Hi I am currently intergrating 4images with a shoutbox I coded. The shoutbox uses php and mysql.
As a way to stop just anyone posting in my shoutbox I made it so users had to register with 4images before they could post anything. In other words I have made use of the {if user_loggedin} etc so is the user is not logged in they get a message telling them to login. If they are logged in they are presented with the form in which they can freely post messages.
I have this working great, they do not have to put in their name as what ever name they are logged in as, appears above their messages which makes it easy to track and ban troublemakers.
The bit I am haveing trouble with is inserting the logged_in_username into my mysql database. at the moment I have a hidden form field:
<input type='hidden' name='name' class="news" size='20' value='{loggedin_user_name}'>
This works fine and inserts the username correctly. But I find it a bit of a security risk as someone could easily 'view source' edit and change the name inside the 'value' bit. what I would like to do is get rid of that hidden field and have the username taken from the 4images database.
Here is my shoutbox code:
<?php
if ($shout){
if ($name == !"" && $message == !""){
$ip = $REMOTE_ADDR;
$info = $HTTP_USER_AGENT;
$add_date=time (void);
$name = stripslashes($name);
$name = htmlspecialchars($name);
$message = stripslashes($message);
$message = htmlspecialchars($message);
mysql_connect("username etc");
mysql_select_db("shout");
$result=MYSQL_QUERY("INSERT INTO shouts (id,name,message,timestamp,ip,browser,block)".
"VALUES ('NULL', '$name', '$message', '$add_date', '$ip', '$info', '$block')");
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>";
}
else {
echo "<META http-equiv='refresh' content='0;URL=/4images/index.php?template=shout'>";
}
}
?>
as you see the $name bit relates to that hidden form field I showed you earliar. Is there any way I can replace that $name bit with the actual logged in username data taken straight from mysql? my shoutbox resides on the same mysql tabe as 4images does so there is no need to connect twice.
Please help me here as I am very stuck and this will finish my site off nicely. I am not very good at explaining things so if theres something you don't understand, just ask me and I'll tell you.
Thanks in advance
Carl