login form to go to specified url

[rskuse]

Hi, I have a really simple login form that checks username and password in a database and if correct logs you in etc etc etc.


--------------------------------------------------------------------------------

<?php

$username = $_POST['username'];
$password = $_POST['password'];

//connect to the DB
include('db.php');

//set up the query
$query = &quot;SELECT * FROM users WHERE username='$username' AND password='$password'&quot;;

//run the query and get the number of affected rows
$result = mysql_query($query, $connection) or die('error making query');
$affected_rows = mysql_num_rows($result);

//if there's exactly one result, the user is validated. Otherwise, user's invalid
if($affected_rows == 1) {
echo 'validated';
}
else {
echo 'not valid';
}

?>

--------------------------------------------------------------------------------

but, in my database table, I have a fourth column ('web') which holds a specified url. I would like clients to be directed to their specific url once they have logged in - I'm sure there is a really simple answer to this question but using the code I have above can anyone tell me how to implement what i'm trying to do?

Should I be using header(&quot;location:&quot?

Thankyou in advance...

 

[likelylad]

The problem that you are going to have is that once someone knows the URL, they can bypass your password system.

You will probably need to use sessions.

I posted a similar question a while ago and got it working.
Hopefully it help you

Thread434-412274

 

[rskuse]

Thanks, I was going to tackle the 'sessions' bit later!!

For now, I'm just trying to work out how to direct each user to their own specified page:

ie: user 1 enters username: user1 and password: password1 and is then directed to page1.php

user 2 enters username: user2 and password: password2 and is then directed to page2.php

I'm struggling to try and accomplish this!!

 

[likelylad]

maybe direct all users to page1.php

From your database pull in the information you need to add for each user.

This will give each user a customised page

 

[frozenpeas]

What I would do is after the user's login information is verified and I have grabbed their url from the database, use something like:

header("Location: ".$url);

frozenpeas

 

[rskuse]

Thanks, that's what I have done and it is working fine. My code is now:

<?php

$username = $_POST['username'];
$password = $_POST['password'];

//connect to the DB
include('db.php');

//set up the query
$query = &quot;SELECT web FROM users WHERE username = '&quot; . $username . &quot;' AND password = '&quot; . $password . &quot;'&quot;;

//run the query and get the number of affected rows
$result = mysql_query($query, $connection) or die('error making query');

if(!$row = mysql_fetch_assoc($result)){

echo 'sorry the username and or password is not valid';

} else {

header('Location: ' . $row['web']);

}

?>

Now I just have to tackle session variables!!!!

 

[rskuse]

I'm having problems with getting sessions to work.

I have started a session and registered a variable using the following:

// Register some session variables!
session_start();
$_SESSION['username'] == $username;

and then I have added the following to the page I want to protect:

<?php
session_start();
if (!isset($_SESSION['username'])){
header( &quot;Location: ../login.html&quot; );
}
else {
header( &quot;Location: index.html&quot; );
}
?>

but I now can't get to my protected page - it just keeps bringing up login.html (no errors).

What am I doing wrong....??

 

[sleipnir214]

In the script that is redirecting the user, what is the content of $_SESSION['username']?

Use print_r($_SESSION) to examine the contents of $_SESSION.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[rskuse]

When I use print_r($_SESSION) I get the following displayed in my browser:

Array ( )
Warning: Cannot add header information - headers already sent by (output started at C:\Inetpub\

http://wwwroot\devweb\devweb\projects\validate.php:23)

in C:\Inetpub\

http://wwwroot\devweb\devweb\projects\validate.php

on line 26

line 26 includes this line:
header('Location: ' . $row['web']);

any ideas? thankyou in advance...

 

[sleipnir214]

What web server are you using?

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!