Jump to content

Posting "Username" in News section Issues

AEdwards

By AEdwards
in PHP Coding Help

 Share

Recommended Posts

AEdwards Newbie

AEdwards

Posted
Posted

Hello,

I've just made a News system for a website i've been working on using, It has all been going fine-and-dandy. Until...

 

My boss has asked me to add in a simple Login feature so people don't have to type there names in every form they fill-out when they use the website, My major problem is I can't get the news field to display the Login "Username" in the news, It's kind of a head-ache. (This is all for an intranet site).

 

Sorry for the super long-ness in the post, just not sure where to look first to fix this problem :S.

 

Please let me know if any other information is needed.

 

Thanks!

 

Login:

<?php
include 'header.php';
?>
<form name="form1" method="post" action="checklogin.php">
<table id="formcss">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
<?php
include 'footer.php';
?>

 

check login

<?php
include 'header.php';
?>
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admins"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password<p>";

echo "</p><a href=http://nrsdiskstation/login.php>Go Back</a>";
}
?>
<?php
include 'footer.php';
?>

 

News

<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admin"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
$id=$_GET['id'];
"SELECT column_name1, column_name2 FROM table_name";

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);

$rows=mysql_fetch_array($result);
?>

<?php
include 'header.php';
?>
<form name="form1" method="post" action="news_ac.php">
<table id="formcss" width="100%" border="0" cellspacing="1" cellpadding="3" align="center">
<tr>
<td colspan="2" align="center"><strong>New News</strong></td>
</tr>
<tr>
<td width="71">Title</td>
<td width="301"><input name="title" type="text" id="title"></td>
</tr>
<tr>
<td>News Type</td>
<td>
<select name="picture" id="picture">
<option value="">None</option>
<option value="<img src=http://nrsdiskstation/Images/urgent.png align=right valign=top>">Attention</option>
<option value="<img src=http://nrsdiskstation/Images/about.png align=right valign=top>">About</option>
<option value="<img src=http://nrsdiskstation/Images/dots.png align=right valign=top>">Information</option>
</select>
</td>
</tr>
<tr>
<td>News</td>
<td>
<textarea rows="4" cols="33" name="news"></textarea>
</td>
</tr>
<input name="date" type="hidden" id="date" value="<?php echo date('g:i - d/m/Y'); ?>">
<input name="byuser" type="hidden" id="byuser" value="<? echo $rows['myusername']; ?>">
<tr>
<td colspan="2" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
include 'footer.php';
?>

 

News_Ac

<?php
include 'header.php';
?>
<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="News"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$title=$_POST['title'];
$news=$_POST['news'];
$byuser=$_POST['byuser'];
$picture=$_POST['picture'];
$date=$_POST['date'];


// Insert data into mysql 
$data_no=$_GET['id'];
$sql="INSERT INTO $tbl_name(`title`, `news`, `byuser`, `picture`, `date`)VALUES('$title', '$news', '$byuser', '$picture', '$date')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result)
{
    echo "Successful<BR><a href='index.php'>Back to Index</a>";
}
else
{
    echo "ERROR 1<br>";
    echo "Query: {$sql}<br>\n";
    echo "Error: " . mysql_error();
}

?>
<?php
include 'footer.php';
?>

 

News display:

<?php
include 'header.php';
?>
<strong>Intranet System </strong> <a href="http://nrsdiskstation/news.php">(Post new news)</a><br>
<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="News"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

// Start looping rows in mysql database.
while($rows=mysql_fetch_array($result)){
?>
<table id="formcss" align="center">
<tr><Td>
<strong><? echo $rows['title']; ?></strong>
</td></tr>
<tr><td>
<? echo $rows['picture']; ?>
<? echo $rows['news']; ?>
</tr></td>
<tr><td align="right">
<h6><? echo $rows['byuser']; ?> @ <? echo $rows['date']; ?><br><a href="news_update.php?id=<? echo $rows['id']; ?>">edit</a> last edited on: <? echo $rows['editdate']; ?></h6>
</td></td>
</table>
<br><br><br>
<?
// close while loop 
}

// close connection 
mysql_close();
?>
<?php
include 'footer.php';
?>

Link to comment
Share on other sites
Drummin Member

Drummin

Posted
Posted

Change check login so processing is done done before you send anything to browser i.e. include ("header.php");

<?php
session_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="admins"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username']=$myusername;
header("location:login_success.php");
}
else {
$message="<p>Wrong Username or Password";

$message.="<br /><a href=http://nrsdiskstation/login.php>Go Back</a></p>";
}
include("header.php");
if (isset($message)){ echo $message;}
include("footer.php");
?>

 

You again add session_start(); to the top of any page you wish to use the session on.

<?php
session_start();
$username=$_SESSION['username'];
?>

... which you then could add to your hidden field for the user name.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.