7 Replies - 1512 Views - Last Post: 02 April 2005 - 08:33 PM Rate Topic: -----

#1 iamcenz  Icon User is offline

  • You wish you were my hand!
  • member icon

Reputation: 7
  • View blog
  • Posts: 2,442
  • Joined: 26-March 01

sessions

Posted 02 April 2005 - 01:01 PM

ok, so im trying to make a blog script. cause well, i just want to lol. anyway, i have a login script that check username, password and lvl restriction. i have the session start and it logs me in and what not, i go to the page where i can write my post. i have these feilds: blog_id, blog_title, blog_text, blog_date, blog_author. i was able to get them all working but the date and author. there is the thing, i dont know how to pull the author out from a session. i tried looking at how DW used to pull the username and what not, so i did this in the hidden author feild.
<input name="blog_author" type="hidden" id="blog_author" value="$_SESSION['MM_Username'])">
but that just put $_SESSION['MM_Username'] in the database. not the authors username... i dont know if this makes much sence... here is the login script and then the blog script.

LOGIN:
<?php require_once('Connections/conn.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['user_name'])) {
  $loginUsername=$_POST['user_name'];
  $password=$_POST['user_pass'];
  $MM_fldUserAuthorization = "user_priv";
  $MM_redirectLoginSuccess = "index.php";
  $MM_redirectLoginFailed = "login.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_conn, $conn);
 	 
  $LoginRS__query=sprintf("SELECT user_name, user_pass, user_priv FROM bbn_users WHERE user_name='%s' AND user_pass='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'user_priv');
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;       

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
Username:
<input name="user_name" type="text" id="user_name">
  <br>
  Pass: 
  <input name="user_pass" type="password" id="user_pass">
  <br>
  <input type="submit" name="Submit" value="Submit">
</form>
</body>
</html>


BLOG:
<?php require_once('../Connections/conn.php'); ?>
<?php
session_start();
$MM_authorizedUsers = "4";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "../login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO bbn_blog (blog_id, blog_title, blog_text, blog_date, blog_author) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['blog_id'], "int"),
                       GetSQLValueString($_POST['blog_title'], "text"),
                       GetSQLValueString($_POST['blog_text'], "text"),
                       GetSQLValueString($_POST['blog_date'], "date"),
                       GetSQLValueString($_POST['blog_author'], "text"));

  mysql_select_db($database_conn, $conn);
  $Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());

  $insertGoTo = "../index.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<input name="blog_id" type="hidden" id="blog_id">
<br>
Title:
<input name="blog_title" type="text" id="blog_title">
   <br>
   Entry:<br>
   <textarea name="blog_text" cols="60" rows="10" id="blog_text"></textarea>
   <br>
   <input name="blog_date" type="hidden" id="blog_date" value="now()">
   <input name="blog_author" type="hidden" id="blog_author" value="$_SESSION['MM_Username'])">
   <br>
   <input type="submit" name="Submit" value="Submit">
   <input type="reset" name="Reset" value="Reset">
   <input type="hidden" name="MM_insert" value="form1">
</form>
</body>
</html>



Is This A Good Question/Topic? 0
  • +

Replies To: sessions

#2 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: sessions

Posted 02 April 2005 - 02:34 PM

Try
<input name="blog_author" type="hidden" id="blog_author" value="<?=$_SESSION['MM_Username'])?>">


Without the php tags, it's merely html.
Was This Post Helpful? 0
  • +
  • -

#3 iamcenz  Icon User is offline

  • You wish you were my hand!
  • member icon

Reputation: 7
  • View blog
  • Posts: 2,442
  • Joined: 26-March 01

Re: sessions

Posted 02 April 2005 - 03:53 PM

you mean like this?
<input name="blog_author" type="hidden" id="blog_author" value="$_SESSION['MM_Username'])">

This post has been edited by iamcenz: 02 April 2005 - 03:54 PM

Was This Post Helpful? 0
  • +
  • -

#4 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1866
  • View blog
  • Posts: 20,278
  • Joined: 17-March 01

Re: sessions

Posted 02 April 2005 - 04:00 PM

I'm pretty sure he meant exactly what he typed... you need to put <?= ?> tags around the $_SESSION['MM_Username'])
Was This Post Helpful? 0
  • +
  • -

#5 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: sessions

Posted 02 April 2005 - 04:00 PM

No, try with php echoing the value inside the value tag, like this (note the tags inside the quotes):

<input name="blog_author" type="hidden" id="blog_author" value="<?=$_SESSION['MM_Username']?>">


Was This Post Helpful? 0
  • +
  • -

#6 iamcenz  Icon User is offline

  • You wish you were my hand!
  • member icon

Reputation: 7
  • View blog
  • Posts: 2,442
  • Joined: 26-March 01

Re: sessions

Posted 02 April 2005 - 06:50 PM

yeah i didnt notice that sorry... ok. ill try that now...
Was This Post Helpful? 0
  • +
  • -

#7 iamcenz  Icon User is offline

  • You wish you were my hand!
  • member icon

Reputation: 7
  • View blog
  • Posts: 2,442
  • Joined: 26-March 01

Re: sessions

Posted 02 April 2005 - 07:29 PM

ok that part works thank you... sorta dumb question i guess but <?= ?> is another for of echo?
Was This Post Helpful? 0
  • +
  • -

#8 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: sessions

Posted 02 April 2005 - 08:33 PM

Well the <? and ?> are just the opening and closing of php script tags, and the = sign serves as shorthand for the echo command in those situations..It wasn't always available, but has been for the last couple of releases of php...not sure what version they started supporting it in...
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1