I have a simple messageboard set up. works pretty well. I set up admin privileges via an array in the config file. Now, normal user can click on the Edit Profile link and no issues. as soon as i go into config.php and add a user in the array and then login and click the Edit Profile link i get a page and i see this: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/torncity/public_html/messageboard/edit_profile.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/torncity/public_html/messageboard/edit_profile.php on line 11 Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/torncity/public_html/messageboard/edit_profile.php on line 13 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/torncity/public_html/messageboard/edit_profile.php on line 13 Access denied for user 'nobody'@'localhost' (using password: NO) Code (markup): Normal users are fine, its only when i add someone to the array like below the user "Dirty-Rockstar" now gets the above error when she clicks on the edit profile link. while a user Dirty-Rockstar2 will not. http://www.torncitynoobs.com/messageboard/main_forum.php Config.php <?php /*************** FORUM CONFIGURATION ***************/ $admin_users=array('Dirty-Rockstar'); // Administrative users $rpp='25'; // Maximum posts per page $guest_question=0; // Guests are allowed to make topics $guest_answer=0; // Guests are allowed to make replies $user_delete_topic=1; // Allows user to delete own topic $user_delete_answer=1; // Allows user to delete own answer $debugmode=0; // Sets the debugging level (default is 0) $display_version=0; // Keep this off most of the time for security reasons, mainly for developers. /*************** BBcode CONFIGURATION ***************/ $bbcode = 1; // enable or disable BBcode $bbcode_explain = '<br />The following BBcode is enabled: [b][/b], [i][/i], [u][/u]'; $bb_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is' ); $bb_replace = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>' ); /*************** BAD WORD CONFIGURATION ***************/ $censor = 1; // If im going to censor words // Censored Words--there are 4 lines of it in my official code $badwords=array(worddd, dhdhdh, lalalal, weeeeeeee ); // Replacement $replacements=array( '[censored]' ); /*************** SESSION SECURITY CONFIGUREATION ***************/ // Secure Word to Secure Sessions and prevent hijacking. // For more security just change the below to anything you want $secure_word='sphpforum_'; $check_browser = 1; // Verifies browser is the same $check_ip = 2; // Checks for IP range of security. 2 Is usually secure enough, 3 is very secure, 4 user must be SAME IP. $regen_id = 1; // Prevents Session Hi-Jacking $ip = $_SERVER['REMOTE_ADDR']; /*************** DATABASE CONFIGUREATION ***************/ $host='localhost'; // Host name $username='username'; // Mysql username $password='passwordhere'; // Mysql password $db_name='torncity_forum'; // Database name $db_prefix='forum_'; // Table Prefix /*************** DO NOT EDIT BELOW THIS LINE ***************/ $version="0.5 RC1"; // These are global functions // Magic quotes is not dependable and many shared hosting servers do not allow users to use ini_set ini_set('magic_quotes_gpc','off'); if (get_magic_quotes_gpc()) { $_GET = array_map('stripslashes', $_GET); $_POST = array_map('stripslashes', $_POST); } // Just incase for register_globals on if(!$dboff){ // Connect to server and select databse. mysql_connect($host, $username, $password)or die('cannot connect'); mysql_select_db($db_name)or die('cannot select DB'); } // Set debugging level switch($debugmode) { case 0: // Report all errors except E_NOTICE // This is the default value set in php.ini error_reporting(E_ALL ^ E_NOTICE); break; case 1: // Report simple running errors error_reporting(E_ERROR | E_WARNING | E_PARSE); break; case 2: // Reporting E_NOTICE can be good too (to report uninitialized // variables or catch variable name misspellings ...) error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); break; case 3: // Report all PHP errors (bitwise 63 may be used in PHP 3) error_reporting(E_ALL); break; case 4: // Turn off all error reporting error_reporting(0); break; } session_start(); require 'inc/securesession.php'; $ss = new SecureSession(); $ss->check_browser = $check_browser; $ss->check_ip_blocks = $check_ip; $ss->secure_word = $secure_word; $ss->regenerate_id = $regen_id; if (!$ss->Check()) { $ss->Destroy(); $_SESSION['logged_in'] = false; } ?> PHP: edit_user.php <?php $dboff=!$_GET['id']; require('config.php'); if (!$_SESSION['logged_in']) { die('You must be logged on to edit your profile'); } include('header.php'); if(in_array($_SESSION['username'],$admin_users) && $_SESSION['id'] != $_GET['id']){ $id=mysql_real_escape_string($_GET['id']); $sql="SELECT * FROM {$db_prefix}user WHERE id='$id'"; $row=mysql_fetch_array(mysql_query($sql) or die(mysql_error())); if (!$row) die("This user does not exist."); $admin='<input type="hidden" name="id" value="'.$_row['username'].'">'; }else{ $row=$_SESSION; } ?> <h2>Edit profile</h2> <p>Logged on as: <?=$row['username'] ?></p> <form method="post" action="update_profile.php"> <?= $admin ?> <table> <tr><td>Password:</td><td><input name="password" type="password" /><br />Leave blank to keep current password</td></tr> <tr><td>E-mail:</td><td><input name="email" type="text" value="<?=$row['email'] ?>" /></td></tr> <tr><td>Real Name:</td><td><input name="realname" type="text" value="<?=$row['realname'] ?>" /></td></tr> </table> <input type="submit" name="submit" value="Update profile" class="button"/> </form> <? include('footer.php'); ?> PHP: Tables: forum_answer forum_question forum_user Fields under user: id username password ip email realname If you need any other pages let me know. ill be refreshing this page for the next 2 hours PS: im not super super good with php, i can read and understand it so bear with me. yes this is a template im poking with
Is that variable $_row right? Should it be just $row? Also the die block should have curly braces if that is part of the if statement
Fast solution, change if(!$dboff){ // Connect to server and select databse. mysql_connect($host, $username, $password)or die('cannot connect'); mysql_select_db($db_name)or die('cannot select DB'); } To: mysql_connect($host, $username, $password)or die('cannot connect'); mysql_select_db($db_name)or die('cannot select DB'); If you want to go about debugging, echo $dboff before the connection to see the value. Peace,
Ill try this first. If it works 10 bucks for you killed 3 of the 4 errors. Now im getting Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/torncity/public_html/messageboard/edit_profile.php on line 13 This user does not exist. (user exists) It seems it has an issue pulling the ID from the DB Line 13: $row=mysql_fetch_array(mysql_query($sql) or die(mysql_error()));
You might be right, but it didnt fix the issue. Ill look ever the code to make sure that var is right This could be user preference. I checked other pages and the style is the same
Can you check the output source of the html for the edit_user.php page. Specifically make sure that the id variable is actually getting displayed. Make sure is displaying <input type="hidden" name="id" value="[the user id here]"> in the html output. If you're not sending a valid id in the sql statement you will get 0 rows returned which could give that error.
in edit_user.php i took this chunk..... if(in_array($_SESSION['username'],$admin_users) && $_SESSION['id'] != $_GET['id']){ $id=mysql_real_escape_string($_GET['id']); $sql="SELECT * FROM {$db_prefix}user WHERE id='$id'"; $row=mysql_fetch_array(mysql_query($sql) or die(mysql_error())); if (!$row) die("WEEEEEEEEEEEEEEEEEEEEE."); $admin='<input type="hidden" name="id" value="'.$_row['username'].'">'; }else{ $row=$_SESSION; PHP: and took out the ! in this line && $_SESSION['id'] != $_GET['id']) PHP: when i did that the error went away but it probably will make some results very strange. im hoping it didnt make admin privldiges global....and then i get this pretty line Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 EDIT: it didnt mess with the admin rules at all. but what in gods name is that chunk of error