Jump to content

Inserting Data showing captured login/username

vivification

By vivification
in PHP Coding Help

 Share

Recommended Posts

vivification Newbie

vivification

Posted
Posted (edited)

Hi there,

 

I am new to PHP, and can create basic login forms, and INSERT into mysql forms etc all OK.

However I am trying to understand how to create a form that shows the username of the person that entered the data.

 

For example, I have a table called staff and a table called dispatch

 

User:  "Mary" logs in via the form login OK.
(this is verified from the staff table)

 

She then logs into the next section of the form, and enters some data in (which will be added to the dispatch table).

When she adds the data in, I want to be able to show the Username of the person logged in that added this data.

 

Would appreciate any help!

 

Thanks

Edited by vivification
vivification Newbie

vivification

Posted
  • Author
Posted

Can you give me an example of how I can do that? I think I understand what you mean, but are you saying add a field on my form for the user to enter their username? 

Not sure I follow.

 

Does the "staff" table still exist and used to verify the login? 

davidannis Regular Member

davidannis

Posted
Posted (edited)

At the top of the login script add a

session_start();

Note: this needs to happen before you output anything, so just put it at the top of the script.

Then after the user is verified do this:

$_SESSION['username']=$variable_you_stored_username_in ;

on the script that you use to record form data you'll do the session_start() at the top again and have something like this:

$sanitized_field1=mysqli_real_escape_string($connection, $_POST[field1']; // sanitize all fields thsi way
$sql="INSERT into `dispatch` ('field_name', 'some_other_name', 'username') VALUES ('$sanitized_field1', '$sanitized_field2', $_SESSION['username'])";
Edited by davidannis
vivification Newbie

vivification

Posted
  • Author
Posted

 

At the top of the login script add a

session_start();

 

Hi Davidannis, 

Thanks for those details, below is the code I am using for my login.php

I have just constructed this via some online demos & templates etc.

 

So at the top of this, I am changing it to:

 

<?php 

session_start();

 

Then...

// Connects to your Database 

etc, etc.

<?php 

 // Connects to your Database 

 mysql_connect("localhost", "root", "password") or die(mysql_error()); 
 mysql_select_db("dispatch") or die(mysql_error()); 


 //Checks if there is a login cookie

 if(isset($_COOKIE['ID_my_site']))

 //if there is, it logs you in and directes you to the members page

 { 
 	$username = $_COOKIE['ID_my_site']; 
 	$pass = $_COOKIE['Key_my_site'];

 	 	$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
 	while($info = mysql_fetch_array( $check )) 	
 		{
 		if ($pass != $info['password']) 
 			{
 			 			}
 		else
 			{
 			header("Location: functions.php");
 			}
 		}
 }

 //if the login form is submitted 

 if (isset($_POST['submit'])) { // if form has been submitted

 // makes sure they filled it in

 	if(!$_POST['username'] | !$_POST['pass']) {
 		die('You did not fill in a required field.');
 	}
 	// checks it against the database
 	if (!get_magic_quotes_gpc()) {
 		$_POST['email'] = addslashes($_POST['email']);
 	}

 	$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist

 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 				}

 while($info = mysql_fetch_array( $check )) 	
 {
 $_POST['pass'] = stripslashes($_POST['pass']);
 	$info['password'] = stripslashes($info['password']);
 	$_POST['pass'] = md5($_POST['pass']);

 //gives error if the password is wrong

 	if ($_POST['pass'] != $info['password']) {

 		die('Incorrect password, please try again.');
 	}
else 

 { 
 
 // if login is ok then we add a cookie 
 	 $_POST['username'] = stripslashes($_POST['username']); 
 	 $hour = time() + 3600; 
 setcookie(ID_my_site, $_POST['username'], $hour); 
 setcookie(Key_my_site, $_POST['pass'], $hour);	 

 //then redirect them to the members area 

 header("Location: functions.php"); 

 } 
 } 
 } 

 else 

{	 

 // if they are not logged in 

 ?>

For the second part, that you mentioned,

 

$_SESSION['username']=$variable_you_stored_username_in ;

 

1) Is this going on the same page as login.php

2) Can you just explain the ['username']=$variable_you_stored_username_in part?

3) When you say "after the user is verified" I assume you mean put this on the page that is entering the form data? 

 

Because once the user logs in via login.php they go to a "Menu" page which gives them the options to choose from (e.g. Dispatch, Reports etc)

requinix Prolific Member

requinix

Posted
Posted

Allow me to interrupt and restate what I said before: don't store the username. The user information is already in your database so I can only assume there is a user ID too. The primary key of that user table. Store that.

vivification Newbie

vivification

Posted
  • Author
Posted

Hi requinix, 

 

Thanks, I get what you are saying, but I still dont follow how I 'dont' store the username.

How does the username from the "staff" table (that is used for login.php), get captured and then saved on the "dispatch" table (dispatch.php) when the form is created & posted/submitted?

 

If you could give me an example - as I am only new to PHP so trying to understand the way that it needs to be created/written.

 

 

 

boompa Newbie

boompa

Posted
Posted

You add a column to the dispatch table, staff_id, of the same type as the staff id. When you save a record in the dispatch table, you add the id of the logged in staff member to the query. For example your tables would look like this

 

staff

id bigint not null auto_increment primary key,
name varchar(255),
... rest of columns

dispatch

id bigint not null auto_increment primary key
staff_id bigint not null,
data varchar(255),
... rest of columns

If these tables are using the InnoDB engine you can set up a foreign key on the staff_id column in dispatch.

 

You should read some tutorials on relational databases to do this sort of thing properly.

davidannis Regular Member

davidannis

Posted
Posted

I really don't like the way your login script stores the password in a cookie. That's not very secure. I guess it depends what you are trying to do but storing a password in plain text and passing it back from the browser with every page request is just sloppy.

 

To address Requinix's concern you should create a staff_id column as she detailed in post #6 and substitute $_SESSION['staff_id'] for $_SESSION['username'] in the code I posted.

davidannis Regular Member

davidannis

Posted
Posted

Alternatively, if you stick with this login system (which I would recommend against) this line, which you should a gives you the username.

 	$username = $_COOKIE['ID_my_site'];

and you should have it on all your pages already.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.