Jump to content

Posting "Username" in News section Issues

AEdwards

By AEdwards
in PHP Coding Help

Recommended Posts

AEdwards Newbie

AEdwards

Posted
Posted

Hello,

I've just made a News system for a website i've been working on using, It has all been going fine-and-dandy. Until...

 

My boss has asked me to add in a simple Login feature so people don't have to type there names in every form they fill-out when they use the website, My major problem is I can't get the news field to display the Login "Username" in the news, It's kind of a head-ache. (This is all for an intranet site).

 

Sorry for the super long-ness in the post, just not sure where to look first to fix this problem :S.

 

Please let me know if any other information is needed.

 

Thanks!

 

Login:

<?php
include 'header.php';
?>
<form name="form1" method="post" action="checklogin.php">
<table id="formcss">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
<?php
include 'footer.php';
?>

 

check login

<?php
include 'header.php';
?>
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admins"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password<p>";

echo "</p><a href=http://nrsdiskstation/login.php>Go Back</a>";
}
?>
<?php
include 'footer.php';
?>

 

News

<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admin"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
$id=$_GET['id'];
"SELECT column_name1, column_name2 FROM table_name";

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);

$rows=mysql_fetch_array($result);
?>

<?php
include 'header.php';
?>
<form name="form1" method="post" action="news_ac.php">
<table id="formcss" width="100%" border="0" cellspacing="1" cellpadding="3" align="center">
<tr>
<td colspan="2" align="center"><strong>New News</strong></td>
</tr>
<tr>
<td width="71">Title</td>
<td width="301"><input name="title" type="text" id="title"></td>
</tr>
<tr>
<td>News Type</td>
<td>
<select name="picture" id="picture">
<option value="">None</option>
<option value="<img src=http://nrsdiskstation/Images/urgent.png align=right valign=top>">Attention</option>
<option value="<img src=http://nrsdiskstation/Images/about.png align=right valign=top>">About</option>
<option value="<img src=http://nrsdiskstation/Images/dots.png align=right valign=top>">Information</option>
</select>
</td>
</tr>
<tr>
<td>News</td>
<td>
<textarea rows="4" cols="33" name="news"></textarea>
</td>
</tr>
<input name="date" type="hidden" id="date" value="<?php echo date('g:i - d/m/Y'); ?>">
<input name="byuser" type="hidden" id="byuser" value="<? echo $rows['myusername']; ?>">
<tr>
<td colspan="2" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
include 'footer.php';
?>

 

News_Ac

<?php
include 'header.php';
?>
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="News"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$title=$_POST['title'];
$news=$_POST['news'];
$byuser=$_POST['byuser'];
$picture=$_POST['picture'];
$date=$_POST['date'];


// Insert data into mysql 
$data_no=$_GET['id'];
$sql="INSERT INTO $tbl_name(`title`, `news`, `byuser`, `picture`, `date`)VALUES('$title', '$news', '$byuser', '$picture', '$date')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result)
{
    echo "Successful<BR><a href='index.php'>Back to Index</a>";
}
else
{
    echo "ERROR 1<br>";
    echo "Query: {$sql}<br>\n";
    echo "Error: " . mysql_error();
}

?>
<?php
include 'footer.php';
?>

 

News display:

<?php
include 'header.php';
?>
<strong>Intranet System </strong> <a href="http://nrsdiskstation/news.php">(Post new news)</a><br>
<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="News"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

// Start looping rows in mysql database.
while($rows=mysql_fetch_array($result)){
?>
<table id="formcss" align="center">
<tr><Td>
<strong><? echo $rows['title']; ?></strong>
</td></tr>
<tr><td>
<? echo $rows['picture']; ?>
<? echo $rows['news']; ?>
</tr></td>
<tr><td align="right">
<h6><? echo $rows['byuser']; ?> @ <? echo $rows['date']; ?><br><a href="news_update.php?id=<? echo $rows['id']; ?>">edit</a> last edited on: <? echo $rows['editdate']; ?></h6>
</td></td>
</table>
<br><br><br>
<?
// close while loop 
}

// close connection 
mysql_close();
?>
<?php
include 'footer.php';
?>

Link to comment
https://forums.phpfreaks.com/topic/261614-posting-username-in-news-section-issues/
Share on other sites
Drummin Member

Drummin

Posted
Posted

Change check login so processing is done done before you send anything to browser i.e. include ("header.php");

<?php
session_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admins"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username']=$myusername;
header("location:login_success.php");
}
else {
$message="<p>Wrong Username or Password";

$message.="<br /><a href=http://nrsdiskstation/login.php>Go Back</a></p>";
}
include("header.php");
if (isset($message)){ echo $message;}
include("footer.php");
?>

 

You again add session_start(); to the top of any page you wish to use the session on.

<?php
session_start();
$username=$_SESSION['username'];
?>

... which you then could add to your hidden field for the user name.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.