Author Topic: loggedin_user_name  (Read 6650 times)

0 Members and 1 Guest are viewing this topic.

Offline uksoreeyes

  • Full Member
  • ***
  • Posts: 117
    • View Profile
    • http://www.myleeneklass.com
loggedin_user_name
« on: March 24, 2003, 03:13:42 AM »
Hi I am currently intergrating 4images with a shoutbox I coded. The shoutbox uses php and mysql.

As a way to stop just anyone posting in my shoutbox I made it so users had to register with 4images before they could post anything. In other words I have made use of the {if user_loggedin} etc so is the user is not logged in they get a message telling them to login. If they are logged in they are presented with the form in which they can freely post messages.

I have this working great, they do not have to put in their name as what ever name they are logged in as, appears above their messages which makes it easy to track and ban troublemakers.

The bit I am haveing trouble with is inserting the logged_in_username into my mysql database. at the moment I have a hidden form field:

Code: [Select]
<input type='hidden' name='name' class="news" size='20' value='{loggedin_user_name}'>

This works fine and inserts the username correctly. But I find it a bit of a security risk as someone could easily 'view source' edit and change the name inside the 'value' bit. what I would like to do is get rid of that hidden field and have the username taken from the 4images database.

Here is my shoutbox code:



Code: [Select]
<?php
if &#40;$shout&#41;&#123; 
if &#40;$name == !"" && $message == !""&#41;&#123;
$ip $REMOTE_ADDR;
$info $HTTP_USER_AGENT;
$add_date=time &#40;void&#41;;
$name stripslashes&#40;$name&#41;;
$name htmlspecialchars&#40;$name&#41;;
$message stripslashes&#40;$message&#41;;
$message htmlspecialchars&#40;$message&#41;;
mysql_connect&#40;"username etc"&#41;; 
mysql_select_db&#40;"shout"&#41;; 
$result=MYSQL_QUERY&#40;"INSERT INTO shouts &#40;id,name,message,timestamp,ip,browser,block&#41;".
"VALUES &#40;'NULL', '$name', '$message', '$add_date', '$ip', '$info', '$block'&#41;"&#41;;  
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>"
&
#125;
else &#123;
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>"
&
#125;
&#125;
?>


as you see the $name bit relates to that hidden form field I showed you earliar. Is there any way I can replace that $name bit with the actual logged in username data taken straight from mysql? my shoutbox resides on the same mysql tabe as 4images does so there is no need to connect twice.

Please help me here as I am very stuck and this will finish my site off nicely. I am not very good at explaining things so if theres something you don't understand, just ask me and I'll tell you.

Thanks in advance

Carl

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
loggedin_user_name
« Reply #1 on: March 24, 2003, 04:13:18 AM »
just add this code on top of your shoutbox code:
Code: [Select]
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');

after that, u'll have user's name in $user_info['user_name']; variable.
or, the hard way is just read it from 4images mysql table...
since u went so far in coding, I belive u can figure out how to read user info from 4images_users table ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline uksoreeyes

  • Full Member
  • ***
  • Posts: 117
    • View Profile
    • http://www.myleeneklass.com
loggedin_user_name
« Reply #2 on: March 24, 2003, 06:08:01 AM »
Hi, Thanks for the quick reply.

Will that code still work even though I have applied the phpbb intergration?

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
loggedin_user_name
« Reply #3 on: March 24, 2003, 06:10:51 AM »
Quote from: uksoreeyes
Hi, Thanks for the quick reply.

Will that code still work even though I have applied the phpbb intergration?

yes, it should. this code u can find in ALL "main" 4images .php files ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline uksoreeyes

  • Full Member
  • ***
  • Posts: 117
    • View Profile
    • http://www.myleeneklass.com
loggedin_user_name
« Reply #4 on: March 24, 2003, 06:41:41 AM »
Oh god its just one problem after another lol

Part of me wishes he hadnt taken on this project yet the other is some what excited.

These are the changes I made to my script:

Code: [Select]
<?php

if &#40;$shout&#41;&#123; 

include&#40;'4images/global.php'&#41;; 
require&#40;'4images/includes/sessions.php'&#41;;

if &#40;$message == !""&#41;&#123;
$ip $REMOTE_ADDR;
$info $HTTP_USER_AGENT;
$add_date=time &#40;void&#41;;
$message stripslashes&#40;$message&#41;;
$message htmlspecialchars&#40;$message&#41;;
$user_name $user_info['user_name'&#93;; 
$result=MYSQL_QUERY&#40;"INSERT INTO shoutbox &#40;id,name,message,timestamp,ip,browser,block&#41;".
"VALUES &#40;'NULL', '$user_name', '$message', '$add_date', '$ip', '$info', '$block'&#41;"&#41;;  
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>"
&
#125;
else &#123;
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>"
&
#125;
&#125;
?>


Now I am getting an error saying
Quote
Security violation


Can you explain what I am doing wrong?

Regards Carl

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
loggedin_user_name
« Reply #5 on: March 24, 2003, 06:54:54 AM »
u forgot add atleast one line:
Code: [Select]
define('ROOT_PATH', './');
I know that u changed to real path for next two includes, but this define is important.
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline uksoreeyes

  • Full Member
  • ***
  • Posts: 117
    • View Profile
    • http://www.myleeneklass.com
loggedin_user_name
« Reply #6 on: March 24, 2003, 07:09:53 AM »
success, lol I feel so dumb, I had that
Code: [Select]
define('ROOT_PATH', './');
bit in before but always got internal server error, so I took it out and got  that security violation, when I put it back like you said I got another internal server error. So what I done is looked at my lightbox.php and seen that code above and then realised that I had my shout.php in the wrong folder, so I moved it into the 4images main directory and it worked.

Now that script is finally done and secure I can get on and finish the rest of my site and then add all my images  :D

If anyone would like to see how my site is getting along you can do so here: http://www.myleeneklass.com/4images/index.php

Thanks alot v@no you have been a massive help

Carl