Do not insert FORM if User field is empty?

[tomm098]

Hey everyone. I have a form, but I want it so that only logged in users can enter information with it. This is the code for the user field.

 

              <input name="User" type="hidden" id="User" value="<?php echo $_SESSION['MM_Username']; ?>" />

 

How can i make it, so that if the user field is empty, ie. the user is not logged in, the form will not get inserted?

 

Thanks

[guyfromfl]

just do this:

 

if ($_SESSION['MM_Username']) {
  // echo what you want the registered member sees
}

[tomm098]

Where must I place that code? within the form?

[guyfromfl]

Im not sure exactly what you are trying to do.

 

Do you have a link to the page you're working on?

 

[tomm098]

Yer sure.

 

http://www.what-song.com/movie/titletest2.php?Title=Moon

 

Even when your not logged in, your vote still registers. I need it so when someone who is not logged in votes. It says, you are not logged in, and the vote does not get updated.

[guyfromfl]

ok try this

 

<td>
<?php

if ($_SESSION['MM_Username']) {
   echo '<form action="" method="post" name="form5" id="form5"><p class="style6"><select name="Vote" id="Vote">
                <option value="1">1 (Abysmal)</option>
                <option value="2">2</option>
                <option value="3">3 (Poor)</option>
                <option value="4">4</option>
                <option value="5" selected="selected">5 (Average)</option>
                <option value="6">6</option>
                <option value="7">7 (Good)</option>
                <option value="8">8</option>

                <option value="9">9 (Beautiful)</option>
                <option value="10">10 (Mesmorizing)</option>
              </select>
                <input name="MusicID" type="hidden" id="MusicID" value="6651" readonly="readonly" />
              <input name="User" type="hidden" id="User" value="" />
  <input type="submit" name="Submit" id="Submit" value="Vote" />
  <input type="hidden" name="MM_update" value="form5" />
              </p>       
          </form>';
} else {
  echo "<a href='loginscript.php'>You must login to vote</a>";
}

?>
</td>

[guyfromfl]

side note, you should also track the user with something more specific like the row id from the user database...

 

if that were the case, I could post things here in your name because I know your username, tomm098

[tomm098]

woah it worked. Thanks a lot. Your a genius

[merck_delmoro]

make a condition like

 

if(!isset($_COOKIE["username"]))

{

header("location:login.php");

}

 

[tomm098]

Track them with the row id aswell? But you can't login as me? so you shouldn't be able to edit stuff as me?

[guyfromfl]

if you are using $_SESSION you can inject your username... its not a secure way to do it.

 

merck is on to something.

 

and im not trying to keep you out of some secret loop, you're now just as educated as me in this 

[tomm098]

So what code must I write to track them with ID aswell?

sorry, i'm a little confused, I don't know a lot about sessions etc.

 

[guyfromfl]

not to sound like a hypocrite i use $_SESSION['user_id'] as my variable... (user_id is the primary key in my sql database)

 

i dont know alot about injections so I dont want to start rumors...

[tomm098]

Oh k, cool, well i'll leave it for now. Ill check on them later. Also, your code had this line,

 

                <input name="MusicID" type="hidden" id="MusicID" value="6651" readonly="readonly" />

 

But i need the value to be this:

 

<?php echo $row_MusicBody['ID']; ?>

 

But when I put it back in a get this error

 

http://www.what-song.com/movie/titletest2.php?Title=Hangover,%20The

 

Do you know what is happening?

[guyfromfl]

i copied your html source so im guessing you are calling php compiler twice.

 

try:

$outputStuff = "<everything before that input>";
$outputStuff .= "<input name='MusicID' type='hidden' id='MusicID' value='" . $row_MusicBody['ID'] . " readonly='readonly' />";
$outputStuff .= "<everthing after>";

echo $outputStuff;

 

also that input should be a class since there is more than one on the page

[guyfromfl]

ok what happened?? post the code i send you after you edited it.

[tomm098]

Ahhh, i cant figure this out. I dont understand. haha.

 

Should all that code be red? Doesn't that mean something is wrong?

 

Your first code worked? How do I get it to work but with this value instead of your '6651'?

 

<?php echo $row_MusicBody['ID']; ?>

[guyfromfl]

ok put my original code back so it says to login to vote

 

 

so we are both on the same page.

[tomm098]

Ok thanks. I put it up the code you gave me. There are just wrong values in the User field and ID field. They have to be this I think.

 

<?php echo $row_MusicBody['ID']; ?>

 

<?php echo $_SESSION['MM_Username']; ?>

 

[guyfromfl]

ok

 

so now

 

where it says this:

<input name="MusicID" type="hidden" id="MusicID" value="6651" readonly="readonly" />

 

is that generated by php?

[tomm098]

umm no i don't think so. it's not taken from any type of database. The value <?php echo $row_MusicBody['ID']; ?> is taken from a database tho.

[guyfromfl]

can you post the code that tells that input to be written?

[tomm098]

There is no code that causes that to be written. I wrote it myself.

[guyfromfl]

so you are hand writing every movie and every song that you are following???

 

what I'm getting at is you need to control the variables that are being put into that input statement. 

 

 

[guyfromfl]

im looking for a

 

while ($row=mysql_fetch_array($result)) {

echo "<td>Data</td>";

}