OK I made a mistake in my log in system then I tried to fix it and I know I made a mistake because now when I go to my site it doesn't show anything, http://vexxon.net.

Here is my PHP code:

<?php
switch ($_GET['id']) {
default:
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require("includes/register.php");
break;

case 'log':
include("config.php");
if (!$logged[username])
{
if (!$_POST[login])
{
echo("
<center><form method=\"POST\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>");
}
elseif ($_POST[login]) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST[password]);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data[password] != $password || $data[username] != $username) {
echo "Your password/username is wrong";
exit();
}
setcookie("uname", $data[id], time()+(60*60*24*5), "/", "");
setcookie("pword", $data[pass], time()+(60*60*24*5), "/", "");
header("Location: login.php");
else {
Echo "You are logged in!";
setcookie("uname", $data[id], time()+(60*60*24*5), "/", "");
setcookie("pword", $data[pass], time()+(60*60*24*5), "/", "");
header("Location: index.php?id=log");
}
}
}
else
{

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center ($new new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>");
}
break;

case 'memb':
require("includes/members.php");
break;

case 'on':
require("includes/online.php");
break;

case 'pms':
require("includes/messages.php");
break;

case 'logo':
require("includes/logout.php");
break;

case 'newad':
require("includes/news_admin.php");
break;

case 'editpro':
require("includes/editprofile.php");
break;

case 'news':
require("includes/news.php");
break;

case 'adm':
require("includes/admin.php");
break;

case 'newscom':
require("includes/news_comments.php");
break;
}
?>

I erased almost all of the HTML because it was too long

<?php
ob_start();
$id=(isset($_GET['id']) ? $_GET['id'] : 'default');
switch ($_GET['id']) {
case 'default':
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require_once("includes/register.php");
break;

case 'log':
include("config.php");
if (!$logged['username']) {
if (!$_POST['login']) {
echo "
<center><form method=\"POST\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>";
}
elseif ($_POST['login']) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST[password]);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data['password'] != $password || $data['username'] != $username) {
echo "Your password/username is wrong";
exit;
}
setcookie("uname", $data[id], time()+(60*60*24*5), "/", "");
setcookie("pword", $data[pass], time()+(60*60*24*5), "/", "");
header("Location: login.php");
}
else {
header("Location: login.php");
}
}
else {
echo "You are logged in!";
setcookie("uname", $data[id], time()+(60*60*24*5), "/", "");
setcookie("pword", $data[pass], time()+(60*60*24*5), "/", "");
header("Location: index.php?id=log");
}
}
else {
// we now display the user controls.
$new = mysql_query("SELECT * FROM pmessages WHERE unread = 'unread' AND touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo "<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center (".$new." new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>";
}
break;

case 'memb':
require_once("includes/members.php");
break;

case 'on':
require_once("includes/online.php");
break;

case 'pms':
require_once("includes/messages.php");
break;

case 'logo':
require_once("includes/logout.php");
break;

case 'newad':
require_once("includes/news_admin.php");
break;

case 'editpro':
require_once("includes/editprofile.php");
break;

case 'news':
require_once("includes/news.php");
break;

case 'adm':
require_once("includes/admin.php");
break;

case 'newscom':
require_once("includes/news_comments.php");
break;
}
ob_end_flush();
?>

How does that work?

Thanks Doug I'll try it out, though I did fix it, but still I try to log in but it doesn't set the cookie, my friend says you should use ob_start(); for cookies, so I will try, edit: doesn't work, one sec I will try one more thing, in the mean time here is my new code:
<?php
ob_start();
switch ($_GET['id']) {
default:
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require("includes/register.php");
break;

case 'log':
include("config.php");
if (!$logged[username])
{
if (!$_POST[login])
{
echo("
<center><form method=\"POST\" name=\"login\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>");
}
elseif ($_POST[login]) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST[password]);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data[password] != $password || $data[username] != $username) {
echo "Your password/username is wrong";
exit();
}
else {
Echo "You are logged in!";
setcookie("id", $data[id], time()+(60*60*24*5), "/", "");
setcookie("pword", $data[password], time()+(60*60*24*5), "/", "");
header("Location: index.php?id=log");
}
}
}
else
{

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center ($new new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>");
}
break;

case 'memb':
require("includes/members.php");
break;

case 'on':
require("includes/online.php");
break;

case 'pms':
require("includes/messages.php");
break;

case 'logo':
require("includes/logout.php");
break;

case 'newad':
require("includes/news_admin.php");
break;

case 'editpro':
require("includes/editprofile.php");
break;

case 'news':
require("includes/news.php");
break;

case 'adm':
require("includes/admin.php");
break;

case 'newscom':
require("includes/news_comments.php");
break;
}
?>

Eh, I don't really think you need to play around with ob_flush or anything like that, just don't send any content before the cookies, but if you must then it will work. I don't really feel like reproducing your site, so I'm gonna show you the way I would debug it. You say that the cookies don't seem to be getting set, so I would comment out your php redirect that comes after your cookie setting, if theres an error with the setting of the cookies it will show you it. Otherwise I would print out the variables the cookie is trying to set to make sure that is working...

Oh and on a side note, I would do something along the lines of
if (strtolower($data[password]) != strtolower($password) || strtolower($data[username]) != strtolower($username)) {

That will make all the variables lowercase so it can be case insensitive...

Passwords are better keptt case sensitive so they are more secure, my password is case sensitive. And you left the domain area of the setcookie() function empty.

but the domain is not required...

No its not, but he actually put it as an empty value.

So, umm how can I fix this? Look if anyone has a copy of Naresh's usersystem send the log in page to me, or post here, Naresh's usersystem is the one that was on techtuts, before the database was lost.

Sorry for the double post, but here is my code now, see I change it a lot to see if it will work.
<?php
ob_start();
include("config.php");
switch ($_GET['id']) {
default:
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require("includes/register.php");
break;

case 'log':
if (!$logged[username])
{
if (!$_POST[login])
{
echo("
<center><form method=\"POST\" name=\"login\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>");
}
elseif ($_POST[login]) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST[password]);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data[password] != $password || $data[username] != $username) {
echo "Your password/username is wrong";
echo '</div>
</div>
<div class="footer">
<div align="center">©2005, vexxon productions</div>
</div>
</body>
</html>';
exit();
}
else {
setcookie("id", $data[id], time()+(60*60*24*5), "/", "vexxon.net");
setcookie("pass", $data[password], time()+(60*60*24*5), "/", "vexxon.net");
Echo "You are logged in!";
header("Location: index.php?id=log");
}
}
}
else
{

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center ($new new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>");
}
break;

case 'memb':
require("includes/members.php");
break;

case 'on':
require("includes/online.php");
break;

case 'pms':
require("includes/messages.php");
break;

case 'logo':
require("includes/logout.php");
break;

case 'newad':
require("includes/news_admin.php");
break;

case 'editpro':
require("includes/editprofile.php");
break;

case 'news':
require("includes/news.php");
break;

case 'adm':
require("includes/admin.php");
break;

case 'newscom':
require("includes/news_comments.php");
break;
}
?>

$password = md5($_POST[password]);
change it to
$password = md5($_POST['password']);

you have a lot of things that are missing single quotes, try adding them...

I was going to add this to my last post, but I missed the 5 minute edit time... so these are the changes you should probably make


<?php
ob_start();
include("config.php");
switch ($_GET['id']) {
default:
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require("includes/register.php");
break;

case 'log':
if (!$logged['username'])
{
if (!$_POST['login'])
{
echo("
<center><form method=\"POST\" name=\"login\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>");
}
elseif ($_POST['login']) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST['password']);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data['password'] != $password || $data['username'] != $username) {
echo "Your password/username is wrong";
echo '</div>
</div>
<div class="footer">
<div align="center">©2005, vexxon productions</div>
</div>
</body>
</html>';
exit();
}
else {
setcookie("id", $data['id'], time()+(60*60*24*5), "/", "vexxon.net");
setcookie("pass", $data['password'], time()+(60*60*24*5), "/", "vexxon.net");
Echo "You are logged in!";
header("Location: index.php?id=log");
}
}
}
else
{

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '" . $logged['username'] . "'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged['username']</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center ($new new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>");
}
break;

case 'memb':
require("includes/members.php");
break;

case 'on':
require("includes/online.php");
break;

case 'pms':
require("includes/messages.php");
break;

case 'logo':
require("includes/logout.php");
break;

case 'newad':
require("includes/news_admin.php");
break;

case 'editpro':
require("includes/editprofile.php");
break;

case 'news':
require("includes/news.php");
break;

case 'adm':
require("includes/admin.php");
break;

case 'newscom':
require("includes/news_comments.php");
break;
}
?>

Hey c0rndawg, it didn't work, now nothing shows!

Ouch... Try this!


<?php
ob_start();
include("config.php");
switch ($_GET['id']) {
default:
echo "Welcome to Vexxon.net, <a href='index.php?id=reg'>register now</a> to get access to the members area!!";
break;

case 'reg':
require("includes/register.php");
break;

case 'log':
if (!$logged[username])
{
if (!$_POST[login])
{
echo("
<center><form method=\"POST\" name=\"login\">
<table>
<tr>
<td align=\"center\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"center\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"index.php?id=reg\">Register Here</a>
</td></tr></table></form></center>");
}
elseif ($_POST[login]) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST['password']);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die(mysql_error());
$data = mysql_fetch_array($info);
if ($data['password'] != $password || $data['username'] != $username) {
echo "Your password/username is wrong";
echo '</div>
</div>
<div class="footer">
<div align="center">©2005, vexxon productions</div>
</div>
</body>
</html>';
exit();
}
else {
setcookie("id", $data['id'], time()+(60*60*24*5), "/", "vexxon.net");
setcookie("pass", $data['password'], time()+(60*60*24*5), "/", "vexxon.net");
Echo "You are logged in!";
header("Location: index.php?id=log");
}
}
}
else
{

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"index.php?id=editpro\">Edit Profile</a><br />
- <a href=\"index.php?id=memb\">Member List</a><br />
- <a href=\"index.php?id=pms\">Private Message Center ($new new)</a><br />
- <a href=\"index.php?id=logo\">Logout</a>");
}
break;

case 'memb':
require("includes/members.php");
break;

case 'on':
require("includes/online.php");
break;

case 'pms':
require("includes/messages.php");
break;

case 'logo':
require("includes/logout.php");
break;

case 'newad':
require("includes/news_admin.php");
break;

case 'editpro':
require("includes/editprofile.php");
break;

case 'news':
require("includes/news.php");
break;

case 'adm':
require("includes/admin.php");
break;

case 'newscom':
require("includes/news_comments.php");
break;
}
?>

wait... nevermind try the first code I gave you but put
ob_end_flush();
in on the line after the last
break;

Hey corndawg it works now, I mean I see something, but it still doesn't set the cookies, one sec I want to try something else to see wether it will work or not.
EDIT: Doesn't work (If anyone uses the techtuts usersystem (also known as nareshes usersystem please email me with the log in page or post your log in page here please)

Are you sure the cookie isn't setting? What code are you using to check if the cookie has been set?

This is the code in my config.php file:
<?
ob_start(); // allows you to use cookies
$conn = mysql_connect("localhost", "6705", "******");
mysql_select_db(6705) or die(mysql_error());
//fill in the above lines where there are capital letters.
$logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[pass]'");
$logged = mysql_fetch_array($logged);
//the above lines get the user's information from the database.
?>

Try this out

<?
$conn = mysql_connect("localhost", "6705", "******");
mysql_select_db(6705) or die(mysql_error());
//fill in the above lines where there are capital letters.
$logged = MYSQL_QUERY("SELECT * from users WHERE id='" . $_COOKIE['id'] . "' AND password = '" . $_COOKIE['pass'] . "'");
$logged = mysql_fetch_array($logged);
//the above lines get the user's information from the database.
?>

I don't think you need ob_start(); because you're not setting a cookie

If that doesn't work, do you think it could be a MySQL error?


<?
$conn = mysql_connect("localhost", "6705", "******") or die(mysql_error());
mysql_select_db(6705);
//fill in the above lines where there are capital letters.
$logged = mysql_query("SELECT * FROM users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[pass]'") or die(mysql_error());
$logged = mysql_fetch_array($logged);
//the above lines get the user's information from the database.
?>

?

It isn't a problem with your mysql server it's a problem with the sql you're sending to it

the line should be

$logged = MYSQL_QUERY("SELECT * from users WHERE id='" . $_COOKIE['id'] . "' AND password = '" . $_COOKIE['pass'] . "'");

That has no effect whatsoever on any server I've ever delt with. I in fact built a forum system and tested it on numerous servers with the code I put, and it worked fine.

Hmm well maybe thats true... ok well try echoing

"SELECT * FROM users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[pass]'"


To make sure its sending the correct stuff

and is your database really called 6705? and your "username" for the mysql server is also 6705?

^firstly it's a problem with the cookies not being set, secondly that is the name of my DB and my username DB, not the username I use to log in though (I mean to my admin panel)

What if you changed
setcookie("id", $data['id'], time()+(60*60*24*5), "/", "vexxon.net");
setcookie("pass", $data['password'], time()+(60*60*24*5), "/", "vexxon.net");

To
setcookie("id", $data['id'], time()+(60*60*24*5), "/", ".vexxon.net");
setcookie("pass", $data['password'], time()+(60*60*24*5), "/", ".vexxon.net");

I put a dot before vexxon.net

I fixed it, thanks for everyones help! But no one helped, I got it fixed myself!

How did you fix it?

Well I was on my brothers computer and remembered I had a back up log in page on it, so I modified it to match what I was pretty sure I had before, and it worked

Sorry for the double post, but now it doesn't work, ugh, it's really dumb.

You'd be better off just learning PHP and MySQL and creating one yourself :D

http://www.tizag.com/phpT/
http://www.tizag.com/mysqlTutorial/

You'd be better off just learning PHP and MySQL and creating one yourself :D

http://www.tizag.com/phpT/
http://www.tizag.com/mysqlTutorial/
I allready know PHP, also I got it fixed.

What was the problem?

^The problem was something with the layout, if I had the layout it didn't set the cookie, but if I didn't have it, it worked perfectly, so I included the form in my layout and the checker in a blank page that redirects to the members area, and it worked, what I did.

Sorry for the double post, but I wanted to add [/ php] tags to my BBcode script, I tried but seems it didn't work, here it is:
[PHP]<?
function bbcode($content){
$content = nl2br(htmlspecialchars($content));
$bbcode = array(
"'\[b\](.*?)\[/b\]'",
"'\[i\](.*?)\[/i\]'",
"'\[u\](.*?)\[/u\]'",
"'\[strike\](.*?)\[/strike\]'",
"'\[img\](.*?)\[/img\]'",
"'\[url=(.*?)\](.*?)\[/url\]'",
"'\[url\](.*?)\[/url\]'",
"'\[code\](.*?)\[/code\]'",
"'\[php\](.*?)\[/php\]'",
"'\[email\](.*?)\[/email\]'"
);

$html = array( // The HTML counter part of the tags
"<b>\\1</b>",
"<i>\\1</i>",
"<u>\\1</u>",
"<strike>\\1</strike>",
"<a href=\"\\1\" target=\"_BLANK\">\\2</a>",
"<a href=\"\\1\" target=\"_BLANK\">\\1</a>",
"<img border=\"0\" src=\"\\1\">", // Image
"<strong>Code:</strong><div style=\"margin:0px 10px;padding:5px;border:1px dotted #FFFFFF;width:90%;\"></em>\\1</em></div>",
"<strong>PHP code:</strong><div style=\"margin:0px 10px;padding:5px;border:1px dotted #FFFFFF;width:90%;\"></em><?php highlight_string(/"//1/"); ?></em></div>",
"<a href=\"mailto:\\1\" target=\"_BLANK\">\\1</a>"
);
$content = preg_replace($bbcode, $html, $content);
return nl2br($content);
}
?>

Sorry for the double post, I fixed the BBCode problem by adding another function that, well it's hard to explain, anyway I need help with my news comments, nothing is showing up, well nothing except the header and menu (not the one for the comments, the actual navagation) take a look http://www.vexxon.net/index.php?id=newscom&view=news&acl=2, anyway, here's my code (it's long, I think):
<?php
ob_start(); // allows us to use cookies
include("config.php"); // includes the config file
if ($logged['username']){ // if the user is logged in they can view this

switch($_GET['view']){ // news_comments.php?view=
case 'news': // news_comments.php?view=news&id=$id

$id = $_GET['acl']; // grabs the requested id
$select = "select * from news where id=$id"; // selects the requested id from the database
$select2 = "select * from news_comments where nid=$id ORDER BY id DESC"; // grabs comments for the news article

$getnews = mysql_query($select) // querys the news db
or die(mysql_error()); // die error!
$getcomments = mysql_query($select2); // querys the comments db

if (mysql_num_rows($getnews) == "0") { // if we are returned a nulled result

echo 'Unable to find the article in our database'; // nothing found error!
exit(); // exit
}
$row = mysql_fetch_array($getnews) // array
or die(mysql_error()); // error!

$nid = $row['id']; // news id
$ntitle = $row['title']; // news title
$ncontent = bbcode($row['content']); // news content with bbcode wrapped around it
$nauthor = $row['author']; // news author
$postdate = $row['postdate']; // news date

echo ("<tr>
<td>$ntitle Posted by <a href=\"index.php?id=memb&user=$nauthor\">$nauthor</a> At $postdate<br></td>
</tr>
<tr>
<td>$ncontent<br><br>Comments:<br></td>
</tr>");

if (mysql_num_rows($getcomments) == "0") { // if we are returned a nulled result for the comments echo a link to add em
echo("There are no comments!<br>[<a href=\"index.php?id=newscom&view=addcomment&acl=$id\">Add a comment</a>]"); // add a link!
}
if($logged[username] && $logged[level] ==5) // if the user is a admin

while($rowc= mysql_fetch_array($getcomments)){ // fetches an array

$cauthor = $rowc['author']; // comment author
$ccomment = bbcode($rowc['content']); // comment content
$cdate = $rowc['postdate']; // comment date

echo ("<tr>
<td>Comment Posted by <a href=\"index.php?id=memb&user=$nauthor\">$cauthor</a> At $cdate [<a href=\"index.php?id=newad&view=editcomment&acl=$id\">Edit</a>] [<a href=\"index.php?id=newad&view=deletecomment&acl=$id\">Delete</a>]<br></td>
</tr>
<tr>
<td>$ccomment<br><br></td>
</tr>");
}
while($rowc= mysql_fetch_array($getcomments)){ // if the user is a normal user echo this

$cauthor = $rowc['author']; // comment author
$ccomment = bbcode($rowc['content']); // comment content
$cdate = $rowc['postdate']; // comment date

echo ("<tr>
<td>Comment Posted by <a href=\"index.php?id=memb&user=$nauthor\">$cauthor</a> At $cdate<br></td>
</tr>
<tr>
<td>$ccomment<br><br></td>
</tr>");
}
echo("[<a href=\"index.php?id=newscom&view=addcomment&acl=$id\">Add a comment</a>]"); // add a comment
break;
case 'addcomment': // page for adding comments news_comments.php?view=addcomment&id=&id
ob_start(); // cookies
include("config.php"); // includes the config file

$id = $_GET['acl']; // grabs the news id
if(isset($_POST['add_comment'])) { // if the form has been submitted we query the db

$author = $logged['username']; // comments author
$postdate = date("g:i A, l F j"); // comments date
$content = $_POST[content]; // comment
$nid = $_GET['acl']; // news id

$sql = "INSERT INTO news_comments ( `author` , `postdate`, `content`, `nid`) VALUES ('$author', '$postdate', '$comment', '$nid')"; // query for adding the comment
$addblog = mysql_query($sql) // query?s the db
or die(mysql_error()); // error!

header("Location: index.php"); // redirects the user
}
else // the form has not been submitted so we display it
{
echo ("<form method=\"post\" name=\"addcomment\">
<tr>
<td height=\"20\">Comment:</td>
</tr>
<tr>
<td><br><textarea rows=\"5\" cols=\"35\" name=\"content\">Type your comment here!</textarea><br> <input type=\"submit\" name=\"add_comment\" value=\"Submit\"></td>
</tr>
</form>");
}
}
if (!isset($_GET['acl'])) // if there is not requested id we redirect the user
header("Location:index.php?id=news"); // goto news.php
}else{
echo('Hey! you need to [<a href=http://vexxon.net/index.php?id=log>login</a>] first!'); // user is not logged in so they are asked to.');
}
?>