[SOLVED] php shout box

[puyal]

I am a complete php illiterate but am maintaining our association's website 'http://thepsa.in'! I made the shout box with login which I am not happy about. I have the following doubt.

  Is it possible to have a shoutbox with fields 'username', 'password' and 'message' where the username and password will be checked with another mysql table for registration and if found correct the message will be posted with only username and message.

[Adam]

You wouldn't need to store their password twice. What you're best off doing is checking they are logged in before the message can be submitted. You should have some form of session variable set at login point which allows you to validate / check that they are in fact.. logged in.

 

PHP have built in sessions which you could use to do this if you don't already have anything in place. Best off reading a tutorial on them so you understand exactly what they are first.. http://www.tizag.com/phpT/phpsessions.php

 

Adam

[puyal]

That was a quick reply Mradam. Thanks. What I was not clear about in my original post was my shout box needs as of now registration first which is stored in a separate mysql table. The system in place now is anyone can see the shout box which will be without any field to enter message. Once they login they will be sent to another page which contains the same shout box(shoutbox2) with 'name' and 'message' fields to shout.

I found two problems with the above system. Members after login can enter any name in the 'name' field. Another problem is people who know the url of shoutbox2 can enter that page directly by entering the url info in the browser and shout without logging in

What I want to implement is a shout box where only registered members can shout. It will be nice to have a single shoutbox to do both checking 'username' and 'password' as well as post the shout if authenticated.

Or help me to protect against the problems mentioned above. Thanks a lot.

[Adam]

Could you paste the code of your login form (in [ code ] tags)? Be able to then see how your system identifies a logged in user then..

 

Adam

[puyal]

The following are the login forms. I hope they are the ones you need.

'login.php'

<html>

<head>

<title>Login</title>

</head>

<body>

<form name="login" action="login2.php" method="post">

 

 

<table align="center"><tr>

 

<td class="title">Username</td>

<td><input name="user" size="30" autocomplete="off" value="" type="text" /></td>

 

</tr><tr>

 

<td class="title">Password</td>

<td><input name="pass" size="30" type="password" /></td>

 

</tr></table>

 

 

<p style="text-align:center;"><input type="submit" class="button" value="Login" /></p></form>

</body>

</html>

 

'login2.php'

<?php

include 'mysql-connect.php';

 

$username = $_POST['user'];

$password = $_POST['pass'];

$query1 = mysql_query("SELECT * FROM register WHERE username='$username'");

$result = mysql_num_rows($query1);

if($result == 0)

{

echo '<h1>Error!</h1>The username you specified does not exist!';

}

else

{

 

$checkuser = mysql_query("SELECT * FROM register WHERE username='$username'");

 

            $row = mysql_fetch_array($checkuser);

                            $password2 = $row['password'];

                            $status = $row['status'];

                if ($password == $password2)

                    {

                    //PUT PASSWORD PROTECTED INFORMATION HERE

    echo '<a href="shoutbox2.php">ENTER</a>';

                    }

                else

                    {

                    echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';

                    }

 

}

?>

 

[puyal]

Hi

Am I a happy man now?! I solved the problem working with my little knowledge of php and some cut and paste.

You can view it in 'http://thepsa.in/shoutbox1.php'.