x10 Sophmore
I'm trying to use a script that has usernames, passwords, and ID numbers so when you login, it takes you to your index?[ID number]. I know how to make the id specific page itself (say /123.php) into /index?123 but I don't know how to send just that user there.
x10 Elder
I'm not sure you can name individual files simply, but a good shortcut would be the add a variable to the URL.
For instance, you could specify a redirect to a "home.php" page with a variable.
"home.php?id=123"
This means you only have to create one page and can alter that page, depending on the ID number in the URL.
In the "home.php" file, you could assign the ID number like this.
<?php
$id=$_GET['id'];
?>
Then the page can change depending on what $id equals.
This is how a lot of php sites are created, even though there is actually only one file.
e.g.
index.php is the file
index.php?p=login... refreshes but includes the login page code.
index.php?p=forum.. refreshes and includes the forum page code.
As an example..
<?php
$id=$_GET['id'];
if($id=="login"){
include("includes/login.php");
}elseif($id=="forum"){
include("includes/forum.php");
}
?>
The actual redirection script from your login would be something like
<?php
header("Location: whateverfile.php?id=".$memberid);
?>
__________
Alternatively, if you assign your id to a session, you can call that value at any time, rather than passing it in the URL.
i.e. $_SESSION['id']
Hope this helps a bit.
Last edited by freecrm; 05-04-2009 at 06:02 PM.
Community Advocate
Very secure method:
Brandon is a glorious beacon of lightPHP Code:<?php
if (isset($_GET[p]) && file_exists($_GET[p].".php"))
{
$allowedpages = array("idx", "band");
if (in_array($_GET[p],$allowedpages))
{
include($_GET[p].".php");
}
else
{
die("Hacking attempt");
}
}
else
{
include("idx.php");
}
?>
Re: Help
I am sure some quickly written script like this is more secure than chris z's too
PHP Code:
<?php
if (isset($_GET[p]) && file_exists($_GET[p].".php"))
{
$allowedpages = array("idx", "band");
if (in_array($_GET[p],$allowedpages))
{
include($_GET[p].".php");
}
else
{
die("Hacking attempt");
}
}
else
{
include("idx.php");
}
?>
All you have to do is add the page name to the array, and it'll work, if it's not in the array then it won't.
█ Neil Hanlon | x10Hosting Support Representative
█ Neil[at]x10hosting.com
█ I'm always happy to help. Just ask a question in Free Hosting
█ Terms of Service IRC
x10 Sophmore
I figured it out. I had to add the user id from the MySQL table to the session cookie so it could be read with $_SESSION['user_id] outside of the database connection ($user_id). Here's the login page:PHP Code:<?php
session_start();
?>
<?php
if (isset($_SESSION['user'])) {
header("Location: view.php?id=$user_id"); }
?>
<?php
include 'dbc.php';
$user_name = mysql_real_escape_string($_POST['name']);
if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name FROM users WHERE
user_name = '$user_name' AND
user_pwd = '$md5pass' AND user_activated='1'";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
session_start();
list($user_id,$user_name) = mysql_fetch_row($result);
// this sets variables in the session
$_SESSION['user']= $user_name AND $_SESSION['user_id']= $id;
if (isset($_GET['ret']) && !empty($_GET['ret']))
{
header("Location: $_GET[ret]");
} else
{
header("Location: view.php?id=$user_id");
}
//echo "Logged in...";
exit();
}
header("Location: login.php?msg=ERROR: Incorrect username and password.");
//echo "Error:";
exit();
}
?>
Community Public Relation
You hade missed some points, and some variables wheren't initialized. Here is an updated script:PHP Code:<?php
session_start();
if (isset($_SESSION['user'])) {
header("Location: view.php?id=" . $_SESSION['user_id']);
exit();
}
include 'dbc.php';
$user_name = mysql_real_escape_string($_POST['name']);
if (strtolower($_POST['Submit']) == 'login') {
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name FROM users WHERE
user_name = '$user_name' AND
user_pwd = '$md5pass' AND user_activated='1'";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num != 0 ) {
list($user_id,$user_name) = mysql_fetch_row($result);
// this sets variables in the session
$_SESSION['user']= $user_name
$_SESSION['user_id']= $id;
if (isset($_GET['ret']) && !empty($_GET['ret'])) {
header("Location: $_GET[ret]");
} else {
header("Location: view.php?id=$user_id");
}
exit();
}
header("Location: login.php?msg=ERROR: Incorrect username and password.");
exit();
}
?>
█ Xavier L | Community Public Relations Manager (Free Hosting Support)
█ Yes, my position is too cool to even exist!
█ How am I helping? Rate this post by clicking theicon below! (this is even better than "liking" a post)
█ Terms of Service | Acceptable Use Policy | x10Hosting Wiki
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
