A few questions

PHP
1

Hi,

I have a few issues, my first is how would I go about adding in here so that if you’re not logged in when you enter your name it would automatically add guest_ to it and when you’re logged in it sets your username as it and you cannot change it.

I use the following to get usernames when logged in and below that is my form to submit a comment:

Just let me know what else is needed and I can provide.


<?php

if($session->logged_in){
   echo "$session->username";
}
else{

echo "Guest";

}
?>



<form name=\\"submitcomment\\" method=\\"post\\" action=\\"submitcomment.php\\" onSubmit=\\" return form_Validator(this)\\">
<table width=\\"100%\\">
		<tr>
				<th colspan=\\"2\\"><h3 class=\\"formtitle\\">Leave a comment:</h3></th>
		</tr>
		<tr>

				<th scope=\\"row\\"><p class=\\"req\\">Name:</p></th>
				<td><input class=\\"form\\" tabindex=\\"1\\" id=\\"name\\" name=\\"name\\" /></td>
		</tr>
		<tr valign=\\"top\\">
				<th scope=\\"row\\"><p class=\\"req\\">Comment:</p><br /></th>
				<td><textarea class=\\"formtext\\" tabindex=\\"4\\" id=\\"message\\" name=\\"message\\" rows=\\"10\\" cols=\\"50\\"></textarea></td>
		</tr>

		<tr>	
				<td>&nbsp;</td>
				<td><input type=\\"submit\\" name=\\"post\\" class=\\"submit\\" value=\\"Submit Comment\\" /><br />
				<p>Note: Any inappropriate content will be deleted. </p>


</td>
		</tr>
</table>
<input type=\\"hidden\\" name=\\"comurl\\" value=\\"$comurl\\" />
<input type=\\"hidden\\" name=\\"comid2\\" value=\\"$comid2\\" />
</form>

My second thing is I am unsure about how to go about having a date be set upon registration of users. The main reason I wanted this if it seemed easiest in my mind that I could have "Our newest member is: query for username by date, etc but if there is a better way to go about that and the registration date isn’t needed just tell me. I thought I had the date going but every time it would just add the default to the database so i removed all of that for now but I can easily re add it.

Thank you very much in advance for any help that is provided.

2

In your form, you’ll have to add some php code that checks if the user is logged in. Only show the name input field if he isn’t.
The part that adds ‘guest_’ to the name if the user isn’t logged in will have to be added to the code that elaborates the form data.

Second question: the date solution seems the best to me. It is always nice to know how long someone has been a member. You might need that info sooner or later.

3

Can you post the code that validates the form data and inserts the comment in the database?

4

Yeah, okay I get that. I am unsure where I add the guest_ still though. The other part seems working.
If the date solution is best how do I go about it? I am unsure how to get the date working with registering.

5

Okay, I will post that up as soon as I am on my desktop again.

6

Think this is everything

database part:


<?php


// connect to database
$dbh = mysql_connect ($db_hostname, $db_username, $db_pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($db_name);


$comurl = $_POST["comurl"];
$comid2 = $_POST["comid2"];
$email = $_POST["email"];
$message = $_POST["message"];

$sendcomment = mysql_query("INSERT INTO comments SET commentid='$comid2', name='$name', comment='$message', date=now()");
?>

Handles submissions:


function submitComments($comid2,$comurl){
//check fields are filled in
?>
<script language="javascript">

function form_Validator(form)
{

  if (form.name.value == "")
  {
    alert("Please enter your name.");
    form.name.focus();
	return (false);
     }

  if (form.message.value == "")
  {
    alert("Please enter your message.");
    form.message.focus();
    return (false);
  }
  
  return (true);
  }
  //-->
  </script>

After that it’s just the original form I posted.
Let me know if anything else is needed, thanks a lot.

7

No I think that’s enough.
First of all, you’ll have to add the validation to the php script as well. Client side validation (JS) is very nice, but gives no security because it can be bypassed. All validation must always be done server side as well.

And before using user input in a query, you must sanitize it (strings are sanitized using mysql_real_escape_string). Or you might look into using PDO.

Now, your original question: how to put guest_ before a guest’s name:


$comurl = $_POST["comurl"];
$comid2 = $_POST["comid2"];
$email = $_POST["email"];
$message = $_POST["message"];

// if logged in, get user name, else use the name entered in form and add guest_
if ($session->logged_in) {
  $name = $session->username;
} else {
  $name = 'guest_' . $_POST["name"];
} 

$query = "
  INSERT INTO comments 
  SET 
      commentid = '" . mysql_real_escape_string($comid2) . "'
    , name = '" . mysql_real_escape_string($name) . "'
    , comment = '" . mysql_real_escape_string($message) . "'
    , date = now()
";
$sendcomment = mysql_query($query);
8

That part works great, thank you. Just having one issue in that area now and that’s when I try use the session to get username within the form it doesn’t work. It just automatically uses the else but anywhere else in that file I can copy + paste the code and it works fine. Is there something that may stop it from working?

9

Did you do session_start() on top of the code that creates the form page?

10

I have a session.php that handles all that stuff for all pages, so it’s included. And as I said showing the username with it works on other parts of the page with the exact same code, just not in that area.

11

Can anyone else provide any help with the date situation? Highly appreciated.

12

I will learn how to do that and give it a try.

13

Do a var_dump of $session->logged_in at the point that’s giving your problems, and see what it returns.