getting username to display the variable

[rdkd1970]

I am using $_SESSION[username] to connect to another table and to display and add the variable to the table with no luck. How can I set this up. I know there is a way but I am not getting it. post_author and post_author_id are suppose to go into the db when I hit the submit button but only the post_author_id is responding.

 

I have the errors ALL set up and it keeps letting me know the variable is undefined. When I put the $_SESSION[username] as the $_SESSION[sESS_ID] it displayed the id of the member. I have put the variable at the beginning as $username - ''; right now the line that is showing as error is

 

$post_author = preg_replace('#[^0-9]#i', '', $_SESSION['username']);

 

this is part of the file that is suppose to activate the info add to the db and display the username onto the page.

 

if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '') || isset($_SESSION['username'])) { 
   '<a href="http://www.blessedtalk.com">Register Account</a>
    |    
 <a href="http://www.blessedtalk.com/login-form.php">Log In</a>';
   }

// Check the HTTP_REFERER for light level security
$ref = parse_url($_SERVER['HTTP_REFERER']); 
$host = $ref["host"];
if ($host != "www.blessedtalk.com") {
echo "Please log in at the home page.";
exit();
}

$id = "";
$username = "";
$firstname = "";
$lastname = "";
$post_author = "";	
// ------- ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

if (isset($_GET['id'])) {
 $id = $_GET['id']; // filter everything but numbers
} else if (isset($_SESSION['SESS_ID'])) {
 $id = $_SESSION['SESS_ID'];
} else {
   '<a href="http://www.blessedtalk.com/login-form.php">Log In</a>';
   
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------
// ------- FILTER THE ID AND QUERY THE DATABASE --------
$sql = mysql_query("SELECT username, id FROM `myMembers` WHERE id='".$_SESSION["SESS_ID"]."'"); // query the member
// ------- FILTER THE ID AND QUERY THE DATABASE --------

// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount < 1 ) { // evaluate the count
 header("location: index.php?msg=user_does_not_exist");
     exit();
}
while($row = mysql_fetch_array($sql)){ 
    $username = $row["username"];
$post_author = $row["username"];
$post_author_id = $row["id"];
}

// Be sure all form variables are present to proceed
if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) {
echo "Important variables from the form are missing.";
exit();
}
// Filter all of the common variables
$post_type = $_POST['post_type']; 
$post_body = $_POST['post_body'];
$post_body = nl2br(htmlspecialchars($post_body));
$post_body = mysql_real_escape_string($post_body);
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); 
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); 
$member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); 
$post_author = preg_replace('#[^0-9]#i', '', $_SESSION['username']); 
$member_password = mysql_real_escape_string($_POST['upass']);

$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
    echo "ERROR: That forum section does not exist.";
    exit();
}
// Prevent this member from posting more than 30 times in one day
$sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32");
$numRows = mysql_num_rows($sql);
if ($numRows > 30) {
echo "ERROR: You can post only 30 times per day. Your maximum has been reached.";
    exit();
}
if ($post_type == "a") {
$post_title = preg_replace('#[^A-za-z0-9 ?!.,]#i', '', $_POST['post_title']);	
if ($post_title == "") { echo "The Topic Title is missing."; exit(); }
if (strlen($post_title) < 10) { echo "Your Topic Title is less than 10 characters."; exit(); }
$sql = mysql_query("INSERT INTO forum_posts (post_author, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) 
     VALUES('$post_author','$member_id',now(),'a','$forum_section_title','$forum_section_id','$post_title','$post_body')") or die (mysql_error());
$this_id = mysql_insert_id();
//$sql = mysql_query("UPDATE forum_posts SET otid='$this_id' WHERE id='$this_id'"); 
header("location: view_thread.php?id=$this_id"); 
    exit();
}

[rbrown]

I didn't see where you started your session.

And you set the $_SESSION vars like this:

$_SESSION['username'] = "whatever";

 

Or use a if statement so when they aren't set you set them before.

 

session_start();  
if(!isset($_SESSION['username'])) {
code to set $_SESSION['username'] = "";
} else {
code to start using $_SESSION['username']
}

echo "username = ". $_SESSION['username']; 

 

plus....

 

print_r($_SESSION); is your friend...

 

A trick I use is I set a vars like $test, $fax_test, etc... at the top of the script and then throughout my script I have various statements like below so I can see what is happening in each section. And I can turn the tests on and off and like in the last one, I can stop it from emailing and just see what it will send instead.

 

if($test == 1) {
echo'<b>$file_name_exploded_extension array printed below:</b><hr>'; 
print_r($file_name_exploded_extension); 
echo'<hr>';}

if($fax_test == 1) {
echo'<b>$Fax_File_Number_Array array printed below:</b><hr>'; 
print_r($Fax_File_Number_Array);
echo'<hr>';}

if($POST_test == 1) {
echo'<b>$_POST array printed below:</b><hr>'; 
print_r($_POST);
echo'<hr>';}


if($email_test == 1) {
echo '<hr color="orange">'.$from_email_address.'<span style="color: black; font-weight:bold;"> = $from_email_address</span><br>'.$from_actual_name.'<span style="color: black; font-weight:bold;"> = $from_actual_name</span><br>'.$to_email_address.'<span style="color: black; font-weight:bold;"> = $to_email_address</span><br>'.$to_actual_name.'<span style="color: black; font-weight:bold;"> = $to_actual_name</span><br>'.$File_Path.'<span style="color: black; font-weight:bold;"> = $File_Path</span><hr color="orange">';
} else {
SendAuthEmail($from_email_address, $from_actual_name, $to_email_address, $to_actual_name, $subject, $message, $File_Path);
}

 

 

 

[rdkd1970]

I tried this at first it was using another test member username then it stopped all together. It seems as if this section is not recognizing the connection between post_author and username according to the settings. Yesterday i changed the while statement with post_author from $row[username] to username it went through but today I tried another test name no luck.

 

$post_type = $_POST['post_type']; 
$post_body = $_POST['post_body'];
$post_body = nl2br(htmlspecialchars($post_body));
$post_body = mysql_real_escape_string($post_body);
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); 
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); 
$member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); 
$post_author =  preg_replace('#[^0-9]#i', '', $_SESSION['username']); 
$member_password = mysql_real_escape_string($_POST['upass']);

 

All of these are working besides the post_author to the username.

[rbrown]

Sorry for the delay...

After looking at it again, you should have set the $_SESSION['username'] on the login page before it get to this page. So that way you don't have to re-look for the username. And you have one less data query.

 

if you print_r the session before and after the "// ------- FILTER THE ID AND QUERY THE DATABASE --------" you won't see that the $_SESSION['username'] has been set.

 

At the point where it filters the data, you should have already checked and set the session id and username so all you should be dealing with at that point is the $_POST - body, message and section. So rechecking it is redundant.

 

Your code flow needs to be changed. I would do this...

 

on the "login" page you should check and set the id/un

 

on your page to "post" a forum message you should check for the id/un if the $SESSION UN not set then it takes them to the "login" page. then have your forum section as a drop down box so you don't need to check that when they get to submitting it to the database section.

 

But I would have this "post" page the same as this page so when it errors it shows them the form with all the data they typed in so they don't have to retype it in again. Use your isset $_POST to switch between the forms. you can use the same form just put an if statement inside each form section you want them to enter data.

 

Here is a couple of sections of code I use and (it looks complicated, but I'm passing vars as the name of the input or select. These are inside a switch statement so based on the "type" it uses the rest of the vars to set the form inputs without having to type them all in for each form.)

So in the "input section" I have (

echo PostMaker('NumberSelector_LMP-Month_1_1_12');

echo PostMaker('NumberSelector_LMP-Day_2_1_31');

echo PostMaker('NumberSelector_LMP-Year_3_1920_2022');

 

and in the posted section I have

 

echo PostValues('NumberSelector_LMP-Month_1_1_12');

echo PostValues('NumberSelector_LMP-Day_2_1_31');

echo PostValues('NumberSelector_LMP-Year_3_1920_2022');

 

So I don't have to sit there and type in all the field values for each one.

Like with the Year in the exampe above all I have to do is change 1920 to 1960 and it will display from 1960 to 2022 on the fly without having to edit the select statement.

 

I set the $postvalue = $_POST['value'] (if set or not.) before it get to these. Plus as you can see I also change the display order of the doctor title with in the same form. (Dr. John Doe or Sam Smith RPA).

 

 

// input box
		echo"\r\n";
		if($postvalue == '') {
			echo '<input type="text" name="'.$type.'_'.$name.'_'.$group_order.'_'.$minrange.'_'.$maxrange.'" size="'.$minrange.'" maxlenght="'.$maxrange.'" value="">';
			echo"\r\n";
		} else {
			echo '<input type="text" name="'.$type.'_'.$name.'_'.$group_order.'_'.$minrange.'_'.$maxrange.'" size="'.$minrange.'" maxlenght="'.$maxrange.'" value="'.$postvalue.'">';
			echo"\r\n";
		}
//dropdown box

		echo"\r\n";
		/* Doctor_ID  Doctor_First_Name  Doctor_Last_Name  Doctor_Title */
		/* START Display Doctors */
		echo '<select name="'.$type.'_'.$name.'_'.$group_order.'_'.$minrange.'_'.$maxrange.'">';
		echo"\r\n";
		$sql = "SELECT * FROM premier_forms.doctors ORDER BY Doctor_Last_Name";
		$rs = mysql_query($sql);
		if($postvalue == '') {
			echo'<option value ="" selected>--</option>';
			while($row = mysql_fetch_array($rs)) {
				if($row['Doctor_Title'] == 'Dr.') {
					echo '<option value="'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'">'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'</option>';
					echo"\r\n";
				} else {
					echo '<option value="'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].'">'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].'</option>';
					echo"\r\n";
				}
			}
		} else {
			while($row = mysql_fetch_array($rs)) {
				if($row['Doctor_Title'] == 'Dr.') {
					if($postvalue == $row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name']) {
						echo '<option value="'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'" selected>'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'</option>';
						echo"\r\n";
					} else {
						echo '<option value="'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'">'.$row['Doctor_Title'].' '.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].'</option>';
						echo"\r\n";
					}
				} else {
					if($postvalue == $row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title']) {
						echo '<option value="'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].' selected">'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].'</option>';
						echo"\r\n";
					} else {
						echo '<option value="'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].'">'.$row['Doctor_First_Name'].' '.$row['Doctor_Last_Name'].' '.$row['Doctor_Title'].'</option>';
						echo"\r\n";
					}
				}
			}
		}
		echo '</select>';
		echo"\r\n";
		/* END Display Doctors */

 

So what happens with my form is they have to keep submitting until all the fields have been set and checked before it allows them to actually post the form. It also shows at the top of the page which field is incorrect or blank. (some have over 138 fields, so if it "blanked" the form each time there was an error, the doctors would not be happy campers. I get mad when I only have a few fields and have to start over on some sites.) The "Submit" button changes to a "Fax it" button once all checks have been completed. Then once it has been faxed then it takes them back to the form selection page. There are only 4 pages - login, form selection (12 different forms), the form, and the form functions.

 

Plus if you are limiting them to X amount of posts, after they login, why not show them the count of how many more posts they have left for the day, since you are checking the id/un anyway? And if they are at the limit don't show them the form, just tell them they have reached their limit and to come back tommorrow.

 

That way if all the $_POST vars check, and they are under their limit, you then just put it into the db and then display it has been posted or take them to their post.

 

 

I hope this helps you redesign the flow of your script.

 

 

 

 

 

 

[rdkd1970]

I got it. I had not set $_SESSION['username'] on the form that sends out the information which was on another file as this file was the parse file. Thanks for all your help. I appreciate it.