jurass1c Posted March 28, 2010 Share Posted March 28, 2010 Heja I have 2 tables in my database. One table holds the data of content posted by members and the other table holds the content of my members (username, email, password). What i am having trouble with is displaying which member makes what post, i cannot work out how to capture the members username and insert it into the content table along with the other data. Below is the script i use for inserting data into my content table. <?php include 'dbc.php'; page_protect(); mysql_select_db("whit_albums", $con); $user_ip = $_SERVER['REMOTE_ADDR']; $sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name) VALUES ('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_POST[user_name]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } header("Location: thankyou.php"); exit(); mysql_close($con) ?> As you can see i have tried using $_POST[user_name] without success. To give the guru's a beter understanding; How the website works is when a user logs in a session starts and they are directed from the login page to an account page. Once logged in they can make a post. When the user make a post and hits submit the action of the form is set to the above script (insert.php). In this script i want to capture the members username and insert it into the column "user_name" in the content table, how do i do this guys ? I hope this is easy enough to understand and if anyone has a solution i would be grateful for some help. Thanks. Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 28, 2010 Share Posted March 28, 2010 My suggestion is this. When the user first successfully logs in, store the user's username in the $_SESSION variable. That way, the only time you'll ever need to capture a username from a $_POST is during login. Any other time, such as making a post, you'll take it directly from the session variable, $_SESSION['username']. This will prevent someone from fooling your script and give a fake username. I would go a step further and store the user's user_id along with the username in the $_SESSION variable and use the user_id for determining who the user is, but use the username for display purposes. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 28, 2010 Author Share Posted March 28, 2010 Ok, i sort of understand what u are saying. by storing the session variable u mean simple: $username = $_SESSION['user_name']; then in my sql INSERT use '$username' ? Could you maybe explain this a little better, im still not fluent, could i maybe get possible example. Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 28, 2010 Share Posted March 28, 2010 The other way around. $_SESSION['username'] = $username;//You only do this right when the user successfully logs in. Then later on, you can use the $_SESSION variable directly. $sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name) VALUES ('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_SESSION[user_name]' )"; Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 28, 2010 Author Share Posted March 28, 2010 ok this is what i did. When user logs in successfully: session_start(); $_SESSION['user_id']= $id; $_SESSION['user_name'] = $user_name; But still i cannot capture the members user_name. Is it possible because i am trying to capture and insert into another table within the database ? i just cant seem to work this one out. Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 28, 2010 Share Posted March 28, 2010 Can you explain? When the user logs in, do they not enter their username? For example: [*]Login form: User enters username and password. The <form> method is POST, <form action="pagename.php" method="POST">. [*]The script that handles login: Takes $_POST['username'] and $_POST['password'] and logs the user in. If login is successful, then do this: $_SESSION['username'] = $_POST['username'] [*]Later on, anytime I want to use the username, I will use the variable $_SESSION['username']. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 this is the process etc in full detail. 1a. Login - This is the current session variable i am using to log a user in. // this sets session and logs user in session_start(); // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name'] = $_POST['user_name']; //set a cookie (expiry 60 days) if user selectecs remember me if(isset($_POST['remember'])){ setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days } header("Location: account.php"); } 1b. Included in this file is my database connect. In my database connect i use the following code to protect pages and also to start the session: function page_protect() { session_start(); //check for cookies if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){ $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; } if (!isset($_SESSION['user_id'])) { header("Location: index.php"); } 2a. Once the user is logged in they can post content. I use this code to post the content and insert the data into my database, this code is is my form action (insert.php): <?php include 'dbc.php'; page_protect(); mysql_select_db("whit_albums", $con); $user_ip = $_SERVER['REMOTE_ADDR']; $sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name) VALUES ('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_SESSION[user_name]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } header("Location: thankyou.php"); exit(); mysql_close($con) ?> 2b. This is where i am having my issue, as i mentioned in my first post i cannot capture the users name making the post and insert it into the database. As you can see in 1a I tried $_SESSION['user_name'] = $_POST['user_name']; and then i used(2a) $_SESSION[user_name] to capture and it failed. Any idea's ? Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 Do you have a session_start() in the in the beginning of the insert.php page somewhere? You'll need session_start() on every page that you want to store and use $_SESSION. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 yeah i have tried that. with no success.... i am lost on what to do. Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 Try this. When you first log in, after you store the username into the $_SESSION, do a var_dump on it to see if it actually is stored. Render the page and see if the username shows up. You'll need to comment out the redirect code (header()) so it doesn't draw the page and redirect before you have a chance to look at it. var_dump($_SESSION); On your insert.php page, do the same thing to see if you have any thing in the $_SESSION variable. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 i dont really know what u mean by that var_dump($_SESSION); Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 var_dump() basically takes in any variable and prints it on the page, you'll be able to see data/attributes. It's a method for testing. On your login page, try this and see if anything shows up on your page. // this sets session and logs user in session_start(); // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name'] = $_POST['user_name']; var_dump($_SESSION); Remember to remove this line so you redirect the page, just for testing purposes. header("Location: account.php"); Take a look and if the username is printed on the page, then the variable is set correctly. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 Nothing showed up i was directed to my account.... Even with header taken out and all directing links. Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 It might have other code somewhere that is redirecting your page. In any case, create a new page, put a session_start() and var_dump() and see what you get. <?php session_start(); var_dump($_SESSION); ?> Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 ok sweet now we are getting somewhere, here is what i got array(2) { ["user_id"]=> string(2) "50" ["user_name"]=> NULL } Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 That just means your code that is setting the username is setting it correctly. Was something misspelled? Perhaps it's username instead of user_name? When you did this, $_POST['user_name'] is probably empty. $_SESSION['user_name'] = $_POST['user_name']; Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 i tried that variable and nothing. The only code relation to $username is: function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } The above code is just a function. In my database in the "users" table the column is named "user_name" and in my other table "content" it has the same name, could this be the reason ?.... where do we go from here ? Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 It won't matter what your database table column is called. It only matters what gets assigned to $_SESSION['user_name']. You'll need to check why $_POST['user_name'] doesn't have a username. var_dump() is a good tool. Try using that on $_POST and see if it actually does return a username. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 i got: array(0) { } Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 29, 2010 Share Posted March 29, 2010 You should be getting those values from a form correct? Check that the login form uses the method="post". <form action="mypage.php" action="post"> Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 29, 2010 Author Share Posted March 29, 2010 everything seems to be fine there. still no username. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted March 30, 2010 Author Share Posted March 30, 2010 has anyone got any ideas on how i can resolve this one ? Quote Link to comment Share on other sites More sharing options...
zeodragonzord Posted March 30, 2010 Share Posted March 30, 2010 Are you getting the username anywhere at all? Since you have a login form, you are taking the username and password at some point to validate if those are the correct credentials; were you not able to get the username from that block of code? If not, then how are you validating the user? Check your login form and look at the form. What is the name of the password field? What is the value of the action attribute (the page name)? Does the form method = "post"? Post your login form HTML source and maybe that will shed some light. Quote Link to comment Share on other sites More sharing options...
jurass1c Posted April 7, 2010 Author Share Posted April 7, 2010 here is the login script, the included file and the insert script where i want to capture the the user name of the user and i still cannot see why it's not working. The forms action is set to method post and the action submits to check.php. this is check.php. <?php /*************** START *********************/ include 'db.php'; $user_email = mysql_real_escape_string($_POST['usr_email']); $md5pass = md5(mysql_real_escape_string($_POST['pwd'])); if (strpos($user_email,'@') === false) { $user_cond = "user_name='$user_email'"; } else { $user_cond = "user_email='$user_email'"; } $sql = "SELECT `id`,`user_name`,`approved` FROM users WHERE $user_cond AND `pwd` = '$md5pass' AND `banned` = '0' "; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); // Match row found with more than 1 results - the user is authenticated. if ( $num > 0 ) { list($id,$approved) = mysql_fetch_row($result); if(!$approved) { $msg = "Account not activated. Please check your email for activation code"; header("Location:login.php?msg=$msg"); exit(); } // this sets session and logs user in session_start(); // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name']= $_POST['user_name']; //set a cookie witout expiry until 60 days if(isset($_POST['remember'])){ setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days } header("Location: account.php"); } else { $msg = urlencode("Invalid Login. Please try again with correct user email and password. "); header("Location:login.php?msg=$msg"); } ?> this is the included file: <?php /******************** MAIN SETTINGS **********************/ $dbname = 'one'; $link = mysql_connect("localhost","two","three") or die("Couldn't make connection."); $db = mysql_select_db($dbname, $link) or die("Couldn't select database"); /******************** ADMIN *****************************/ $admin_user = 'exampleadmin'; $admin_pass = 'examplepassword; /******************** PAGE PROTECT CODE ***************/ function page_protect() { session_start(); //check for cookies if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){ $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; } if (!isset($_SESSION['user_id'])) { header("Location: login.php"); } /******************************************************/ } function filter($data) { $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } function EncodeURL($url) { $new = strtolower(ereg_replace(' ','_',$url)); return($new); } function DecodeURL($url) { $new = ucwords(ereg_replace('_',' ',$url)); return($new); } function ChopStr($str, $len) { if (strlen($str) < $len) return $str; $str = substr($str,0,$len); if ($spc_pos = strrpos($str," ")) $str = substr($str,0,$spc_pos); return $str . "..."; } function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } function isURL($url) { if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) { return true; } else { return false; } } function checkPwd($x,$y) { if(empty($x) || empty($y) ) { return false; } if (strlen($x) < 4 || strlen($y) < 4) { return false; } if (strcmp($x,$y) != 0) { return false; } return true; } ?> those 2 files log my user in. Now here is where i want to capture the username. <?php include 'db.php'; page_protect(); $user_ip = $_SERVER['REMOTE_ADDR']; $sql="INSERT INTO example (cover, album, artist, date, users_ip, user_name, album_year) VALUES ('$_POST[cover]','$_POST[album]','$_POST[artist]', now(), '$user_ip', '$_SESSION[user_name]', '$_POST[album_year]')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } header("Location: share.php"); exit(); ?> i just cannot capture the user_name in the database. Quote Link to comment Share on other sites More sharing options...
Wolphie Posted April 7, 2010 Share Posted April 7, 2010 Post the HTML form code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.