PHDR - Thank you for this response.
Not sure how to determine the version of the script. The only thing I can tell from looking at the code is a comment indicating an update in 2005.
I found the v2.2.2 code.
To: astonecipher, benanamen, and ErnieAlex -
I have been contemplating all day how to provide a Scope Of Work. Since I am not “fluent” with PHP I would struggle to figure out what needs to be changed in what files.
Here is a possible solution:
- I would imagine we should take this offline at some point. You suggest when.
There is a file login.php. It also contains 2 “require” statements (one for an hdr.php and the other for footer.php).
What if I provide these 3 files for you to review and quote. (This is the point we should take this offline).
It occurs to me that maybe getting this fixed then I can use the code changes for this to fix the other files myself. I don’t know and that is a red flag - Do not make an optimistic assumption.
I suppose we could use this as a starter.
Tomorrow I can look at the tasks we are using and try to identify the files involved. The key ones I remember are:
- Uploading the schedule
- Users can update their profile.
- Weekly picks - Display the games, users select their picks. Their picks are displayed.
What if we start with getting the login working? That will then display the menu and options, then I can better identify the other tasks that we use.
Well, you gave us some minor info…
The header file is most likely the beginning code that sets up each page showing your general layout and all of the sub-files you need to make each page work. The footer file is most likely the ending section of each page with your copyright info and whatever is at the bottom of your site’s pages.
A NFL website for picks, winners, blog, etc. is not really hard to create or alter. But, we can not do this without seeing the code. Forget the hdr.php and footer.php for now. Just show us the login section of the code. Now, this might be inside the hdr.php file, we do not know. If you want off-site help, any of us can help. Some want to charge others not. You have not really asked any programming questions as yet. So, either hire someone or post some code and we will help for free.
Thanks ErnieAlex for the reply. Now that I think it through there are only so many tasks/commands involved - opening, reading, and writing to the database. I am guessing the SQL statement is the same. Knowing what commands are removed and what commands to replace them with, I can go through the code and swap them myself. The login script would have the open and read, maybe even a write if it updates something like a “last login date” field.
Here is the login.php code. How do I insert code so the lines are preserved.
<?php
session_start();
//* Jan3118 EdA01 - session_register deprecated, "replacement" $_SESSION['...']
//* - Replace <? with <?php
//* EdA01 session_register("user");
//* EdA01 session_register("uname");
$_SESSION = ['user', 'uname'];
//***************************************************************************
//* ASP Football Pool *
//* Do not remove this notice. *
//* Copyright 1999-2004 by Mike Hall *
//* Please see http://www.brainjar.com for documentation and terms of use. *
//* *
//* PHP Football Pool *
//* PHP Port of ASP Football pool *
//* Copyright 2005 by Brian Paulson and George Garcia *
//* Please see http://lvbash.com/phpBB2 for more support on PHPFootball *
//* version *
//* *
//* Allows a user to login. *
//***************************************************************************
$subtitle="Login";
ob_start();
require("header.php");
//Get any form data.
$football->WhoOnlineDelete;
$username=$_POST['username'];
$password=$_POST['password'];
if ($_POST)
{
//Check input.
if ($username=="") {
$football->ErrorMessage("Please enter a username.");
} elseif ($password=="") {
$football->ErrorMessage("Please enter your password.");
} else {
//Verify the password and redirect to default page if correct.
$sql="select * from ".$football->prefix."users where user = '".$username."'";
$rs = $football->dbQuery($sql,$football->database);
$row = mysql_fetch_object($rs);
$rows = mysql_num_rows($rs);
if($rows == 0) {
$football->ErrorMessage("User '".$username."' not found.");
} elseif (md5($password) != $row->password) {
$football->ErrorMessage("Incorrect password, please reenter.");
} else {
$user=$row->user;
if ($row->name =="") {
$uname=$row->user;
} else {
$uname=$row->name;
}
header("Location: index.php");
}
}
} else {
//Set test cookie.
setcookie("football","peanutbutter",0,"/",$football->domain,0);
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<table class="main" cellpadding="0" cellspacing="0">
<tr><th align="left">User Login</th></tr>
<tr>
<td>
<div class="freeForm">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td><strong>Username:</strong></td>
<td><input name="username" value="" size="12" /></td>
</tr>
<tr>
<td><strong>Password:</strong></td>
<td><input name="password" type="password" value="" size="12" /></td>
</tr>
</table>
<p>Enter your username and password and click 'Login'.</p>
</div>
</td></tr>
</table>
<p><input class="button" type="submit" value="Login" />
<input class="button" type="reset" value="Clear" onclick="this.form.elements['username'].selectedIndex = 0; this.form.elements['password'].value = ''; return false;" />
</p>
</form>
<?php require("footer.php"); ?>
EDIT by Benanamen : Added code formatting.
Well, session_register() is long gone, hence deprecated.
It was used to stick variables into the session file on the server so the variable can be passed to other pages.
Now, we set the session variable in this format: $_SESSION[“variable-name”] = some-value;
So, just change all of your session_register references to this format. Then if you get stuck, show us the code! Good luck…
The login code and all the things that have already been written about it can be found in the OP’s thread about a http 500 error - HTTP ERROR 500
The code is obsolete and will not work at all on current PHP. It is also wide open to an SQL Injection Attack.
The whole thing will need to be re-written. Looks like the author has a newer ASP version available. http://www.brainjar.com/AspFootballPool/
If you are wanting to hire one of us you will need to post a zip of all the files for review. First thing though, tell us what your budget is so we can decide if we even want to review the files.
Thanks! I will work on this.
Thank you.
What does OP mean?
Original Poster/Original Post
Benanamen:
LOL … Thanks for the “brainjar” link!!! The first couple of years that I had the code I would re-check the “brainjar” site to see if they were doing anything else. Then I figured it was a “one time” thing and stopped checking.
I will download the new code, install it, re-train for what is new, and (hopefully) will be able to use it. It will either be this or follow ErnieAlex’s advise - make changes, test, and post questions if/when I get stuck.
That said, I will withdraw my request to hire someone (I am optimistic about the new version). And make a donation to Mike Hall / brainjar.
Thank you all so much for the guidance!
Keep in mind, the new version is not Php, it is ASP which means you will need a windows server host. Also, the demo links on the authors site are all broke. Double Red Flags. 
If you want a real PHP football pool there is one on Github which is free.
In my humble opinion, PHP is better suited for this type of site than ASP…
If you want to look at it, it can be found here: PHP Pickem Football Pool Template
benanamen - Thank you for the heads up about the new version being ASP. I don’t want to go there. My host is on unix system.
ErnieAlex - Thank you for the PHP Pickem Football Pool Template.
Downloaded and unzipped. Now reviewing and editing where needed. Plugging away, having to research some things. I am a PHP guppy who dove into the deep end of the pool. 
I also downloaded that Pickem code. It was unfinished in my humble opinion. It has very little for documentation. BUT, it has a ton of really nice features that I have upgraded and I have a working version of it going now for testing.
I added in a background image to fill that awful dull plain background which made it much more impression. I changed the make-your-picks page include a tie-breaker on the Monday night game and smoothed out some of the other issues like entering games. Replaced having to type in the time the game starts using a simple drop-down for the possible times NFL start at and other minor things. But, so far, the code is very stable and works great. (Although, I did not use their .htaccess as it crashed the site!)
Let me know if you decide to use it and if you need help with issues on it. I know it quite well now…
Good luck!
@ErnieAlex
I wasn’t going to say anything but since you brought it up…
I did read through the Pickem Code after you posted the link and saw issues with the code as well.
Yes, it had little protection code and so little comments, that it might be hard for a beginner to manage or rewrite. But, I did feel it ended up with a nice simple display. Especially when you put in a background image and fixed up some of the CSS code. The database code covers most things that happen, but are hard to add in things. Its a good start though for free!
LOL
Wow! Here I am, a guppy with PHP and you guys seem to be flying through the code.
First, I think Pickem is going to be the best solution for me. I used PHPFootball as a source for the participants’ picks. Then ran an SQL statement and downloaded the results into a spreadsheet. Other spreadsheets for accumulating the players (participants) results through the course of the season. I know if there is a table with picks I can get what I need.
I understand the situation. You’ve been working with PHP long enough that you are fluent. What gets me laughing is that I started my coding career in 1980. In the first 20 years I was developing ERP solutions for a couple of manufacturing companies. I had to learn a different language and database for each and after a while I was fluent. Likewise with the next two companies I worked for - new language and database. At least both were SQL based. I am back to being a guppy coder with PHP.
I spent only about 6 hours this weekend looking at Pickem code. (Still dealing with moving in tasks). Not much progress. Created a db on the hosting site, researched the values for the vars in the config.php. By the way, I have not figured out the value for SITE_URL. And finally, it took me a while to figure out the reference about “running the installer” was the index.php. At least, I think that is it.
So, here I am, finally sitting down to make some progress tonight. And, I see your post.
Yes! I would love to use your enhancements! How do we proceed?
Ed
P.S. FYI - An example of a few tweaks I could do in php… In PHPFootball the layout for picking the games placed the radio buttons on the outside and the teams in the middle:
O NY Jets Buffalo O
I changed the code so the radio buttons are on the inside; easier for people to proof their picks:
NY Jets O O Buffalo
Yikes! Well, first, the Pickem code has just about all you need in it. I just added a combined-score to the last game on Monday nights so players could enter that so I could use it for picking just one winner. Cuts down on sharing wins with five people as it happens sometime. I am planning on having the closet to the combined score win. So, if one is one lower and one is one higher than the actual combined score, they would split. Splitting with a couple is fine, just many is an issue.
Also, it is really boring looking to me as-is. So, I added some really simple code to make a football image go behind everything and it makes the entire site jump out. Of course I removed all the donate buttons. I plan to donate some to the original author, but, can’t locate him except in that paypal button. Which donates not to him, but, some company. Not going to do that.
A lot of his code was not documented, but, I got it working quite well. Now, I guess the next thing to ask is what do you want to add into it first? Security wise, you might want to start with filtering the inputs from the forms. You really shouldn’t just use $variable = $_POST[“some-field”]; as it is not safe. You could just start using the filter_input() functions to start with. Also, if this is a private site you are building, you might want to remove the “register-here” line on the login page. Otherwise you will have people you don’t know registering. If you want help adding a background picture, it is easy to do. It makes a huge difference in how the site looks! It is quite nice in general and well thought out. The count-down timers are way-cool. They count down from for the next game and for the next week’s lock-out time. I liked them a lot. The TAUNT or comment part is nice, too. Has some trouble getting the schedule-edit to work, but, seems to work well if everything is set up. A bit tedious to enter all the games, one game at a time. But, you only do it once, so not a big deal.
Well, ask your questions… I hope you used the installer to set it up as it asks you for the DOMAIN-URL and sets it up in a lot of places…