Spencer Posted January 29, 2013 Posted January 29, 2013 Hey there! Recently, I have made a comment section on my website. It worked great, but to show who posted a comment, a user would have to type in who they are in the "Comment By:" inputbox. I don't want this anymore, due to users being able to impersonate one another. I want to make it show actually who posted it. ( Yes. I have a working register and login ). Here is my news:chatroom_first_priority.php code ( Note: I have removed the Comment By: inputbox and all the rest of that stuff. This is my attempted code. If needed, tell me you want to see my original code. ) : <?php session_start(); if(!session_is_registered(myusername)){ header("location:/login/main_login.php"); } $myusername = $_SESSION['myusername']; ?> <html> <head> <title>Mbox:News</title> <script> </script> <style> /*3DS SCREEN START*/ div#topscreen { position: absolute; top: 0px; left: 0px; height: 1300px; width: 320px; background-color:#1E90FF; z-index:2; } div#bottomscreen { position: absolute; top: 218px; left: 0px; height: 212px; width: 320px; background-color:#1E90FF; } /*3DS SCREEN STOP*/ /* WELCOME USERNAME STYLE START */ div#welcome_username { text-decoration:none; color:#000000; font-weight: bold; background-color:aqua; text-align:center; } /* WELCOME USERNAME STYLE STOP */ a.logout { text-decoration:underline; color:#000000; font-weight:bold; background-color:#FFFFFF; position:absolute; top:0px; left:250px; } a.home { text-decoration:underline; color:#000000; font-weight:bold; background-color:#FFFFFF; position:absolute; top:0px; left:5px; } a:link { color:#000000; text-decoration:underline; } a:visited { color:#000000; text-decoration:underline; } a:hover { color:#FF0000; text-decoration:none; } p.article_by { background-color:lime; text-align:left; font-weight:bold; } </style> <meta name="viewport" content="width=320"> </head> <body> <!-- TOP SCREEN --> <div id="topscreen"> <?php //echo "Welcome, " . $myusername . "!"; ( OLD CODE ) echo "<div id=\"welcome_username\">Welcome, $myusername ! </div>"; ?> <!-- WELCOME USERNAME PHP SCRIPT STOP --> <!-- REST OF STUFF DOWN --> <a href="../login/logout.php" class="logout">Log out</a> <a href="../homepage.php" class="home">Home</a> <!-- MAKE THE LINE BELOW THE WELCOME --> <br/> <hr/> <a href="/news/news.php"><img src="http://www.pokernewsreport.com/wp-content/uploads/2011/04/news-icon.png" style="width:75px; height:75px; position:absolute; top:60px; left:120px;"></a> <br/> <br/> <br/> <p class="article_by">Spencer:</p> <!-- ARTICLE START --> <p style="background-color:white;">This is just a test section for now</strong> <br/> <strong>~ Spencer</strong></p> <!-- ARTICLE STOP --> <hr/> <form action="/news/post_comment.php" method="post"> <table> <tr><td> </td><td><input type="hidden" name="comment_on" size="" readonly="readonly" value="<?php print md5($_SERVER['PHP_SELF']); ?>"/></td></tr> <tr><td>Comment: </td><td><textarea name="comment" cols=24></textarea></td></tr> <tr><td></td><td><input type="submit" value="Submit" /></td></tr> </table> </form> <?php $db_sitename="spencer_register"; $db_hostname="localhost"; $db_username="spencer_mega"; $db_password="PASSWORD HERE"; $no_of_comments="10"; /* Leave the script below as it is */ mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_sitename); $pagename=md5($_SERVER['PHP_SELF']); $query=mysql_query("Select * from comments where comment_on='$pagename' ORDER BY id DESC LIMIT 0, $no_of_comments"); echo "<hr />"; echo "<h3>Latest Comments</h3>"; while($fetch=mysql_fetch_array($query)) { echo "<p>".$fetch['comment']."<br/><sub><b>Comment by: </b>".$myusername."</sub><hr /><p>"; } mysql_close(); ?> </div id="topscreen"> <!-- BOTTOM SCREEN --> <div id="bottomscreen"> </div id="bottomscreen"> </body> </html> Here is my post_comment.php: <?php $db_sitename="spencer_register"; $db_hostname="localhost"; $db_username="spencer_mega"; $db_password="PASSWORD HERE"; /* Leave the script below as it is */ mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_sitename); $comment_on=$_POST[comment_on]; $comment_by=$_POST['$myusername']; $comment=$_POST[comment]; $query=mysql_query("INSERT INTO comments (comment_by,comment_on,comment) VALUES ('$myusername','$comment_on','$comment')"); if($query) { $ref=$_SERVER['HTTP_REFERER']; header("location: $ref"); } else { echo "Error when posting the comment."; } mysql_close(); ?> I actually know what I am doing wrong, but don't know how to fix it. myusername whatever the person types into the username login inputbox before logging in, to make it at the top say, Welcome, Username! So now, it will say all of the comments are posted by YOU. Thanks for the help! I appriciate it! ~ Spencer
Shinryuu Posted January 29, 2013 Posted January 29, 2013 echo "<p>".$fetch['comment']."<br/><sub><b>Comment by: </b>".$myusername."</sub><hr /><p>"; You have a comment db object defined as comments (comment_by,comment_on,comment) so change ^ to: echo "<p>".$fetch['comment']."</br><sub><b>Comment by: </b>".$fetch['comment_by']."</sub></hr></p>";
Spencer Posted January 29, 2013 Author Posted January 29, 2013 Doesn't work still. It will now say: Comment By: _________ . Yeah... Nobody. Do I have to go get the user name in the table with the registered users somehow?
Shinryuu Posted January 29, 2013 Posted January 29, 2013 Check to see if your database is actually saving the information you pass it.
Spencer Posted January 29, 2013 Author Posted January 29, 2013 The comment table and user table are both working and saving the information. You see, I think it is not working cause: $myusername is whatever the user put into the input box when logging in. So, $myusername is different on each users screen. Example when I am logged in: Welcome, Spencer! Example when my friend is logged in: Welcome, DrakeJ! So I do realize I probably should not use $myusername ( If I can still, please tell me. ) So what would I even do to make it work? o.O
Shinryuu Posted January 29, 2013 Posted January 29, 2013 My earlier code snippet should work, since you're throwing the current user's name to the database when they add a comment the database has a record of who when and what. Use the values in the database when displaying the comments, not the logged in user variable.
Spencer Posted January 29, 2013 Author Posted January 29, 2013 Okay... I guess... It still does not work... I changed the values into the database ones too. I changed it from: VALUES ('$myusername','$comment_on','$comment')"); into: VALUES ('$comment_by','$comment_on','$comment')"); Still nothing. When you said to me: "Check to see if your database is actually saving the information you pass it."It is. I think. It saves the comment Id, comment, and comment_on. But it does not save the user who posted it. ( It used to when I made an inputbox for who is posting the comment. ) Another thing is this part in my post_comment.php: $comment_by=$_POST['$myusername']; Is this right?
Shinryuu Posted January 30, 2013 Posted January 30, 2013 Another thing is this part in my post_comment.php: $comment_by=$_POST['$myusername']; Is this right? No, for starters the superglobal arrays store data in key=&amp;--#62;value pairs, so ['$var'] is not a valid key index. Second the username is being stored in the $_SESSION superglobal, not $_POST, what you could do is add a hidden input like: <input type="hidden" name="comment_by" value="<?php echo $myusername;?>"/> then access it as $_POST['comment_by']; 1
Spencer Posted January 30, 2013 Author Posted January 30, 2013 Thanks for the help Shinryuu! It works. Can't thank you enough. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now