Ok what am i doing wrong here... this is driving me absolutely crazy...

i keep getting access denied even though the url is ?did=bsd0 or ?did=bsd=Any News Number

if you need more info let me know.

[code:1:b0d2509170]
if ($did == '')
exit;

$id = substr($did,4); # did format = xxxxyyyy where xxxx = board type (bsd,proj,admi, etc.), yyyy.. = board ID
$strid = addslashes($id);
$id = checkint($id);

$head = substr($did,0,4); # read out first 4 chars (bsd, proj, tomo, admi etc..)
$head = checkstr($head);

$thread = checkint($thread);
$disp = checkint($disp);
$re = checkint($re);
$limit = checkint($limit);

# recompose $did to get the syntactically valid value
$did = $head . $id;

# let's check if $id is valid in database of news/projects, or if it's bsd0 (main board)


$row->title = '';

$q = 'N/A';
if ($head == 'bsd' and $id == 0)
$row->title = $bsd_project_name;
else if ($head == 'bsd')
$q = "SELECT title FROM news WHERE id = $id";
else if ($head == 'tman')
$q = "SELECT subject AS title FROM taskmanager WHERE id = $id";
else if ($head == 'gale')
$q = "SELECT fname AS title FROM uploads WHERE id = $id";
else if ($head == 'mult')
{


$_nasiel = false;
$__i = 0;
while (!$_nasiel AND $__i < sizeof($bsd_boards))
{
if (substr($bsd_boards[$__i],0,24) == $strid)
{
$_nasiel = true;
$row->title = $bsd_boards[$__i];
$did = $head . $strid;
}
$__i++;
}
}
else if ($head == 'proj')
$q = "SELECT name AS title FROM projects WHERE id = $id";
else if ($head == 'poll')
$q = "SELECT question AS title FROM polls WHERE id = $id";
else if ($head == 'faqs')
$q = "SELECT title FROM faqs WHERE id = $id";
else if ($head == 'tomo' AND $id == 0)
$row->title = $theme_subj;
else if ($head == 'admi' AND ((auth('wbncu') AND $id == 2) OR (auth('bncu') AND $id == 1) OR (auth('ncu') AND $id == 0)))
{ $row->title = $adm_board_names[$id]; }
else
exit('</td></tr></table><p><b>'.flecho("access denied",$es_accessdenied).'</b></body></html>');


if (
$row->title OR ($result = mysql_db_query($bsd_database,$q,$mysql) AND $row = mysql_fetch_object($result))
)
{
[/code:1:b0d2509170]

btw i got a php error saying : [error] PHP Notice: Undefined variable: did on line 7 here's the complete file

[code:1:f6fb23bc80]
<?
function mystripslashes($x)
{
return($x);
}

$subject = substr($did,4);


include('board.cookies.php');
$bsd_cleanpage = true;
$bsd_board = true;

include('bsd.header.php');
include('bsd.disp.php');
?>
<TABLE cellSpacing=0 cellPadding=4 width="98%" align=center valign=top border=0>
<TBODY>
<TR>
<TD bgColor="<? echo $bsd_fontcolor2; ?>">
<TABLE cellSpacing=1 cellPadding=4 width="100%" border=0>
<TBODY>
<TR>
<TD bgColor="<? echo $bsd_choicebar; ?>">
<CENTER><b>Message Board Activity:</b>
</CENTER></FONT></FONT></TD></TR>
<TR>
<TD bgColor="<? echo $bsd_bgcolor3; ?>">


<?

include('board.header.php');

function rmesg($dispre)
{
global $lastx;
global $mysql;
global $id;
global $did;
global $bsd_database;
global $closed;
global $wb_table_bg2;
global $wb_table_bg;
global $sum_disp;

if ($dispre == 0)
return(0);

mesg($dispre);

$qrym = "SELECT id,grp,re,dat,did
FROM wb WHERE did = '$did' and re = $dispre order by dat desc";
$q = mysql_db_query($bsd_database,$qrym,$mysql);

if (mysql_num_rows($q) > 0)
{
echo "<table width=100% cellpadding=0 cellspacing=0 border=0><tr>
<td class=bsdnormal bgcolor=$wb_table_bg>   </td><td class=bsdnormal>";
while ($mymsg = mysql_fetch_row($q) AND $sum_disp < 1000)
{
list($msgid,$msgrp,$msgre,$msgdat,$msgdid) = $mymsg;
rmesg($msgid);
$sum_disp++;
}
echo "</td></tr></table>";
}

}


function mesg($disp, $dont_show = 0)
{
global $bsd_smileys;
global $bsd_level;
global $bsd_database;
global $lastx;
global $closed;
global $mysql;
global $id;
global $did;
global $thread;
global $wb_table_bg;
global $wb_table_bg2;
global $wb_font_color;
global $user_levels;
global $es_disabled, $es_erase, $es_postedby, $es_replytothis, $es_enable, $es_disable, $es_thrposts;

$qrym = "SELECT userlevel,id,grp,subj,txt,re,ip,dat,meno,email,did ,hide
FROM wb WHERE did = '$did' and id = $disp";

$q = mysql_db_query($bsd_database,$qrym,$mysql);
if ($q == false)
return(0);

if ( $mymsg = mysql_fetch_row($q) )
{
list($msguserlevel,$msgid,$msgrp,$msgsubj,$msgtxt, $msgre,$msgip,$msgdat,$msgmeno,$msgemail,$msgdid,$ msghide) = $mymsg;
$msgsubj = mystripslashes($msgsubj);
$msgtxt = codetag(mystripslashes(nl2br($msgtxt)),TRUE);

$msgmeno = mystripslashes($msgmeno);
$msgemail = mystripslashes($msgemail);

unset($msgultxt);
if ($msguserlevel >= 0)
$msgultxt = '('.$user_levels[$msguserlevel].')';


unset($ipx);
$ipx = '*'.substr($msgip,strpos($msgip,'.'));

$dist = '';
if ($msghide == 1 AND auth('bncu'))
$dist = '<i>'.flecho('disabled',$es_disabled).'</i> ';

if ($msghide == 0 OR auth('bncu'))
{
echo "<table width=100% border=0 cellpadding=4 cellspacing=0>";
echo "<tr><td class=bsdsmall nowrap bgcolor=$wb_table_bg>";
echo flecho('Posted by',$es_postedby). " <a href=user.php?name=".rawurlencode($msgmeno).">$msg meno</a>
$msgultxt $ipx - ".datetime_tz($msgdat)."
</td></tr><tr><td class=bsdnormal bgcolor=$wb_table_bg>
$dist <span class=bsdbig>$msgsubj</span></td></tr>
<tr><td class=bsdnormal bgcolor=$wb_table_bg2 >";
# echo buildHypertext($msgtxt);
echo $msgtxt;
echo "</td></tr><tr><td class=bsdnormal bgcolor=$wb_table_bg>";


if ($dont_show=='0')
{
echo "<table width=100% cellpadding=0 cellspacing=0><tr><td class=bsdmenu><a href=board.php?did=".rawurlencode($did)."&newre=$m sgid&closed=$closed&thread=$thread>
".flecho('reply to this message',$es_replytothis)."</a>  ";
echo "</td><td align=right class=bsdmenu>";

if (auth('ncu'))
echo "<a href=board.del.php?delid=$msgid&delth=$thread&did= ".rawurlencode($did).">".flecho('erase',$es_erase) ."</a>";
if (auth('bncu'))
{
if ($thread == $msgid AND ($did == 'bsd0' OR substr($did,0,4) == 'mult') ) # move only whole thread, allow move for nonadmin threads
echo " * <a href=board.move.php?delid=$msgid&delth=$thread&did =".rawurlencode($did).">".flecho('move',$es_movemo ve)."</a>";;
if ($dist)
echo " * <a href=board.del.php?delid=$msgid&delth=$thread&did= ".rawurlencode($did)."&eunhide=1>".flecho('enable' ,$es_enable)."</a>";
else
echo " * <a href=board.del.php?delid=$msgid&delth=$thread&did= ".rawurlencode($did)."&ehide=1>".flecho('disable', $es_disable)."</a>";
}
echo "</td></tr></table>";
} # endif dont_show

echo "</td></tr></table>";
}
}

#############
if ($closed == 0 OR $closed == 2 AND $dont_show == 0)
{
if ($thread)
{ echo "<br>".flecho('this thread posts',$es_thrposts).":<br>";
dispmsg(0,100,$thread);
}
}
}


function dispmsg($dispre,$limit,$thr) # displayes recursively thread
{
global $bsd_smileys;
global $bsd_level;
global $bsd_database;
global $lastx;
global $mysql;
global $id;
global $did;
global $disp;
global $closed;
global $mnum;
global $wb_table_bg;
global $wb_table_bg2;
global $lastdat;
global $lastthread;
global $thread;
global $user_levels;
global $es_subject, $es_author, $es_by, $es_date, $es_lastpost, $es_nrofposts, $es_disabled, $es_replytothis, $es_erase, $es_enable, $es_disable;

if ($limit > 100)
$limit = 100;

if ($dispre == 0 AND $closed == 1)
{
echo "<table width=90% border=1 cellspacing=0 cellpadding=1>
<tr><td class=bsdnormal bgcolor=$wb_table_bg>";
echo "<table border=0 width=100% cellspacing=1 cellpadding=2>
<tr>
<td class=bsdsmall bgcolor=$wb_table_bg>".flecho('subject',$es_subjec t)."</td>
<td class=bsdsmall bgcolor=$wb_table_bg>".flecho('author',$es_author) ."</td>
<td class=bsdsmall nowrap bgcolor=$wb_table_bg>".flecho('date',$es_date)."</td>
<td class=bsdsmall nowrap bgcolor=$wb_table_bg>".flecho('last post',$es_lastpost)."</td>
<td class=bsdsmall></td>
<td class=bsdsmall bgcolor=$wb_table_bg>".flecho('nr. of posts',$es_nrofposts)."</td>
</tr>";
}


unset($thrand);
if ($thr)
$thrand = " and id = $thread ";

if (! $disp)
$limit = $lastx;

$qrym = "SELECT userlevel,id,grp,subj,txt,re,ip,dat,meno,email,did ,thread,hide
FROM wb WHERE did = '$did' and re = $dispre $thrand order by dat desc
limit 0,$limit";

if ($q = mysql_db_query($bsd_database,$qrym,$mysql))
{
if (mysql_num_rows($q) > 0)
{

if ($closed == 0 OR $closed == 2)
echo "<ul>\n";
while ($mymsg = mysql_fetch_row($q))
{
$mnum++;
list($msguserlevel,$msgid,$msgrp,$msgsubj,$msgtxt, $msgre,$msgip,$msgdat,$msgmeno,$msgemail,$msgdid,$ msgth,$msghide) = $mymsg;

# other pre-design for top level posts (not responses)
unset($spcflgs);
if ($dispre == 0 AND $thr == 0 AND $closed == 0)
{
echo "<table width=90% border=1 cellspacing=0 cellpadding=3>
<tr><td class=bsdnormal bgcolor=$wb_table_bg2>";
$spcflg[0] = "";
$spcflg[1] = "";

}

if ($msgre == 0)
$lastthread = $msgid;

$msgsubj = mystripslashes($msgsubj);
$msgmeno = mystripslashes($msgmeno);
$msgtxt = mystripslashes($msgtxt);

# [code tag]
$msgtext = codetag($msgtxt,TRUE);

unset($msgultxt);
if ($msguserlevel >= 0)
$msgultxt = '('.$user_levels[$msguserlevel].')';


unset($ipx);
$ipx = '*'.substr($msgip,strpos($msgip,'.'));

if ($msgth)
$msgth1 = $msgth;
else
$msgth1 = $msgid;

########## which, which way, to display? this code is weird. and it needs to be reworked. I know ...

if ($closed == 1) # for collapsed, display all subjects in table
{
if ($msgdat > $lastdat)
$lastdat = $msgdat;

if ($dispre == 0)
{
if ($msghide == 0 OR auth('bncu'))
{
echo "<tr><td class=bsdnormal bgcolor=$wb_table_bg>";
if ($msghide == 1)
echo "<i>".flecho('disabled',$es_disabled)."</i> ";
echo "<span class=bsdboardctitle><a href=board.php?thread=$msgid&did=".rawurlencode($d id)."&disp=$msgid&closed=1>$msgsubj</a></span>
</td>
<td class=bsdsmall bgcolor=$wb_table_bg>
<a href=user.php?name=$msgmeno>$msgmeno</a> </td>
<td class=bsdsmall nowrap bgcolor=$wb_table_bg>
"
.date_tz("M/d, H:i",$msgdat)." </td>";
}
}
}
else if ($closed == 0) # for unpacked
{

$litype = 'disc';

if (! ($dispre == 0 AND $thr == 0 AND $closed == 0))
echo "<li type=$litype>";

$disp = '';
if ($msghide == 1)
{
if (auth('bncu'))
lecho("the message is not available ",$es_msgnotavru);
$disp = '<i>'.flecho('disabled',$es_disabled).'</i> ';
}
if ($msghide == 0 OR auth('bncu'))
{
echo "$disp <b>$spcflg[0] $msgsubj $spcflg[1] </b><br>
(".flecho('by',$es_by)." <a href=user.php?name=".rawurlencode($msgmeno).">$msg meno</a> $msgultxt "
.datetime_tz($msgdat).")<p>
";
echo codetag(mystripslashes(nl2br($msgtxt)));
echo "<br>";
echo "<div align=right class=bsdmenu><a href=board.php?did=".rawurlencode($did)."&newre=$m sgid&closed=$closed&thread=$msgth1>".flecho('reply to this message',$es_replytothis)."</a>     ";

if (auth('ncu'))
echo "<span class=bsdmenu><a href=board.del.php?delid=$msgid&delth=$msgth1&did= ".rawurlencode($did).">".flecho('erase',$es_erase) ."</a></span>";
if (auth('bncu'))
{
if ($msghide == 0)
echo " * <span class=bsdmenu><a href=board.del.php?delid=$msgid&delth=$msgth1&did= ".rawurlencode($did)."&ehide=1>".flecho('disable', $es_disable)."</a></span>";
else
echo " * <span class=bsdmenu><a href=board.del.php?delid=$msgid&delth=$msgth1&did= ".rawurlencode($did)."&eunhide=1>".flecho('enable' ,$es_enable)."</a></span>";
}
echo "</div>";
} # endif msghide==0...
} # endif closed==0
else if ($closed == 2) # old style mode print
{
echo "<li type=square>";

if ($msghide == 0 OR auth('bncu'))
{
if ($msghide == 1)
echo "<i>".flecho('disabled',$es_disabled)."</i> ";
echo "<a href=board.php?disp=$msgid&did=".rawurlencode($did )."&closed=$closed&thread=$msgth1><b>$msgsubj</b></a>
(".flecho('by',$es_by)." <a href=user.php?name=".rawurlencode($msgmeno).">$msg meno</a> ".datetime_tz($msgdat).")<br>";
}
else
lecho('N/A',$es_msgnotavru);
}
if ( ! (($closed == 2 OR $closed == 0) AND $msghide == 1 AND auth('bncu')==FALSE ) )
dispmsg($msgid,1000,0);

if ($dispre == 0 and $closed == 1)
{
if ($msghide == 0 OR auth('bncu'))
{
echo "<td class=bsdsmall align=left nowrap bgcolor=$wb_table_bg>";

# MODIFIED 26.6.2002, check for seen threads added
# get correct cookie value pair, global cookie first
global $bsd_bt;
$__bt = getcookieval($bsd_bt, $msgid);
echo "".date_tz("M/d, H:i",$lastdat)."";
if ($lastdat > $__bt)
echo "</td><td class=bsdnormal><img src=new.gif width=28 height=11>";
else
echo "</td><td class=bsdnormal>";

echo "</td><td class=bsdsmall align=right bgcolor=$wb_table_bg><b> $mnum </b></td></tr>";
}
$mnum = 0;
$lastdat = 0;
}

# main posts - footer
if ($dispre == 0 AND $thr == 0 AND $closed == 0)
echo "</td></tr></table><p>";


}

if ($closed == 0 OR $closed == 2)
echo "</ul>\n";

} # end mysql quer ok
} # end while mysql fetch

if ($dispre == 0 && $closed == 1)
echo "</table></td></tr></table>";

}


################################################
# start of the board main code
################################################
# input - discussion ID string (?did=...)
################################################

if ($did == '')
exit;

$id = substr($did,4); # did format = xxxxyyyy where xxxx = board type (bsd,proj,admi, etc.), yyyy.. = board ID
$strid = addslashes($id);
$id = checkint($id);

$head = substr($did,0,4); # read out first 4 chars (bsd, proj, tomo, admi etc..)
$head = checkstr($head);

$thread = checkint($thread);
$disp = checkint($disp);
$re = checkint($re);
$limit = checkint($limit);

# recompose $did to get the syntactically valid value
$did = $head . $id;

#
# let's check if $id is valid in database of news/projects, or if it's bsd0 (main board)
#

# let's build a right query to check if it's valid

$row->title = '';

$q = 'N/A';
if ($head == 'bsd' and $id == 0)
$row->title = $bsd_project_name;
else if ($head == 'bsd')
$q = "SELECT title FROM news WHERE id = $id";
else if ($head == 'tman')
$q = "SELECT subject AS title FROM taskmanager WHERE id = $id";
else if ($head == 'gale')
$q = "SELECT fname AS title FROM uploads WHERE id = $id";
else if ($head == 'mult')
{
# we can't check if mult board is available in bsd_boards
# via in_array function, because on;y first 24 characters are used for a board
# definition, thus regular loop is used

$_nasiel = false;
$__i = 0;
while (!$_nasiel AND $__i < sizeof($bsd_boards))
{
if (substr($bsd_boards[$__i],0,24) == $strid)
{
$_nasiel = true;
$row->title = $bsd_boards[$__i];
$did = $head . $strid;
}
$__i++;
}
}
else if ($head == 'proj')
$q = "SELECT name AS title FROM projects WHERE id = $id";
#else if ($head == 'nlet') # newsletter entry- cereal
# $q = "SELECT Title AS title FROM Newsletter WHERE ID = $id";
else if ($head == 'poll')
$q = "SELECT question AS title FROM polls WHERE id = $id";
else if ($head == 'faqs')
$q = "SELECT title FROM faqs WHERE id = $id";
else if ($head == 'tomo' AND $id == 0)
$row->title = $theme_subj;
else if ($head == 'admi' AND ((auth('wbncu') AND $id == 2) OR (auth('bncu') AND $id == 1) OR (auth('ncu') AND $id == 0)))
{ $row->title = $adm_board_names[$id]; }
else
exit('</td></tr></table><p><b>'.flecho("access denied",$es_accessdenied).'</b></body></html>');


if (
$row->title OR ($result = mysql_db_query($bsd_database,$q,$mysql) AND $row = mysql_fetch_object($result))
)
{
if ($head == 'tman')
$row->title = $row->subject;
#
# prints out menu of board (post, etc.)
#
if ($row->title)
echo "<p class=bsdbig><a href=board.php?did=".rawurlencode($did)."&closed=$ closed&lastx=$lastx>".htmlspecialchars_mb($row->title)."</a> : ".flecho('message board',$es_board)."</p>";

include('board.menu.php');

#
# switches :
# if $newmsg - values of a new message were posted
# if $newre - user wants to post a reply
#

$lastx = (int)$lastx;
if ($lastx > 100)
$lastx = 100;

if ($dsbl)
include('board.dsbl.php');

if ($search)
{
include('search.board.inc.php');
}
else if ($newmsg) # received the values for a new message in form/POST?
{
$msubj = trim($_POST['msubj']);
$mtxt = $_POST['mtxt'];
if ($msubj and $mtxt and $bsd_logged)
{
$mtxt = myaddslashes($mtxt);
$msubj = myaddslashes(htmlentities_mb($msubj));
$meno = myaddslashes(htmlentities_mb($bsd_login));
$email = myaddslashes(htmlentities_mb($bsd_email));

$cur_time = time();

$q_flood = "SELECT lastboard FROM people WHERE id = $bsd_id ";
$result_flood = mysql_db_query($bsd_database_auth,$q_flood,$mysql) ;
$row_flood = mysql_fetch_object($result_flood);

# board antiflood -> user must be >= 5, or the post timestamp must be
# higher than last one's plus required pause
if (auth('bncu') OR $cur_time > $row_flood->lastboard + $bsd_flood_board)
{


$ddat = (int)$ddat;
# check against nonintentional reload/refresh of the page with posting a same values again
if ( ($ddat > $cur_time) OR ($ddat < $cur_time - 3600) )
$ddat = $cur_time;
$query_chk = "SELECT email,dat FROM wb where
email like '$email' and dat = $ddat";

$q_chk = mysql_db_query($bsd_database,$query_chk,$mysql);

if (mysql_num_rows($q_chk) == 0)
{
$ipx = gethostbyaddr($REMOTE_ADDR);

$newthread = (int)$newthread;

if ($re)
{
$qhide = "SELECT hide FROM wb WHERE id = $re";
$qhiders = mysql_db_query($bsd_database,$qhide,$mysql);
$rowhide = mysql_fetch_object($qhiders);
}
else
$rowhide = true;
if ($rowhide == FALSE OR $rowhide->hide == 1)
{
lecho("sorry, you can't reply to the message, which has been disabled, deleted or doesn't exist.",$es_errbrdnoexist);
echo "<p>";
}
else
{

$__go = TRUE;
# when was this news/sms posted?
if ( (auth('bncu') == FALSE) AND ($id > 0) AND ($head == 'bsd' OR $head == 'poll'))
{
if ($head == 'poll')
$__q = "SELECT dat FROM polls WHERE id = $id";
else
$__q = "SELECT dat FROM news WHERE id = $id";

$__qd = mysql_db_query($bsd_database,$__q,$mysql);
$__qr = mysql_fetch_object($__qd);
if (time() > $__qr->dat + 60*60*24*90) # 90 days enabled to post the news after article was released
$__go = FALSE;
}

if ($__go)
{
# compare with des_encoded value, if correct, post..
if ( chprot($_POST['prot']) )
{
$qrym = "INSERT INTO wb (userlevel,grp,subj,txt,re,ip,dat,meno,email,did,t hread)
values ($bsd_level,$id,'$msubj','$mtxt',$re,'$ipx',$ddat, '$meno','$email','$did',$newthread)";
$qm = mysql_db_query($bsd_database,$qrym,$mysql);
}
}

# update lastboard field in people for an antiflood protection
$q_flood = "UPDATE people SET lastboard = $cur_time WHERE id = $bsd_id ";
$result_flood = mysql_db_query($bsd_database_auth,$q_flood,$mysql) ;

} # end if - check for reply to non existing or disabled message
} # end if not reload of the page
} # end if not flood
else
{
echo "<b>";
lecho("Sorry, you can't post another board post sooner than in $bsd_flood_board seconds after the last one.",$es_errbrdwait);
echo "</b><p>";
}
}
else
{
lecho("couldn't add message: subject or text was not defined",$es_brdnotdef);
echo "<p>";
}
}

#
if ($newre != "")
{

$newre = (int)$newre;
if ($bsd_logged)
{
if ($newre != 0)
{
$xq = "SELECT id,subj FROM wb WHERE id = $newre";
$xqry = mysql_db_query($bsd_database,$xq,$mysql);
list($id,$resubj) = mysql_fetch_row($xqry);
if ( substr($resubj,0,3) != 'Re:' )
$resubj = "Re: ".mystripslashes($resubj);
else
$resubj = mystripslashes($resubj);
}

mesg($_GET[newre], '1'); #shows the message that your replying to

echo "<form action=\"board.php\" method=post>
<table width=100% border=0>
<tr><td class=bsdnormal>".flecho("short subject of message (required)",$es_brdshsubj)."</td>
<td class=bsdnormal><input type=text value=\"$resubj\" name=msubj></td></tr>
<tr><td class=bsdnormal>".flecho("text of message (required)",$es_brdtexp)."</td>
<td class=bsdnormal><textarea cols=60 rows=10 name=mtxt></textarea></td></tr>
<tr><td class=bsdnormal></td>
<td class=bsdnormal><input type=submit class=submitinput value=\" ".flecho('submit',$es_submit)." \"></td></tr>
</table>
<input type=hidden name=newthread value=$thread>
<input type=hidden name=re value=$newre>
<input type=hidden name=did value=\"".htmlspecialchars_mb($did)."\">
<input type=hidden name=closed value=$closed>
<input type=hidden name=ddat value=".time().">
<input type=hidden name=newmsg value=yes>
<input type=hidden name=prot value=\"".prot()."\">
</form>";
}
else
{
echo "<b>";
lecho("You must be <a href=register.php>registered</a> and <a href=index.php>logged</a>",$es_reglog);
echo " ";
lecho("to post the post at this board.",$es_brdtopost);
echo "</b>";
} #
}
else if (!$search)
{
# not a new message code => display

$sum_disp = 0;
if ($disp != "") # print message
{
if ($closed == 1)
rmesg($disp);
else if ($closed == 0 OR $closed == 2)
mesg($disp);
}
else
{
# display recursively thread

if ($limit == "" OR $limit == 0)
$limit = 80;
dispmsg(0,$limit,0);
}
}

}
else
echo "<b>".flecho('error in ID definition, required board doesn\'t exist',$es_erroridbrd)."</b><p>";


include('bsd.footer.php');

?>
[/code:1:f6fb23bc80]

btw i got a php error saying : [error] PHP Notice: Undefined variable: did on line 7
[code:1:72da8719d0]
<?
[...]
$subject = substr($did,4); <---- line 7
[/code:1:72da8719d0]

If you don't configure mod_php to auto-export all POST & GET vars, you have to scoop them explicitly. This is an important security feature.

Do something like this or $did will be unset ...
[code:1:72da8719d0]
if (isset($_GET['did']))
$did = $_GET['did'];
else
$did = '';
[/code:1:72da8719d0]

didnt help.. i did get the $did error to go away by other means.. now i'm stuck w/ the following errors:

[Wed Oct 8 00:35:40 2003] [error] PHP Notice: Undefined index: lastx in board.cookies.php on line 7
[Wed Oct 8 00:35:40 2003] [error] PHP Notice: Undefined index: closed in board.cookies.php on line 8
[Wed Oct 8 00:35:40 2003] [error] PHP Notice: Undefined index: thread in board.cookies.php on line 10

here's the board.cookies.php

[code:1:48226ca48e]
<?
include_once('functions_cookies.php');
# default values for a first time user

$bblastx = $_REQUEST['bblastx'];
$bbclosed = $_REQUEST['bbclosed'];
$lastx = $_REQUEST['lastx'];
$closed = $_REQUEST['closed'];
$bsd_bt = $_REQUEST['bsd_bt'];
$thread = $_REQUEST['thread'];

if ($bblastx == '' || !is_numeric($bblastx))
$bblastx = 15;
if ($bbclosed == '' || !is_numeric($bbclosed))
$bbclosed = 1;

# set cookies now
if ($lastx == '' || !is_numeric($lastx))
$lastx = $bblastx;
else
{
SetCookie('bblastx',$lastx,time()+60*60*24*60);
}
if ($closed == '' || !is_numeric($closed))
$closed = $bbclosed;
else
SetCookie('bbclosed',$closed,time()+60*60*24*60);

# setting help cookies to keep track of seen threads

if ($thread)
{
addcookieval($bsd_bt, $thread, time());
SetCookie("bsd_bt", $bsd_bt, time() + 60*60*24*60, '/');
}
?>
[/code:1:48226ca48e]

[Wed Oct 8 00:35:40 2003] [error] PHP Notice: Undefined index: lastx in board.cookies.php on line 7

[code:1:7a29d95212]
<?
include_once('functions_cookies.php');
# default values for a first time user

$lastx = $_REQUEST['lastx'];

[/code:1:7a29d95212]

Yeah, it's telling you that when the page was GET'ed or POST'ed, nothing was sent for the form-var 'lastx'. So for each var, you have to use if (isset()) to avoid the error (like I showed you above). Eg:
[code:1:7a29d95212]
$lastx = '';
if (isset($_REQUEST['lastx']))
$lastx = $_REQUEST['lastx'];
[/code:1:7a29d95212]

There's also a hack: stick '@' in front of every line where you try to snarf the POST'ed vars. Eg:
[code:1:7a29d95212]
@$lastx = $_REQUEST['lastx'];
[/code:1:7a29d95212]

That simply suppresses the error code. Works tho.

have i told you lately i love you...

lol

errors are gone now.. but it's still access denied.. :(

perhaps if you got a little spare time right now.. if you could stop by the irc channel. i can let you look through the code..

have i told you lately i love you...

lol

errors are gone now.. but it's still access denied.. :(

(Don't try to get too physical there, soup! :-)

Can't help you with the "access denied". That's all tied into your sql db somehow. There's a whole chain of if's followed by the "access denied" message if something isn't found. I'd say it's telling you you don't have the right credentials to do the operation you are attempting. There's some function called auth() that is being used a lot there. Plus it looks like it's seeing if you are a member of some l33t class of users.

Maybe you just aren't l33t enuff? :-)

Maybe you just aren't l33t enuff? :-)

maybe not but i'll be dammed i'm working on it..

going into echo'ing the vars to see where my screwup is

echo'ing return results are:

[code:1:cee8a78893]

D - 0
STRID - 0
HEAD - bsd1
DISP -
RE -
LIMIT -
ROW -
LASTX - 15
BBCLOSED - 2
LASTX - 15
CLOSED - 2
BSD_BT - 4#1065484875#3#1065480165#2#1065566814#20#10655668 01#15#1065566805#21#1065570594#
THREAD -[/code:1:cee8a78893]

for some reason a couple vars is not making it.. ROW is the important one here..

i try to set thread also and no effect either..

this sucks.. perhaps i need to start over.

Issue Resolved........ Thanks for your help

well what did you do?

The $ROW was not being passed at all.. so i redid the function. also redid a bunch of the php displayed so it would pass the includes better. i wish there was a easy way to say what i did.. but there isnt.. i spent 3 or 4 days on that.

hey KrUsTy!, i love it when they speak robot!

har har har lol

-hn