I'm relatively new at programming in PHP, and I have a social networking script that has a big bug. When creating a profile(registering) I don't think that the user is set under a profile type(usually free). However, when created from the admin section, I think that they are set under a profile type. -When the user edits their "aboutme...etc" it does not save, but the one created by the admin does save. I've looked at this thing for half an hour now and I think that one of these needs to be edited. ...but not sure, help is very very very much appreciated join.php <? $act=form_get("act"); if($act=='') sign_up_form(); elseif($act=='reg') do_register(); elseif($act=='val') validate(); elseif($act=='reval') revalidate(); elseif($act=='req_val') req_val(); //showing sign-up form function sign_up_form(){ global $main_url,$conf; $inv_id=form_get("inv_id"); $ref_id=form_get("ref_id"); if($conf['invite_only']=="on" && !is_numeric($inv_id) && !is_numeric($ref_id)) error_screen(43); if($inv_id!=''){ $sql_query="select mem_id from invitations where inv_id='$inv_id'"; $inv=sql_execute($sql_query,'get'); $sql_query="select fname,lname from members where mem_id='$inv->mem_id'"; $mem=sql_execute($sql_query,'get'); } if($ref_id!='') { $ref=sql_execute("SELECT fname,lname FROM members WHERE mem_id='$ref_id'","get"); $tt = sql_execute("SELECT max(date) as max FROM refer WHERE mem_id='$ref_id'","get"); if((time()-$tt->max)>86400) $uniq=1; else $uniq=0; sql_execute("INSERT INTO refer (mem_id,ip,url,date,reg,uniq) VALUES ('$ref_id','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_REFERER']."','".time()."','0','$uniq')",""); $rfid=mysql_insert_id(); } $sql_accc="select * from member_package where enabled=1 order by package_amt"; $res_accc=mysql_query($sql_accc); show_header(); echo '<table width="600" align=center>'; ?> <SCRIPT LANGUAGE="JavaScript"> function valid(value){ open("index.php?mode=chkuser&username="+value,"chkuser","toolbar=no,menubar=no,width=200,height=100,resizable=no") } </SCRIPT> <form action="index.php" method=post> <input type="hidden" name="mode" value="join"> <input type="hidden" name="act" value="reg"> <input type="hidden" name="inv_id" value="<?=$inv_id?>"> <input type="hidden" name="ref_id" value="<?=$ref_id?>"> <input type="hidden" name="rfid" value="<?=$rfid?>"> <tr><td> </td> <tr><td class="lined bold padded-6">Join our net</td> <tr><td height="5"></td> <tr><td class="lined"><table class="body" cellspacing=5 cellpadding=2> <tr><td colspan=3> <p class="bodygray bold">Become a Registered User <? if($inv_id!=''){ ?> <p><? echo "$mem->fname $mem->lname "; ?>invited you to become a member. <? } if($ref_id!='') { echo "<p>".$ref->fname." ".$ref->lname." refer you to become a member."; } else { ?> <p>Fill out the form below to become a member. <? } ?> <p>We take your <a href="index.php?mode=privacy">privacy</a> very seriously. We will not sell or exchange your e-mail address with anyone.</br></br> <p class="orangebody">All fields are required!</br>  </td> <tr><td>Username</td><td><input type="text" name="username"></td><td rowspan="2" class="lined form_tip"><input type="button" value="Check username" onclick="valid(this.form.username.value)"><br>Your personal profile page:<br> <?=$main_url?>/?USERNAME</td></tr> <tr><td></td></tr> <tr><td>First Name</td><td><input type="text" name="fname"></td><td rowspan=2 class="lined form_tip">Your full name will only be shown to your friends.</td> <tr><td>Last Name</td><td><input type="text" name="lname"></td> <tr><td>E-mail</td><td><input type="text" name="email"></td><td rowspan=2 class="lined form_tip">This is your login ID; this e-mail address must be verified before you can fully explore our site</td> <tr><td>Confirm E-mail</td><td><input type="text" name="email2"></td> <tr><td>Password</td><td><input type="password" name="password"></td><td class="lined form_tip">Passwords must be 4-12 characters.</td> <tr><td>Confirm Password</td><td><input type="password" name="password2"></td><td></td> <tr><td>ZIP/Postal Code</td><td><input type="text" name="zip"></td> <td rowspan=2 class="lined form_tip">This information enables you to see local content. You may hide your location from others.</br> <input type=checkbox name="showloc" value="0">Don't show my location</td> <tr><td>Country</td><td><select name="country"> <? country_drop(); ?> </select> </td> <tr><td>Gender</td><td><input type="radio" name="gender" value="m">Male</br> <input type="radio" name="gender" value="f">Female</br> <input type="radio" name="gender" value="n">I'd prefer not to say</br> </td> <td rowspan=2 class="lined form_tip">You may hide this information from others.</br> <input type=checkbox name="showgender" value="0">Don't show my gender</br> <input type=checkbox name="showage" value="0">Don't show my age </td> <tr><td>Birthday</td> <td><select name=month> <option selected value="0">Month <? month_drop(0); ?> </select> <select name=day> <option selected value="0">Day <? day_drop(0); ?> </select> <select name=year> <option selected value="0">Year <? year_drop('0'); ?> </select> </td> <tr><td colspan=3></td></tr> <tr><td valign="top">Membership Type</td><td valign="top"> <?php $ssco=1; if(mysql_num_rows($res_accc)) { while($row_accc=mysql_fetch_object($res_accc)) { if($ssco==1) $dis="<input type='radio' name='pack' value='$row_accc->package_id' checked> ".$row_accc->package_nam." "; else $dis="<input type='radio' name='pack' value='$row_accc->package_id'> ".$row_accc->package_nam." "; if($row_accc->package_amt!='0.00') $dis.=" ‹ $".$row_accc->package_amt." ›"; ?> <?=$dis?> <br> <?php $ssco++; $dis=""; } } ?> </td> <td rowspan=2 class="lined form_tip" valign="top"> Select Membership Package </td> <tr><td colspan=3> </td> <? if($conf['security_image']=="on") { ?> <tr><td><img src="img.php?regen=y&<?php echo time(); ?>" /></td><td><input type="text" name="code" /></td><td class="lined form_tip" valign="top">Please enter confirmation code displayed below</td></tr> <? } ?> <tr><td colspan=3> </td> <tr><td colspan=3 class="td-lined-top" height=3></td> <tr><td colspan=3 align="center"><input type=checkbox name="terms" value=1>I have read and agree to the <a href='index.php?mode=terms'>Terms of Use</a></td> <tr><td colspan=3 align="center"><input type=checkbox name="tac" value=1>I agree to the <a href='index.php?mode=tacs' target="_blank">Terms and Conditions</a></td> <tr><td colspan=3> </td> <tr><td colspan=3 align="right"><input type=submit value="Register"></td> <tr><td colspan=3> </td> </form> </table></td> <tr><td> <table> <tr><td class="lined body padded-6" valign=top> <span class="subtitle">This site requires cookies</span></br></br> Our site uses cookies to provide you with a reliable, consistent experience as you browse the site. Please make sure your browser can accept cookies. </td> <td class="lined body padded-6" valign=top> <span class="subtitle">Using a Spam Filter?</span></br></br> Add our site to your list of approved domains now so you can receive your registration confirmation and messages from other members. </td> <td class="lined body padded-6" valign=top> <span class="subtitle">What's in a Name?</span></br></br> <p>Your first and last name will only be visible to your 1 degree Friends -- people who are DIRECTLY CONNECTED to you. <p>Anyone who is 2 degrees removed will see your FIRST NAME and the FIRST INITIAL of your last name. <p>People who are 3 degrees removed or more will only see your FIRST name. </td> </table> </td> </table> <? show_footer(); } function do_register(){ global $main_url,$conf; if($conf['security_image']=="on") { session_start(); include_once 'spaf_formvalidator.class.php'; $obj = new SPAF_FormValidator(); } $m_id=cookie_get("mem_id"); if($m_id!='') error_screen(25); //getting values from form $form_data=array ("password","password2","username","fname","lname","gender","inv_id","ref_id","rfid","day","month","year","email","email2","zip","country","terms","showloc","showgender","showage","pack","code"); while (list($key,$val)=each($form_data)) ${$val}=form_get("$val"); // checking turing number if($conf['security_image']=="on") { if (!$obj->validRequest($_POST['code'])) error_screen(41); } $sql="select * from member_package where package_id=$pack"; $res=mysql_query($sql); $row=mysql_fetch_object($res); $package_amt=$row->package_amt; $username = preg_replace("|a-z0-9 _.-|i", "", $username); //values check $pattern = "#[\;\#\n\r\*\'\"<>&\%\!\(\)\{\}\[\]\?\\/]#"; $password=trim($password); $email=strtolower(trim($email)); $email=trim($email); $email=str_replace( " ", "", $email ); $email=preg_replace( $pattern, "", $email ); $email2=strtolower(trim($email2)); $email2=trim($email2); $email2=str_replace( " ", "", $email2 ); $email2=preg_replace( $pattern, "", $email2 ); $username=strtolower(trim($username)); $username=str_replace(" ", "", $username); $username=preg_replace($pattern, "", $username); $passl=strlen($password); if(!isset($terms)) $terms="no"; $sql_query="select mem_id from members where email='$email' or username='$username'"; $num2=sql_execute($sql_query,'num'); //checking if e-mail and confirm e-mail fields are equal if($email!=$email2) error_screen(1); if($conf['domain_checker']=="on" && check_domain($email)) error_screen(42); //checking if password and confirm password fields are equal if($password!=$password2) error_screen(2); //if required values empty elseif(($username=='')||($password=='')||($email=='')||($terms=='no')||($fname=='')||($lname=='')||($gender=='')||($day==0)||($month==0)||($year==0)||($zip=='')||($country=='')) error_screen(3); //checking if this e-mail is already used elseif($num2!=0) error_screen(4); //checking password length elseif(($passl<4)||($passl>12)) error_screen(7); else{ //crypting password $crypass=md5($password); //preparing sql query if($showloc==''){ $showloc=1; } if($showgender==''){ $showgender=1; } if($showage==''){ $showage=1; } $user_ip = $_SERVER['REMOTE_ADDR'] ; $user_browser = $_SERVER['HTTP_USER_AGENT']; $birthday=maketime(0,0,0,$month,$day,$year); //adding data to db $joined=time(); $crypass=md5($password); if($package_amt=='0.00') { $mem_st="F"; $p_stat="Y"; } else { $mem_st="P"; $p_stat="N"; } $now = gmdate('Y-m-d H:i:s'); $sql_query="insert into members (username,email,password,fname,lname,zip,country,showloc,showgender,showage,gender,birthday,verified,joined,mem_stat,mem_acc,pay_stat,deducted,amount) values ('$username','$email','$crypass','$fname','$lname','$zip','$country','$showloc','$showgender','$showage','$gender','$birthday','"; $sql_query .= ($conf['mem_val']=="on") ? "n" : "y"; $sql_query .= "','$joined','$mem_st','$pack','$p_stat','0','0')"; sql_execute($sql_query,''); $sql_query="select max(mem_id) as maxid from members"; $mem=sql_execute($sql_query,'get'); @mkdir("blog/".$username,0755); @chmod("blog/".$username,0755); @copy("blog_url.php","blog/".$username."/index.php"); //creating photo album $sql_query="insert into photo(mem_id) values ('$mem->maxid')"; sql_execute($sql_query,''); $time=time(); $sql_query="insert into profiles(mem_id,updated) values('$mem->maxid','0')"; sql_execute($sql_query,''); sql_execute("INSERT INTO b_style (mem_id) VALUES ('$mem->maxid')",""); sql_execute("INSERT INTO blogs_cats (mem_id,name,count) VALUES ('$mem->maxid','Uncategorized','0')",""); $sql_query="update stats set day_sgns=day_sgns+1,week_sgns=week_sgns+1,month_sgns=month_sgns+1"; sql_execute($sql_query,''); if($conf['security_image']=="on") $obj->destroy(); //sending sign-up e-mail (validation notice) if($conf['mem_val']=="on") { $val_key=$email.time(); $val_key=md5($val_key); $sql_query="insert into validate (email,password,val_key,ref_id,rfid) values ('$email','$password','$val_key','$ref_id','$rfid')"; sql_execute($sql_query,''); $data="<a href='$main_url/index.php?mode=join&act=val&val_key=$val_key&inv_id=$inv_id'>Verify Email</a>"; messages($email,'0',$data); complete_screen(0); } else sql_execute("UPDATE refer SET reg = '1' WHERE id = '$rfid'",""); sql_execute("UPDATE members SET ref_id = '$ref_id' WHERE email='$email'",""); //showing a congratulation page complete_screen(12); } } function validate(){ //getting validate key $val_key=form_get("val_key"); $inv_id=form_get("inv_id"); $sql_query="select * from validate where val_key='$val_key'"; $num=sql_execute($sql_query,'num'); //if val key is invalid showing error if($num==0) error_screen(6); $val=sql_execute($sql_query,'get'); $data[0]=$val->email; $data[1]=$val->password; //sending user login info messages($val->email,"2",$data); //updating db (account verified) $sql_query="delete from validate where val_key='$val_key'"; sql_execute($sql_query,''); $sql_query="update members set verified='y' where email='$data[0]'"; sql_execute($sql_query,''); sql_execute("UPDATE refer SET reg=1 WHERE id='".$val->rfid."'",""); sql_execute("UPDATE members SET ref_id = '".$val->ref_id."' WHERE email='".$val->email."'",""); if($inv_id!=''){ $sql_query="select * from invitations where inv_id='$inv_id'"; $frd=sql_execute($sql_query,'get'); $sql_query="select mem_id from members where email='$data[0]'"; $mem=sql_execute($sql_query,'get'); $sql_query="insert into network (mem_id,frd_id) values ($mem->mem_id,$frd->mem_id),($frd->mem_id,$mem->mem_id)"; sql_execute($sql_query,''); $sql_query="update invitations set stat='f' where inv_id='$inv_id'"; sql_execute($sql_query,''); }//if else { $dd=time()-259200; sql_execute("DELETE FROM invitations where date<'$dd'",""); } $sql_query="select mem_id from invitations where email='$data[0]' and stat!='f'"; $res=sql_execute($sql_query,'res'); $num=mysql_num_rows($res); if($num!=0){ while($inv=mysql_fetch_object($res)){ $now=time(); $sql_query="select mem_id from members where email='$data[0]'"; $mem=sql_execute($sql_query,'get'); $subj="Invitation to Join ".name_header($inv->mem_id,"ad")."\'s Personal Network"; $bod="After you push \"Confirm\" button user ".name_header($inv->mem_id,"ad"). " will be added to your friends network."; $sql_query="insert into messages_system(mem_id,frm_id,subject,body,type,folder,date) values('$mem->mem_id','$inv->mem_id','$subj','$bod','friend','inbox','$now')"; sql_execute($sql_query,''); }//while }//if complete_screen(2); } function revalidate() { global $main_url; $email = form_get("email"); $val = sql_execute("SELECT val_key FROM validate WHERE email='$email'","get"); $val_key=$val->val_key; $data="<a href='$main_url/index.php?mode=join&act=val&val_key=$val_key&inv_id=$inv_id'>Verify Email</a>"; messages($email,'0',$data); complete_screen(13); } function req_val() { show_header(); ?> <form action="index.php" method="post"> <input type="hidden" name="mode" value="join"> <input type="hidden" name="act" value="reval"> <table cellspacing="0" cellpadding="0" border="0" width="100%" class="body"><tr><td width="100%" align="center"><br> Enter your email address <input type="text" name="email" value=""><br><input type="submit" value="Submit"> </td></tr></table> </form> <? show_footer(); } function check_domain($email) { $email = explode("@",$email); $edomain = $email[1]; $sql_query="SELECT domain from domains where domain='$edomain'"; $num2=sql_execute($sql_query,'num'); if($num2==0) return false; else return true; } ?> PHP: and index.php <? error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); if (ini_get('register_globals')!="on") { $superglobals = array($_SERVER, $_ENV,$_FILES, $_COOKIE, $_POST, $_GET); foreach ($superglobals as $superglobal) { extract($superglobal, EXTR_SKIP); } } require('data.php'); require('functions.php'); require('templates/language/eng.php'); sql_connect(); global $conf; get_settings(); $visit=cookie_get("visit"); $now=time(); $sql_query="select updated from stats"; $stats=sql_execute($sql_query,'get'); $num=sql_execute($sql_query,'num'); $day_of_week=date("w"); $month_start=mktime(0,0,0,date("m"),1,date("Y")); $week_start=mktime(0,0,0,date("m"),date("d")-$day_of_week,date("Y")); $day_start=mktime(0,0,0,date("m"),date("d"),date("Y")); if($num==0) { $sql_query="insert into stats (day_sgnin,week_sgnin,month_sgnin,day_vis,week_vis,month_vis,vis,updated) values ('$num','$num','$num',1,1,1,concat(vis,'|$now'),$now)"; sql_execute($sql_query,''); } if($stats->updated<=$month_start){ $sql_query="update stats set month_sgnin='0', month_vis='0', updated='$now'"; sql_execute($sql_query,''); } if($stats->updated<=$week_start){ $sql_query="update stats set week_sgnin='0', week_vis='0', updated='$now'"; sql_execute($sql_query,''); } if($stats->updated<=$day_start){ $sql_query="update stats set day_sgnin='0', day_vis='0', vis='', updated='$now'"; sql_execute($sql_query,''); } $day=24*3600; if($now-$visit>=$day){ $sql_query="update stats set day_vis=day_vis+1,week_vis=week_vis+1,month_vis=month_vis+1, vis=concat(vis,'|$now')"; sql_execute($sql_query,''); SetCookie("visit",$now,time()+60*60*24,"/",$cookie_url); }//if $user=$_SERVER['QUERY_STRING']; if($user!="") { $sql = "SELECT mem_id FROM members WHERE username = '$user'"; $num = sql_execute($sql,"num"); if($num) { $mem = sql_execute("SELECT mem_id FROM members WHERE username = '$user'","get"); show_screen("index.php?mode=people_card&p_id=".$mem->mem_id); } } // event notification if($conf['events']=="on") { $time=time()-$conf['event_alert']*86400; $res = sql_execute("SELECT a.username,a.email,b.even_title,b.even_id,c.mem FROM members a,event_list b,event_invite c WHERE b.start>$time AND c.event_id=b.even_id AND c.status='y' AND c.notified='0' AND a.mem_id=c.mem","res"); while($row=mysql_fetch_object($res)){ sql_execute("UPDATE event_invite SET notified=1 WHERE event_id='".$row->even_id."' AND mem='".$row->mem."'",""); $body = "Hello ".$row->username.", you have upcoming event '".$row->even_title."' after ".$conf['event_alert']." days.\n"; $body .= $main_url."/index.php?mode=events&act=viewevent&seid=".$row->even_id; mailing($row->email,$site_name,$system_mail,"Notification about upcoming event",$body); } } check($mode); ?> PHP: If you need more files, or the entire script, I'll willingly give you copies.(under a temporary lisence of course)
Are you using an IDE with a debugger? If so, set the appropriate breakpoint(s) and find out exactly where the bug is located and fix it. Reading embedded script is great, but does not always give us insite into the problem. I am swamped at the moment, but may be able to help. Good luck.