == 0){ 
        return "Invalid User"; 
    }else { 
        $row = mysql_fetch_assoc($res); 
        if(!$link){ 
            return $row['username']; 
        }else { 
            return "<a href=\"../view.php?id=".$uid."\">".$row['username']."</a>"; 
        } 
    } 
} 


Change it to this:

PHP Code:

function uid($uid, $link = FALSE){ 
    $sql = "SELECT username FROM `users` WHERE `id`='".$uid."'"; 
    echo 'sql was '.$sql.'<br/>';
    $res = mysql_query($sql) or die(mysql_error()); 
    if(mysql_num_rows($res) == 0){ 
        return "Invalid User"; 
    }else { 
        $row = mysql_fetch_assoc($res); 
        if(!$link){ 
            return $row['username']; 
        }else { 
            return "<a href=\"../view.php?id=".$uid."\">".$row['username']."</a>"; 
        } 
    } 
} 


and make sure the query makes sense every time (i.e. it's returning the results it should). If it's not, you know there's something wrong with the $uid you're passing.

[nordlinder]

I replaced what you told me, and now its still saying invalid user, along with the phrase "sql was SELECT username FROM `users` WHERE `id`='4'"

[BluePanther]

Quote:

Originally Posted by nordlinder

I replaced what you told me, and now its still saying invalid user, along with the phrase "sql was SELECT username FROM `users` WHERE `id`='4'"

Is there a user in the table `users` with id = 4?

[nordlinder]

no, there isnt.

[BluePanther]

Quote:

Originally Posted by nordlinder

no, there isnt.

There's your problem. You're calling that function somewhere, and passing $uid as 4. It returns 'invalid user' because the sql doesn't match anything (returns 0 rows to be more specific, hence why if(mysql_num_rows($res) == 0) evaluted true).

[nordlinder]

Dang. now the question is where

[nordlinder]

I have searched and searched and searched and I cant find it can anybody else find anything wrong with the code?

[_Aerospace_Eng_]

To narrow it down do a search in all of your forum code that you find

PHP Code:

uid( 


You will be able to see what you are passing to that function. Then print out the variables going into that function just before it is called. Also try changing your function to this

PHP Code:

function uid($uid, $link = FALSE){  
    $sql = "SELECT username FROM `users` WHERE `id`= $uid";  
    $res = mysql_query($sql) or die(mysql_error());  
    if(mysql_num_rows($res) == 0){  
        return "Invalid User";  
    }else {  
        $row = mysql_fetch_assoc($res);  
        if(!$link){  
            return $row['username'];  
        }else {  
            return "<a href=\"../view.php?id=".$uid."\">".$row['username']."</a>";  
        }  
    }  
} 


If id is an int there is no need for the single quotes. I can't be sure but that might make the query fail. Does it happen for every user? Every post? Also in reply.php you have this

PHP Code:

<?php 

if(!$_SESSION['uid']){ 
    header("Location: index.php"); 
}

It needs to be this

PHP Code:

<?php 
session_start();
if(!isset($_SESSION['uid'])){ 
    header("Location: index.php"); 
}

Without the session_start() there anyone who goes to reply.php will get redirected to index.php, whoever did your forum for you, they made a lot of mistakes. Here is where you are obviously getting the wrong value

PHP Code:

echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'], true)."<br>Post Count: ".post($row['uid'])."<br>".$a."</td>"; 


That is in topic.php, change that line to this

PHP Code:

echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".$row['uid']." ".uid($row['uid'], true)."<br>Post Count: ".post($row['uid'])."<br>".$a."</td>"; 


What are you getting for that value? $row['uid'] seems to be coming from your topics table. Check that table to see the uid in that table for your topics. What are they?

[nordlinder]

Yes, it does it to every user on every topic and reply.


I got the forum in a zip file on the internet. I am considering taking this one off and finding another one. Any suggestions?

[_Aerospace_Eng_]

I have updated my reply with some more information that might fix it. I think it has to do with the uid being inserted when someone makes a new topic.

I've always liked using fluxbb for forums. They are easy to customize and simple to integrate with existing sites.

[nordlinder]

Right now there is one topic and the uid in that is 0. The sql is now saying

sql was SELECT username FROM `users` WHERE `id`='0'

[_Aerospace_Eng_]

Did you update your uid function to exactly what I gave you? For that topic do you still get invalid username?