Sarao Posted April 29, 2009 Share Posted April 29, 2009 I am creating some website, wher eI need a log in page for my users. What I need is, that a sepcific username, say XYZ gets redirect to a specified page, like XYZ.htm or .php BUT these pages are not directly accessible. Means if someone dirrectly goes to the page, he is redirected to log in page or gets an error of unauthentication. Can someone help? I dont ZERO PHP I mean no PHP thats why I am asking heere. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 29, 2009 Share Posted April 29, 2009 This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you. Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 29, 2009 Author Share Posted April 29, 2009 I had done a registeration page in the past, I can connect to the DB, all I need is how to redirect a user to a page, specified in Mysql DB and making it not accessible directly. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 29, 2009 Share Posted April 29, 2009 Use a session when they log in, check that vs the security you want on the page. You can redirect them to their username or a name you choose and just add .php to the end of it. You can store a completely different page name in the DB if you like along with their user data. Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 29, 2009 Author Share Posted April 29, 2009 And can all that be done by a novice? Any example or code I can use? Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 29, 2009 Share Posted April 29, 2009 Here's a snippet: <?php session_start(); if (isset($_SESSION['auth_name'])) header($_SESSION['auth_name'] . '.htm'); ?> Does the help? If you've done a registration page before, this shouldn't be anything too new to you. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 29, 2009 Share Posted April 29, 2009 google/search for sessions and php tutorial for sessions Look at the tutorial on the main site here for the Database Tutorial I can't tell you want a novice can or can't do, since that is a relative term, but it's not difficult at all. Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 29, 2009 Author Share Posted April 29, 2009 where to place that code? The REG PAGE I did was help from en expert and I dont understand what all that mean. So you can take it as he was the person who did all that and not me. Quote Link to comment Share on other sites More sharing options...
revraz Posted April 29, 2009 Share Posted April 29, 2009 Again... This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 29, 2009 Share Posted April 29, 2009 Sarao, The overall code is very basic. Do you know any PHP whatsoever or at least know about sessions? If not, then revraz is correct. It won't be easy if you don't know PHP. Sorry. =[ Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 30, 2009 Author Share Posted April 30, 2009 I just managed to get the log in page. Now what I need is to insert some redirect code, so they gets redirected to a pre-defined url <? /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $logged_in; if($logged_in){ echo "<h1>Logged In!</h1>"; echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; } else{ ?> <h1>Login</h1> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> <font size="2">Remember me next time</td></tr> <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> </table> </form> <? } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /* Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check error codes */ if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /* Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } /* Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; return; } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?> Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 30, 2009 Author Share Posted April 30, 2009 Please help.. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 30, 2009 Share Posted April 30, 2009 Find: echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; Change to: echo "<meta http-equiv=\"Refresh\" content=\"0;url=./" . $_SESSION['username'] . "\">"; That's the redirect, but any user can still visit those pages. You need to implement a security system so other users won't be able to view other pages. It's probably best to do that in .htaccess. Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 30, 2009 Author Share Posted April 30, 2009 I have got that, heres the code I will use on the pages I want to protect. <? /* Include Files *********************/ session_start(); include("database.php"); include("login.php"); /*************************************/ ?> <html> <title>title</title> <body> content </body> </html> Where you have stated 'username' how would that redirect to a page pre-defined? Quote Link to comment Share on other sites More sharing options...
Sarao Posted April 30, 2009 Author Share Posted April 30, 2009 Ken sir, please help Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted April 30, 2009 Share Posted April 30, 2009 put the id's or names into an array mapped against a url and then check against the array for teh username and redirect accordingly ; Quote Link to comment Share on other sites More sharing options...
Sarao Posted May 1, 2009 Author Share Posted May 1, 2009 OK now the thing is, I got everything working. Login, redirection a nd logout. BUT now how to make the page inaccessible without login? I mean is there any way to set it so that only logged in users can see the content and others get redirected to login page? Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 1, 2009 Share Posted May 1, 2009 OK now the thing is, I got everything working. Login, redirection a nd logout. BUT now how to make the page inaccessible without login? I mean is there any way to set it so that only logged in users can see the content and others get redirected to login page? when you login set a session variable to logged in and on every page check to see if it exists and if its true and when you log out set it to false Quote Link to comment Share on other sites More sharing options...
Sarao Posted May 1, 2009 Author Share Posted May 1, 2009 n how to do that? Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 1, 2009 Share Posted May 1, 2009 session_start(); right at the top of any page u wish to use sessions on absolutly nothing can be outputed before thsi function so at teh top of teh page afte rteh first php tag with no spaces either. now on that page u can do //when u authenticate $_SESSION['isloggedin'] = 1 on otherpages start the session then you can do a if $_SESSION['isloggedin'] == 1 do nothing else header('location: login.php') Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted May 1, 2009 Share Posted May 1, 2009 all u need to know is a few of the global arrays that contain information about teh client and server and post get variables and then you can use the functions from php.net to do what you like you need to learn arrays single dimensional , multidimentional and associative Quote Link to comment Share on other sites More sharing options...
Sarao Posted May 1, 2009 Author Share Posted May 1, 2009 I got confused. On which page should I use session_start(); and where $_SESSION['isloggedin'] = 1 $_SESSION['isloggedin'] == 1 do nothing else header('location: login.php') Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 1, 2009 Share Posted May 1, 2009 This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you. Sarao, nadeemshafi9 just explained the logic behind it. It's not code to copy and paste. Well some of it is, but not the way you have it there. Quoting revraz, it's probably best for you to either spend a little time reading up basic PHP or get someone to write this for you. I know this post is counter-productive, but truth be told is that it's hard to explain something to you and have you fully understand it when you don't know the language. =( Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.