Hi all i have a basic php website where the user logs in and etc.

Now i have a small form where when the user logs in they put in an article title and the article itself.

Now this works fine, but i also want the users first name and surname along with another variable to go into the database.. as the article was submited by etc etc without the user having to fill the form in with their name whilst their logged in.. do you see what i mean?

I have the following in place already.

The form page where the session is working fine and is as follows:

<?
session_start();
if(!session_is_registered(myusername)){
header("location:wronglogin.php");
}
?>

Below is the processing script where the form goes through:

<?php
// Make a MySQL Connection
include "../config.php";

$submission_date = date("D M j Y G:i:s");

// Insert a row of information into the table "example"
mysql_query("INSERT INTO article
(firstname, surname, username, title, article, submission_date) VALUES('$firstname', '$surname', '$username', '$title', '$article', '$submission_date')")
or die(mysql_error());

echo "Data Inserted!";

?>

Thats all.

Now another thing, i sort of cheated so take a look below what i did with the form..


<form action="articleinsert.php" method="post">
title: <input type="text" name="title" />
article: <input type="text" name="article" />

**** THIS WORKS **** <input type="hidden" name="username" value="<?php echo "$myusername"; ?>" />
**** THIS DOSENT **** <input type="hidden" name="firstname" value="<?php echo "$firstname"; ?>" />

<input type="submit" name="register" value="submit" />
</form>

I tried this.. and it works with only the username being submmited into the database as you can see the username variable here is $myusername which is the same as the page session hence it works im guessing.. i then tried many things to get the username in automatically but i failed.

I need to put in the session variables i believe..?

Any help will be much much appreciated really, and thankyou.

Put up a phpinfo(); page.
I would advise against it but register_globals would help.
If not, just assign like:


<?PHP
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$title = $_POST['title'];
$article = $_POST['article'];
?>


Really sloppy, non-error-checked code, but it works.
Because from what I see you're trying to use a register_globals feature.

try it this way it should work if the firstname is a session variable and register globals is off

<input type="hidden" name="firstname" value="<?php echo $_SESSION["firstname"]; ?>" />

Hi neither of them work..

here is my entire code if it helps:

The PHP HTML form:


<?
session_start();
if(!session_is_registered(myusername)){
header("location:wronglogin.php");
}
?>
<?php

//This file is text.php

mysql_connect("**************", "******", "******"); //Connect to the mysql server with your host (most likely localhost), username, and password
mysql_select_db(****"); //Select your database by name

$sql = "SELECT * FROM cms_members WHERE username = '$myusername'";
$query = mysql_query($sql) or die(mysql_error()); //Make the actual query

if( mysql_num_rows($query) == 1 ) //Check to see if we found 1 row with that page name
{
$r=mysql_fetch_assoc($query); //Set a mysql fetching variable for the query
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">

<head>
<title>Forest Gate Online - Submit Local News</title>
<link rel="stylesheet" type="text/css" href="../stylesheet.css"/>
<META NAME="Keywords" CONTENT="Community Forum, CMS Website, Community Page, Community Portal">
<META NAME="Description" CONTENT="A Community oriented website, come and find out more information about whats happening in your local area!">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<div id="main">

<div id="banner">
Forest Gate Online<br />
<img src="../logo.gif" border=0 alt="" />
</div>


<div id="loggedinbox">
<fieldset><legend><b><font size="2" color="#0066FF" face="verdana">Welcome</font> <font size="2" color="#208A00" face="verdana"><? echo $r["firstname"]; echo "&nbsp;"; echo $r["surname"]; ?></font></b></legend>

You have successfully logged in as <center><b><? echo $r["username"]; ?> - <a href="logout.php">Log Out</a></b></center>
</fieldset>
</div>

<div id="timebar">Today's Date is <?php echo date("l, F d, Y G:i T" ,time()); ?></div>


<div id="maintitle">Main Title</div>
<div id="maincontent">
<form action="articleinsert.php" method="post">
title: <input type="text" name="title" />
article: <input type="text" name="article" />

<input type="hidden" name="username" value="<?php echo "$myusername"; ?>" />
<input type="hidden" name="firstname" value="<?php echo"$firstname"; ?>" />

<input type="submit" name="register" value="submit" />
</form>
<br />
<br />

</div>
</div>
</body>

</html>



Here is the article processor


<?php
// Make a MySQL Connection
include "../config.php";

$submission_date = date("D M j Y G:i:s");

// Insert a row of information into the table "example"
mysql_query("INSERT INTO article
(firstname, surname, username, title, article, submission_date) VALUES('$firstname', '$surname', '$username', '$title', '$article', '$submission_date')")
or die(mysql_error());

echo "Data Inserted!";
?>



Register globals is enabled on the server. Any help would be much appreciated, thanks.

P.S: Excuse the sloppy code it is a project im doing so it security isnt an issue for me, just need to get things working wont really be going on the www.

Cheers.

Also here is where the "$myusername" is defined..

this is the login checker.. so when people log in this checks it then they gain entry.. thanks:


<?php
include "config.php";

$tbl_name="cms_members"; // Table name

// Connect to server and select databse.
mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "securepage.php"
session_register("myusername");
session_register("mypassword");
header("location:securepage.php");
}
else {
?>

if this is the login checker i strongly suggest you google gor sql injection :rolleyes:

**[ RESOLVED ]**

I would like to thank everybody who has helped me here, much appreciated.

The solution was.. all i needed is $firstname=$r["firstname"] under the database connection string and walla it worked and entered firstname into the database.

Cheers

if this is the login checker i strongly suggest you google gor sql injection :rolleyes:

Thankyou, i am aware of that, security is not my first priority here. This is just a university project i am doing, it will be internal and not released onto the www.

But thankyou very much i think i will need to implement security at some stage soon.