working with the logged in user
Making sure people actually log-in to use your site.
Once you’ve allowed people to register as users on your site, it makes sense to do something with their account. For a start, we’re going to amend the image upload page so that users will have to be logged in to contribute an image; and we’ll also change the ‘images’ table in the database so it has a column to store the username of whoever uploaded a particular image. We’ll do that first. Simply open MySQL Administrator, use the Catalogs to locate your database and then double-click on your ‘images’ table to bring up the table editor. Add a new column called ‘username’ as per the image below and then apply (and execute the SQL) to update your table.
Now open your ‘uploader.php’ page in Dreamweaver (this may be called something else f you decided to save it as something else earlier in this tutorial series) and at the very top of the code on this page, add the following:
<? session_start(); ?>
This will initialise any session variables that are currently running (i.e. it will recognise if you’ve used the login page or not).
Then, just above where your upload form starts, you can add:
<?
if (!isset($_SESSION['MM_Username'])) {
echo ("<p>You must log in before you can upload images.</p>");
} else {
?>
and don’t forget to close the else bracket after your form.
<? } ?>
This checks whether the username variable has been set; if it hasn’t, the user will see the ‘you must log in’ line. If it has, then the page will continue to load whatever falls between the ‘else’ brackets (in this case, that includes your form code).
Next, place a hidden field in the form and call it ‘username’. For the value, enter:
<? echo $_SESSION['MM_Username']; ?>
Now you have that extra field, you’ll need to alter the ‘insert record’ behavior for this page so that it picks up that new field. Locate it in the Applications panel in Dreamweaver and just double click on it to amend the behavior. You’ll need to make sure that everything matches up accordingly and then hit OK.
Make sure you reassign a value to the ‘imgfile’ column. Once you’ve done that, you will need to go into your code and alter it again (as we did when first constructing this upload form) so that the value for the ‘imgfile’ changes from:
GetSQLValueString($_POST['imgFile'], "text"),
to
GetSQLValueString($filePath, "text"),
If you now put the page onto your server and try to browse to it, you will see that nothing is displayed unless you have first used your login page to start up a session on your site.
Now upload an image or two before returning to Dreamweaver and opening your ‘display’ page.
Add the session start function to the very top of the page so we can use the session variables on this page.
<? session_start(); ?>
You can add the username information from your displaypic recordset to your page now if you wish.
You could also add the ‘if’ statement that we used on the upload form to this page so that users can only see the comment form when they’re logged in. More importantly however, if you change the initial value of the ‘username’ field in your comment form so that it uses the
<? echo $_SESSION['MM_Username']; ?>
then it will automatically fill in the username based on whoever is logged in.
You can put this very simple session variable checking to really good use throughout your site to personalise certain areas and even restrict access based on particular usernames for instance.