Capturing username.

[jurass1c]

Heja

 

I have 2 tables in my database. One table holds the data of content posted by members and the other table holds the content of my members (username, email, password). What i am having trouble with is displaying which member makes what post, i cannot work out how to capture the members username and insert it into the content table along with the other data.

 

Below is the script i use for inserting data into my content table.

 

<?php
include 'dbc.php';
page_protect();

mysql_select_db("whit_albums", $con);

$user_ip = $_SERVER['REMOTE_ADDR'];

$sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name)

VALUES
('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_POST[user_name]' )";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  
header("Location: thankyou.php");  
  exit();

mysql_close($con)
?> 

 

As you can see i have tried using $_POST[user_name] without success. To give the guru's a beter understanding; How the website works is when a user logs in a session starts and they are directed from the login page to an account page. Once logged in they can make a post. When the user make a post and hits submit the action of the form is set to the above script (insert.php). In this script i want to capture the members username and insert it into the column "user_name" in the content table, how do i do this guys ?

 

I hope this is easy enough to understand and if anyone has a solution i would be grateful for some help.

 

Thanks.

 

 

[zeodragonzord]

My suggestion is this.  When the user first successfully logs in, store the user's username in the $_SESSION variable.  That way, the only time you'll ever need to capture a username from a $_POST is during login.  Any other time, such as making a post, you'll take it directly from the session variable, $_SESSION['username'].  This will prevent someone from fooling your script and give a fake username.  I would go a step further and store the user's user_id along with the username in the $_SESSION variable and use the user_id for determining who the user is, but use the username for display purposes.

[jurass1c]

Ok, i sort of understand what u are saying. by storing the session variable u mean simple:

 

$username = $_SESSION['user_name'];

 

then in my sql INSERT use '$username'  ? Could you maybe explain this a little better, im still not fluent, could i maybe get possible example.

[zeodragonzord]

The other way around.

 

$_SESSION['username'] = $username;//You only do this right when the user successfully logs in.

 

Then later on, you can use the $_SESSION variable directly.

 

 

$sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name)
VALUES ('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_SESSION[user_name]' )";

[jurass1c]

ok this is what i did. When user logs in successfully:

 

session_start(); 

	$_SESSION['user_id']= $id;  
	$_SESSION['user_name'] = $user_name;

 

But still i cannot capture the members user_name. Is it possible because i am trying to capture and insert into another table within the database ? i just cant seem to work this one out.

[zeodragonzord]

Can you explain?  When the user logs in, do they not enter their username?  For example:

 

 

[*]Login form:  User enters username and password.  The <form> method is POST, <form action="pagename.php" method="POST">.

[*]The script that handles login:  Takes $_POST['username'] and $_POST['password'] and logs the user in.  If login is successful, then do this:  $_SESSION['username'] = $_POST['username']

[*]Later on, anytime I want to use the username, I will use the variable $_SESSION['username'].

[jurass1c]

this is the process etc in full detail.

 

1a. Login - This is the current session variable i am using to log a user in.

 

// this sets session and logs user in  
   session_start(); 
   
   // this sets variables in the session 
	$_SESSION['user_id']= $id;  
	$_SESSION['user_name'] = $_POST['user_name'];

	//set a cookie (expiry 60 days) if user selectecs remember me

   if(isset($_POST['remember'])){
			  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days
			  setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days
			   }


	header("Location: account.php");
	}

 

1b. Included in this file is my database connect. In my database connect i use the following code to protect pages and also to start the session:

 

function page_protect() {
session_start();

//check for cookies

if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['user_name'] = $_COOKIE['user_name'];
   }


if (!isset($_SESSION['user_id']))
{
header("Location: index.php");
}

 

2a. Once the user is logged in they can post content. I use this code to post the content and insert the data into my database, this code is is my form action (insert.php):

 

<?php

include 'dbc.php';
page_protect();

mysql_select_db("whit_albums", $con);

$user_ip = $_SERVER['REMOTE_ADDR'];

$sql="INSERT INTO albums (cover, album, artist, provider, link, file_type, file_size, date, users_ip, user_name)
VALUES
('$_POST[cover]','$_POST[album]','$_POST[artist]','$_POST[provider]','$_POST[link]','$_POST[file_type]','$_POST[file_size]', now(),'$user_ip', '$_SESSION[user_name]' )";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  
header("Location: thankyou.php");  
  exit();

mysql_close($con)
?> 

 

2b. This is where i am having my issue, as i mentioned in my first post i cannot capture the users name making the post and insert it into the database.  As you can see in 1a I tried $_SESSION['user_name'] = $_POST['user_name']; and then i used(2a) $_SESSION[user_name] to capture and it failed. Any idea's ?

[zeodragonzord]

Do you have a session_start() in the in the beginning of the insert.php page somewhere?  You'll need session_start() on every page that you want to store and use $_SESSION.

[jurass1c]

yeah i have tried that. with no success.... i am lost on what to do.

[zeodragonzord]

Try this.  When you first log in, after you store the username into the $_SESSION, do a var_dump on it to see if it actually is stored.  Render the page and see if the username shows up.  You'll need to comment out the redirect code (header()) so it doesn't draw the page and redirect before you have a chance to look at it.

 

var_dump($_SESSION);

 

 

On your insert.php page, do the same thing to see if you have any thing in the $_SESSION variable.

[jurass1c]

i dont really know what u mean by that var_dump($_SESSION);

[zeodragonzord]

var_dump() basically takes in any variable and prints it on the page, you'll be able to see data/attributes.  It's a method for testing.

 

On your login page, try this and see if anything shows up on your page.

// this sets session and logs user in  
session_start(); 
// this sets variables in the session 
$_SESSION['user_id']= $id;  
$_SESSION['user_name'] = $_POST['user_name'];

var_dump($_SESSION);

 

Remember to remove this line so you redirect the page, just for testing purposes.

header("Location: account.php");

 

 

Take a look and if the username is printed on the page, then the variable is set correctly.

[jurass1c]

Nothing showed up i was directed to my account.... Even with header taken out and all directing links.

[zeodragonzord]

It might have other code somewhere that is redirecting your page.  In any case, create a new page, put a session_start() and var_dump() and see what you get.

 

<?php
session_start();
var_dump($_SESSION);
?>

[jurass1c]

ok sweet now we are getting somewhere, here is what i got

 

array(2) { ["user_id"]=>  string(2) "50" ["user_name"]=>  NULL }

 

 

[zeodragonzord]

That just means your code that is setting the username is setting it correctly.  Was something misspelled?  Perhaps it's username instead of user_name?

 

When you did this, $_POST['user_name'] is probably empty.

$_SESSION['user_name'] = $_POST['user_name'];

[jurass1c]

i tried that variable and nothing. The only code relation to $username is:

 

function isUserID($username)
{
if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
	return true;
} else {
	return false;
}
}	

 

The above code is just a function. In my database in the "users" table the column is named "user_name" and in my other table "content" it has the same name, could this be the reason ?.... where do we go from here ?

[zeodragonzord]

It won't matter what your database table column is called.  It only matters what gets assigned to $_SESSION['user_name'].  You'll need to check why $_POST['user_name'] doesn't have a username.

 

var_dump() is a good tool.  Try using that on $_POST and see if it actually does return a username.

[jurass1c]

i got:

 

array(0) { }

 

 

[zeodragonzord]

You should be getting those values from a form correct?  Check that the login form uses the method="post".

 

<form action="mypage.php" action="post">

[jurass1c]

everything seems to be fine there. still no username.

[jurass1c]

has anyone got any ideas on how i can resolve this one ?

 

[zeodragonzord]

Are you getting the username anywhere at all?  Since you have a login form, you are taking the username and password at some point to validate if those are the correct credentials; were you not able to get the username from that block of code?  If not, then how are you validating the user?  Check your login form and look at the form.  What is the name of the password field?  What is the value of the action attribute (the page name)?  Does the form method = "post"?  Post your login form HTML source and maybe that will shed some light.

[jurass1c]

here is the login script, the included file and the insert script where i want to capture the the user name of the user and i still cannot see why it's not working.

 

The forms action is set to method post and the action submits to check.php.

 

this is check.php.

 

<?php 
/*************** START *********************/

include 'db.php';

$user_email = mysql_real_escape_string($_POST['usr_email']);
$md5pass = md5(mysql_real_escape_string($_POST['pwd']));


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";
    
}


$sql = "SELECT `id`,`user_name`,`approved` FROM users WHERE 
           $user_cond
		AND `pwd` = '$md5pass' AND `banned` = '0'
		"; 


$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

// Match row found with more than 1 results  - the user is authenticated. 

    if ( $num > 0 ) { 

list($id,$approved) = mysql_fetch_row($result);

if(!$approved) {
$msg = "Account not activated. Please check your email for activation code";
header("Location:login.php?msg=$msg");
 exit();
 }

     // this sets session and logs user in  
   session_start(); 
   
   // this sets variables in the session 
	$_SESSION['user_id']= $id;  
	$_SESSION['user_name']= $_POST['user_name'];


	//set a cookie witout expiry until 60 days
   if(isset($_POST['remember'])){
			  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days
			  setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/"); //60 sec * 60 min * 24 hours * 60 days
			   }


	header("Location: account.php");
	}
	else
	{
	$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
	header("Location:login.php?msg=$msg");
	}


?>

 

this is the included file:

 

<?php
/******************** MAIN SETTINGS **********************/

$dbname = 'one';
$link = mysql_connect("localhost","two","three") or die("Couldn't make connection.");
$db = mysql_select_db($dbname, $link) or die("Couldn't select database");

/******************** ADMIN *****************************/

$admin_user = 'exampleadmin';
$admin_pass = 'examplepassword;

/******************** PAGE PROTECT CODE  ***************/

function page_protect() {
session_start();

//check for cookies

if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['user_name'] = $_COOKIE['user_name'];
   }


if (!isset($_SESSION['user_id']))
{
header("Location: login.php");
}

/******************************************************/

}

function filter($data) {
$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
	$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}

function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

    $str = substr($str,0,$len);
    if ($spc_pos = strrpos($str," "))
            $str = substr($str,0,$spc_pos);

    return $str . "...";
}	

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

function isUserID($username)
{
if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
	return true;
} else {
	return false;
}
}	

function isURL($url) 
{
if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
	return true;
} else {
	return false;
}
} 

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }

if (strcmp($x,$y) != 0) {
return false;
} 
return true;
}

?>

 

those 2 files log my user in. Now here is where i want to capture the username.

 

<?php
include 'db.php';
page_protect();


$user_ip = $_SERVER['REMOTE_ADDR'];

$sql="INSERT INTO example (cover, album, artist, date, users_ip, user_name,  album_year)

VALUES
('$_POST[cover]','$_POST[album]','$_POST[artist]', now(), '$user_ip',  '$_SESSION[user_name]',  '$_POST[album_year]')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
  
header("Location: share.php");  
  exit();

?> 

 

i just cannot capture the user_name in the database.

[Wolphie]

Post the HTML form code.