vivification Posted June 6, 2013 Share Posted June 6, 2013 (edited) Hi there, I am new to PHP, and can create basic login forms, and INSERT into mysql forms etc all OK. However I am trying to understand how to create a form that shows the username of the person that entered the data. For example, I have a table called staff and a table called dispatch User: "Mary" logs in via the form login OK.(this is verified from the staff table) She then logs into the next section of the form, and enters some data in (which will be added to the dispatch table). When she adds the data in, I want to be able to show the Username of the person logged in that added this data. Would appreciate any help! Thanks Edited June 6, 2013 by vivification Quote Link to comment Share on other sites More sharing options...
requinix Posted June 6, 2013 Share Posted June 6, 2013 Store the user along with the data being entered. Remember to use a foreign key and not the actual username. Quote Link to comment Share on other sites More sharing options...
vivification Posted June 6, 2013 Author Share Posted June 6, 2013 Can you give me an example of how I can do that? I think I understand what you mean, but are you saying add a field on my form for the user to enter their username? Not sure I follow. Does the "staff" table still exist and used to verify the login? Quote Link to comment Share on other sites More sharing options...
davidannis Posted June 6, 2013 Share Posted June 6, 2013 (edited) At the top of the login script add a session_start(); Note: this needs to happen before you output anything, so just put it at the top of the script. Then after the user is verified do this: $_SESSION['username']=$variable_you_stored_username_in ; on the script that you use to record form data you'll do the session_start() at the top again and have something like this: $sanitized_field1=mysqli_real_escape_string($connection, $_POST[field1']; // sanitize all fields thsi way $sql="INSERT into `dispatch` ('field_name', 'some_other_name', 'username') VALUES ('$sanitized_field1', '$sanitized_field2', $_SESSION['username'])"; Edited June 6, 2013 by davidannis Quote Link to comment Share on other sites More sharing options...
vivification Posted June 6, 2013 Author Share Posted June 6, 2013 At the top of the login script add a session_start(); Hi Davidannis, Thanks for those details, below is the code I am using for my login.php I have just constructed this via some online demos & templates etc. So at the top of this, I am changing it to: <?php session_start(); Then... // Connects to your Database etc, etc. <?php // Connects to your Database mysql_connect("localhost", "root", "password") or die(mysql_error()); mysql_select_db("dispatch") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: functions.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: functions.php"); } } } else { // if they are not logged in ?> For the second part, that you mentioned, $_SESSION['username']=$variable_you_stored_username_in ; 1) Is this going on the same page as login.php 2) Can you just explain the ['username']=$variable_you_stored_username_in ; part? 3) When you say "after the user is verified" I assume you mean put this on the page that is entering the form data? Because once the user logs in via login.php they go to a "Menu" page which gives them the options to choose from (e.g. Dispatch, Reports etc) Quote Link to comment Share on other sites More sharing options...
requinix Posted June 6, 2013 Share Posted June 6, 2013 Allow me to interrupt and restate what I said before: don't store the username. The user information is already in your database so I can only assume there is a user ID too. The primary key of that user table. Store that. Quote Link to comment Share on other sites More sharing options...
vivification Posted June 6, 2013 Author Share Posted June 6, 2013 Hi requinix, Thanks, I get what you are saying, but I still dont follow how I 'dont' store the username. How does the username from the "staff" table (that is used for login.php), get captured and then saved on the "dispatch" table (dispatch.php) when the form is created & posted/submitted? If you could give me an example - as I am only new to PHP so trying to understand the way that it needs to be created/written. Quote Link to comment Share on other sites More sharing options...
boompa Posted June 6, 2013 Share Posted June 6, 2013 You add a column to the dispatch table, staff_id, of the same type as the staff id. When you save a record in the dispatch table, you add the id of the logged in staff member to the query. For example your tables would look like this staff id bigint not null auto_increment primary key, name varchar(255), ... rest of columns dispatch id bigint not null auto_increment primary key staff_id bigint not null, data varchar(255), ... rest of columns If these tables are using the InnoDB engine you can set up a foreign key on the staff_id column in dispatch. You should read some tutorials on relational databases to do this sort of thing properly. Quote Link to comment Share on other sites More sharing options...
davidannis Posted June 6, 2013 Share Posted June 6, 2013 I really don't like the way your login script stores the password in a cookie. That's not very secure. I guess it depends what you are trying to do but storing a password in plain text and passing it back from the browser with every page request is just sloppy. To address Requinix's concern you should create a staff_id column as she detailed in post #6 and substitute $_SESSION['staff_id'] for $_SESSION['username'] in the code I posted. Quote Link to comment Share on other sites More sharing options...
davidannis Posted June 6, 2013 Share Posted June 6, 2013 Alternatively, if you stick with this login system (which I would recommend against) this line, which you should a gives you the username. $username = $_COOKIE['ID_my_site']; and you should have it on all your pages already. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.