Search the Community
Showing results for tags 'inputbox'.
-
Php - Comment Section - How Display Username
Spencer posted a topic in Website Management and Coding
Hey there! Recently, I have made a comment section on my website. It worked great, but to show who posted a comment, a user would have to type in who they are in the "Comment By:" inputbox. I don't want this anymore, due to users being able to impersonate one another. I want to make it show actually who posted it. ( Yes. I have a working register and login ). Here is my news:chatroom_first_priority.php code ( Note: I have removed the Comment By: inputbox and all the rest of that stuff. This is my attempted code. If needed, tell me you want to see my original code. ) : <?php session_start(); if(!session_is_registered(myusername)){ header("location:/login/main_login.php"); } $myusername = $_SESSION['myusername']; ?> <html> <head> <title>Mbox:News</title> <script> </script> <style> /*3DS SCREEN START*/ div#topscreen { position: absolute; top: 0px; left: 0px; height: 1300px; width: 320px; background-color:#1E90FF; z-index:2; } div#bottomscreen { position: absolute; top: 218px; left: 0px; height: 212px; width: 320px; background-color:#1E90FF; } /*3DS SCREEN STOP*/ /* WELCOME USERNAME STYLE START */ div#welcome_username { text-decoration:none; color:#000000; font-weight: bold; background-color:aqua; text-align:center; } /* WELCOME USERNAME STYLE STOP */ a.logout { text-decoration:underline; color:#000000; font-weight:bold; background-color:#FFFFFF; position:absolute; top:0px; left:250px; } a.home { text-decoration:underline; color:#000000; font-weight:bold; background-color:#FFFFFF; position:absolute; top:0px; left:5px; } a:link { color:#000000; text-decoration:underline; } a:visited { color:#000000; text-decoration:underline; } a:hover { color:#FF0000; text-decoration:none; } p.article_by { background-color:lime; text-align:left; font-weight:bold; } </style> <meta name="viewport" content="width=320"> </head> <body> <!-- TOP SCREEN --> <div id="topscreen"> <?php //echo "Welcome, " . $myusername . "!"; ( OLD CODE ) echo "<div id=\"welcome_username\">Welcome, $myusername ! </div>"; ?> <!-- WELCOME USERNAME PHP SCRIPT STOP --> <!-- REST OF STUFF DOWN --> <a href="../login/logout.php" class="logout">Log out</a> <a href="../homepage.php" class="home">Home</a> <!-- MAKE THE LINE BELOW THE WELCOME --> <br/> <hr/> <a href="/news/news.php"><img src="http://www.pokernewsreport.com/wp-content/uploads/2011/04/news-icon.png" style="width:75px; height:75px; position:absolute; top:60px; left:120px;"></a> <br/> <br/> <br/> <p class="article_by">Spencer:</p> <!-- ARTICLE START --> <p style="background-color:white;">This is just a test section for now</strong> <br/> <strong>~ Spencer</strong></p> <!-- ARTICLE STOP --> <hr/> <form action="/news/post_comment.php" method="post"> <table> <tr><td> </td><td><input type="hidden" name="comment_on" size="" readonly="readonly" value="<?php print md5($_SERVER['PHP_SELF']); ?>"/></td></tr> <tr><td>Comment: </td><td><textarea name="comment" cols=24></textarea></td></tr> <tr><td></td><td><input type="submit" value="Submit" /></td></tr> </table> </form> <?php $db_sitename="spencer_register"; $db_hostname="localhost"; $db_username="spencer_mega"; $db_password="PASSWORD HERE"; $no_of_comments="10"; /* Leave the script below as it is */ mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_sitename); $pagename=md5($_SERVER['PHP_SELF']); $query=mysql_query("Select * from comments where comment_on='$pagename' ORDER BY id DESC LIMIT 0, $no_of_comments"); echo "<hr />"; echo "<h3>Latest Comments</h3>"; while($fetch=mysql_fetch_array($query)) { echo "<p>".$fetch['comment']."<br/><sub><b>Comment by: </b>".$myusername."</sub><hr /><p>"; } mysql_close(); ?> </div id="topscreen"> <!-- BOTTOM SCREEN --> <div id="bottomscreen"> </div id="bottomscreen"> </body> </html> Here is my post_comment.php: <?php $db_sitename="spencer_register"; $db_hostname="localhost"; $db_username="spencer_mega"; $db_password="PASSWORD HERE"; /* Leave the script below as it is */ mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_sitename); $comment_on=$_POST[comment_on]; $comment_by=$_POST['$myusername']; $comment=$_POST[comment]; $query=mysql_query("INSERT INTO comments (comment_by,comment_on,comment) VALUES ('$myusername','$comment_on','$comment')"); if($query) { $ref=$_SERVER['HTTP_REFERER']; header("location: $ref"); } else { echo "Error when posting the comment."; } mysql_close(); ?> I actually know what I am doing wrong, but don't know how to fix it. myusername whatever the person types into the username login inputbox before logging in, to make it at the top say, Welcome, Username! So now, it will say all of the comments are posted by YOU. Thanks for the help! I appriciate it! ~ Spencer