Jump to content

PHP Code Help - PLEASE

Guest

By Guest
in PHP Coding Help

 Share

Recommended Posts

Guest

Guest

Posted
Posted

What the code below does is show this: img526.imageshack.us/img526/1584/phpcode.png

 

My problem is, when I click "Add new post," I can post blank titles, usernames, and messages.  I can also post as anyone else because I'm not sure how to get this code to work with a username checker.  Basically, what I want is this same code, but with the ability to check if someone already has the username they're trying to post as, and to not allow blank titles, names, or messags.

 

<?php 
$tid = $_GET['tid'];
require "global.php";

if ($_POST)
{
$user = $_POST['user'];
$message = $_POST['message'];
$date = time();

$data = sprintf("INSERT INTO posts VALUES (DEFAULT, $tid, '$user','$message',$date)");
mysql_query($data);
}

$row = fetch("SELECT count(*) FROM posts WHERE tid = ".$tid);
$posts = $row[0];
echo '<table><tr><th>Message...</th><th>User and Time</th></tr>';
for ($i = 0; $i < $posts; $i++)
{
$row = fetch("SELECT user,message,dateline FROM posts WHERE tid = ".$tid." ORDER BY pid ASC LIMIT ".$i.",1");
$user = $row[0];
$message = str_replace("\n","<br />",$row[1]);
$date = date('M-j-Y g:ia',$row[2]);
echo '<table width=100% style="border-right: 4px solid #101010; border-left: 4px solid #101010; border-bottom: 4px solid #101010; border-top: 4px solid #101010;"><tr><td width="100%" valign="top"></td></tr><tr><td width=100% colspan=2 id="firstp"></td><tr><td>'.$message.'</td><td>'.$user.'<br /><em>'.$date.'</em></td></tr>';
}
echo '</table>
<hr /><h2>Post a reply</h2>
<form action="" method="POST">
<table>
<tr><td>Username</td><td><input name="user" /></td></tr>
<tr><td><font color=white>Password:</font></td><td><input type="password" name="pass" maxlength="10"></td></tr>
<tr><td valign="top">Message</td><td><textarea name="message" rows="10" cols="50"></textarea></td></tr>
</table>
<input type="submit" value=" Add reply " />
</form>';

?>

 

 

I also have this code above the one above, but this code below won't work:

 

<?php 
// Connects to your Database 

mysql_connect("localhost", "xxxxxxxxx", "xxxxxxxxx") or die(mysql_error()); 

mysql_select_db("xxxxxxxxxxxx") or die(mysql_error()); 


//This code runs if the form has been submitted

if (isset($_POST['submit'])) { 


// checks if the username is in use

	if (!get_magic_quotes_gpc()) {

		$_POST['username'] = addslashes($_POST['username']);

	}

$usercheck = $_POST['username'];

$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 

or die(mysql_error());

$check2 = mysql_num_rows($check);


//if the name exists it gives an error

if ($check2 != 0) {

		die('Sorry, the username '.$_POST['username'].' is already in use.');

				}


// now we insert it into the database

	$insert = "INSERT INTO users (username, password)

			VALUES ('".$_POST['username']."', '".$_POST['pass']."')";

	$add_member = mysql_query($insert);
}
	?>

Link to comment
https://forums.phpfreaks.com/topic/257082-php-code-help-please/
Share on other sites
Guest

Guest

Posted
Posted

Do I post this right after my <?php tag?

$SQL = mysql_query("SELECT user FROM post WHERE user= '$user"); 
if(mysql_num_rows($SQL59) >= 1){ ; ?>
<script language="javascript"> 
alert("Username already in use")
</script> <? } else {

 

And which part of my code do you mean by "rest of your code?"

Guest

Guest

Posted
Posted

I do have a login system, but even when someone is logged in, when anyone goes to a forum to make a new post, anyone can post as anyone still.  Like, the login system acts as a totally different system for when you make a reply or add a new post.  I don't get it.

But uh, going back to what you said: Yes, anyone can just enter any username.

lilgezuz Newbie

lilgezuz

Posted
Posted

I do have a login system, but even when someone is logged in, when anyone goes to a forum to make a new post, anyone can post as anyone still.  Like, the login system acts as a totally different system for when you make a reply or add a new post.  I don't get it.

But uh, going back to what you said: Yes, anyone can just enter any username.

 

Do you have it setup when someone login, it creates a session?

lilgezuz Newbie

lilgezuz

Posted
Posted

Hm.......I...don't think so.  I have multiple PHP files so I could make a "new post" page, "reply to post" page, etc.

So uh, no, I don't.  I could paste the full PHP code here I'm trying to get this to work with?

 

It just doesnt make sense the way you are doing it.  Because once someone makes a post with a username they wont be able to make another post because that username was already used in a post.  You need to look into sessions.  so when a user logins and all the checks go through ok then it creates a new session. Then you can use some php to pull data for the username name depending on the logged session

Guest

Guest

Posted
Posted

It's because I made my own forum system.  Like, the logins aren't incorporated with the "new post" and "add a reply" boxes within the forums.

 

Here's the whole code for the new post system:

<center>
<table height="300px" bgcolor="#FFFF00" cellspacing="1" width="75%">
<tbody>
<tr>
<td>
<table height="433" bgcolor="#000000" cellpadding="10px" cellspacing="1" width="995">
<tbody>
<tr>
<td bgcolor="#000000" valign="top" width="20%">

<div id="menu" align="right" >
<a href="/forums/index.php">HOME</a> | 
<a href="mailto:[email protected]">CONTACT</a> | 
<a href="">ABOUT (soon)</a>
</div>

<?php 
$fid = $_GET['fid'];
require "global.php"; 
if ($_POST)
{
$user = $_POST['user'];
$password = $_POST['password'];
$message = $_POST['message'];
$title = $_POST['title'];
$date = time();

$data = sprintf("INSERT INTO threads VALUES (DEFAULT, $fid, '$title', $date)");
mysql_query($data);
$tid = mysql_insert_id();
$data = sprintf("INSERT INTO posts VALUES (DEFAULT, $tid, '$user', '$message', $date)");
mysql_query($data);
header( 'Location: viewthread.php?tid='.$tid );
exit;
}
echo '
<font size=5><b>Add a New Post:</b></font>
<form action="" method="POST">
<table>
<tr><td>Username:</td><td><input name="user" /></td></tr>
<tr><td>Password (optional):</td><td><input type="password" name="password"></td></tr>
<tr><td>Post Title:</td><td><input name="title" /></td></tr>
<tr><td valign="top">Message: </td><td><textarea rows="10" cols="50" name="message"></textarea></td></tr>
</table>
<input type="submit" value=" Add new post " />
</form>';
?>
</td></tr></tbody></table></td></tr></tbody></table><br />
</center>

 

And then here is the register php code:

<?php 
// Connects to your Database 

mysql_connect("localhost", "xxxxxxxxx", "xxxxxxx") or die(mysql_error()); 

mysql_select_db("xxxxxxxxxxx") or die(mysql_error()); 


//This code runs if the form has been submitted

if (isset($_POST['submit'])) { 



//This makes sure they did not leave any fields blank

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {

		die('You did not complete all of the required fields');

	}



// checks if the username is in use

	if (!get_magic_quotes_gpc()) {

		$_POST['username'] = addslashes($_POST['username']);

	}

$usercheck = $_POST['username'];

$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 

or die(mysql_error());

$check2 = mysql_num_rows($check);



//if the name exists it gives an error

if ($check2 != 0) {

		die('Sorry, the username '.$_POST['username'].' is already in use.');

				}


// 


	if ($_POST['pass'] != $_POST['pass2']) {

		die('Your passwords did not match. ');

	}



	// here we encrypt the password and add slashes if needed

	$_POST['pass'] = md5($_POST['pass']);

	if (!get_magic_quotes_gpc()) {

		$_POST['pass'] = addslashes($_POST['pass']);

		$_POST['username'] = addslashes($_POST['username']);

			}



// now we insert it into the database

	$insert = "INSERT INTO users (username, password)

			VALUES ('".$_POST['username']."', '".$_POST['pass']."')";

	$add_member = mysql_query($insert);

	?>



<BODY bgcolor="#000000">
<h1><font color=white>Registered</font></h1>

<p><font color=white>Thank you, you have registered.  <font size=4><a href="/forums/login.php"><font color="#FFCC00">Login here</font></a></font></a>.</font></p>

<?php 
} 

else 
{	
?>

<BODY bgcolor="#000000">
<div style="color: #ffcc00; font-size: 14pt; background-color: #000040; padding-left: 5px; font-weight: bold; border-bottom: 1px solid #000000;">User Register</div>
<div style="background-color: #000060;padding: 10px; color: #FFFFFF; margin-bottom: 20px;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table border="0">

<tr><td><font color=white>Username:</font></td><td>

<input type="text" name="username" maxlength="60">

</td></tr>

<tr><td><font color=white>Password:</font></td><td>

<input type="password" name="pass" maxlength="10">

</td></tr>

<tr><td><font color=white>Confirm Password:</font></td><td>

<input type="password" name="pass2" maxlength="10">

</td></tr>

<tr><th colspan=2><input type="submit" name="submit" 
value="Register"></th></tr> </table>

</form>


<?php

}
?>

 

Do I have to somehow link the one database to both that register PHP code and the new post PHP code?

 

Edit: The Register PHP code works 100% fine like I want it to. 

lilgezuz Newbie

lilgezuz

Posted
Posted

That is what I was talking about at the end of your login script you need to have it create a session something like

 

$_SESSION['user'] = $username

 

then on your new post you can use session_start()

 

look at php.net for more info.  I don't have the time to go through it all

lilgezuz Newbie

lilgezuz

Posted
Posted

End of the login script, or the register script?  'Cause that 2nd php code I pasted is the register script.  And alright.

 

bot pages, if its a first time user they will be using the register script and users coming back will use the login.  Why don't you just get a free forum software alot easier

Guest

Guest

Posted
Posted

I added this session code to the end of my login page:

<?php

session_start();

if($_SERVER['REQUEST_METHOD'] == "POST") {
     $result = mysql_query("SELECT * FROM users WHERE username='" . $_POST['username'] . "' AND password=md5('" . $_POST['password'] . "')", $dbh);
     if(mysql_num_rows($result) > 0) {
         $_SESSION['is_logged_in'] = 1;
     }
}

if(!isset($_SESSION['is_logged_in'])) {
    // display your login here
} else {
    header("location:index.php");
}
?>

 

Now what is the exact PHP code I should add to the register & new post pages?

This?

<?php
session_start();
// store session data
$_SESSION['views']=1;
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.