Page 1 of 1

Inserting logged in username to table

Posted: Fri Jan 09, 2009 3:54 pm
by sanfordss
I'm building my first webpage with PHP and have finally ran into an issue I can't find a solution for. When submitting a form from a user, I want to also submit the currently logged in userid into the record. A session is created when the user logs in Can someone shed some light on this? Here is the code.

<?php

// Receiving variables
@$pfw_ip= $_SERVER['REMOTE_ADDR'];
@$Vmake = addslashes($_POST['Vmake']);
@$vmodel = addslashes($_POST['vmodel']);
@$vin = addslashes($_POST['vin']);
@$mileage = addslashes($_POST['mileage']);
@$probdescrip = addslashes($_POST['probdescrip']);

// Validation
if (strlen($Vmake) <2)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid make</font></p>");
}
if (strlen($Vmake) >20)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid make</font></p>");
}

if (strlen($Vmake) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid make</font></p>");
}

if (strlen($vmodel) <2)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid model</font></p>");
}
if (strlen($vmodel) >20)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid model</font></p>");
}

if (strlen($vmodel) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid model</font></p>");
}

if (strlen($vin) !=17)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid vin</font></p>");
}

if (strlen($vin) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid vin</font></p>");
}

if (strlen($mileage) <1)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid mileage</font></p>");
}
if (strlen($mileage) >10)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid mileage</font></p>");
}

if (strlen($mileage) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid mileage</font></p>");
}

if (strlen($probdescrip) <5)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid problem description. Muct be a

minimum of 5 characters</font></p>");
}
if (strlen($probdescrip) >255)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid problem description. Muct be a

minimum of 5 characters</font></p>");
}

if (strlen($probdescrip) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid problem description. Muct be a

minimum of 5 characters</font></p>");
}

//Sending auto respond Email to visitor
$pfw_header = "From: sanfordss@hotmail.com\n"
. "Reply-To: \n";
$pfw_subject = "Hi";
$pfw_email_to = "";
$pfw_message = "Thanks";
@mail($pfw_email_to, $pfw_subject ,$pfw_message ,$pfw_header ) ;

//saving record to MySQL database


@$pfw_strQuery = "INSERT INTO `rrequest`(`vmake`,`vmodel`,`vin`,`mileage`,`probdescrip`)VALUES

(\"$Vmake\",\"$vmodel\",\"$vin\",\"$mileage\",\"$probdescrip\")" ;
@$pfw_host = "localhost";
@$pfw_user = "root";
@$pfw_pw = "";
@$pfw_db = "members";
$pfw_link = mysql_connect($pfw_host, $pfw_user, $pfw_pw);
if (!$pfw_link) {
die('Could not connect: ' . mysql_error());
}
$pfw_db_selected = mysql_select_db($pfw_db, $pfw_link);
if (!$pfw_db_selected) {
die ('Can not use $pfw_db : ' . mysql_error());
}

//insert new record
$pfw_result = mysql_query($pfw_strQuery);
if (!$pfw_result) {
die('Invalid query: ' . mysql_error());
}
mysql_close($pfw_link);

echo("<p align='center'><font face='Arial' size='3' color='#000000'>Your request has been submitted. Please check the

Request History page for status of your request.</font></p>");
?>

Re: Inserting logged in username to table

Posted: Fri Jan 09, 2009 5:08 pm
by logik
where's the login script or the code that checks his login information is correct and such...? need to see that so I can tell what you are working with, if you are starting the sessions properly and such and to see the user's information etc...

Re: Inserting logged in username to table

Posted: Fri Jan 09, 2009 5:31 pm
by sanfordss
I think this is what you're looking for. Thanks for looking at it.

-----Login/reg page-----

<?php

session_start();
switch (@$_POST['Button'])
{
case "Login":
include("dbstuff.inc");
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Query died: connect");
$sql = "SELECT user_name FROM Customers
WHERE user_name='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Query died: fuser_name");
$num = mysqli_num_rows($result);
if($num > 0)
{
$sql = "SELECT user_name FROM Customers
WHERE user_name='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Query died: fpassword");
$num2 = mysqli_num_rows($result2);
if($num2 > 0) //password matches
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = $_POST['fusername'];
header("Location: SecretPage.php");
}
else // password does not match
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.";
$fusername = strip_tags(trim($_POST[fusername]));
include("form_login_reg.inc");
}
} // end if $num > 0
elseif($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.";
include("form_login_reg.inc");
}
break;

case "Register":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
$blanks[] = $field;
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
} // end foreach POST
if(isset($blanks))
{
$message_2 = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($good_data);
include("form_login_reg.inc");
exit();
} // end if blanks found
/* validate data */
foreach($_POST as $field => $value)
{
if(!empty($value))
{
if(preg_match("/name/i",$field) and
!preg_match("/user/i",$field) and
!preg_match("/log/i",$field))
{
if (!preg_match("/^[A-Za-z' -]{1,50}$/",$value))
{
$errors[] = "$value is not a valid name. ";
}
}
if(preg_match("/street/i",$field) or
preg_match("/addr/i",$field) or
preg_match("/city/i",$field))
{
if(!preg_match("/^[A-Za-z0-9.,' -]{1,50}$/",
$value))
{
$errors[] = "$value is not a valid address

or city. ";
}
}
if(preg_match("/state/i",$field))
{
if(!preg_match("/^[A-Z][A-Z]$/",$value))
{
$errors[] = "$value is not a valid state
code. ";
}
}
if(preg_match("/email/i",$field))
{
if(!preg_match("/^.+@.+\\..+$/",$value))
{
$errors[] = "$value is not a valid email
address. ";
}
}
if(preg_match("/zip/i",$field))
{
if(!preg_match("/^[0-9]{5,5}(\-[0-9]{4,4})?$/",
$value))
{
$errors[] = "$value is not a valid zipcode. ";
}
}
if(preg_match("/phone/i",$field) or
preg_match("/fax/i",$field))
{
if(!preg_match("/^[0-9)(xX -]{7,20}$/",$value))
{
$errors[] = "$value is not a valid phone
number. ";
}
}
} // end if not empty
} // end foreach POST
foreach($_POST as $field => $value)
{
$$field = strip_tags(trim($value));
}
if(@is_array($errors))
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again<br />";
}
include("form_login_reg.inc");
exit();
} // end if errors are found

/* check to see if user name already exists */
include("dbstuff.inc");
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't connect to server");
$sql = "SELECT user_name FROM Customers
WHERE user_name='$user_name'";
$result = mysqli_query($cxn,$sql)
or die("Query died: user_name.");
$num = mysqli_num_rows($result);
if($num > 0)
{
$message_2 = "$user_name already used. Select another
User Name.";
include("form_login_reg.inc");
exit();
} // end if user name already exists
else
{
$today = date("Y-m-d");
$sql = "INSERT INTO Customers (user_name,create_date,
password,first_name,last_name,street,city,
state,zip,phone,email) VALUES
('$user_name','$today',md5('$password'),
'$first_name', '$last_name','$street','$city',
'$state','$zip','$phone','$email')";
mysqli_query($cxn,$sql);
$_SESSION['auth']="yes";
$_SESSION['logname'] = $user_name;
/* send email to new Customer */
$emess = "You have successfully registered. ";
$emess .= "Your new user name and password are: ";
$emess .= "\n\n\t$user_name\n\t";
$emess .= "$password\n\n";
$emess .= "We appreciate your interest. \n\n";
$emess .= "If you have any questions or problems,";
$emess .= " email service@ourstore.com";
$subj = "Your new customer registration";
#$mailsend=mail("$email","$subj","$emess");
header("Location: SecretPage.php");
} // end else no errors found
break;

default:
include("form_login_reg.inc");
} // end switch
?>