Log in Page - Custom Redirect

[Sarao]

I am creating some website, wher eI need a log in page for my users. What I need is, that a sepcific username, say XYZ gets redirect to a specified page, like XYZ.htm or .php BUT these pages are not directly accessible. Means if someone dirrectly goes to the page, he is redirected to log in page or gets an error of unauthentication.

 

Can someone help? I dont ZERO PHP I mean no PHP thats why I am asking heere.

[revraz]

This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you.

[Sarao]

I had done a registeration page in the past, I can connect to the DB, all I need is how to redirect a user to a page, specified in Mysql DB and making it not accessible directly.

[revraz]

Use a session when they log in, check that vs the security you want on the page.

You can redirect them to their username or a name you choose and just add .php to the end of it.  You can store a completely different page name in the DB if you like along with their user data.

[Sarao]

And can all that be done by a novice? Any example or code I can use?

[Ken2k7]

Here's a snippet:

<?php
session_start();
if (isset($_SESSION['auth_name'])) header($_SESSION['auth_name'] . '.htm');
?>

 

Does the help? If you've done a registration page before, this shouldn't be anything too new to you.

[revraz]

google/search for sessions and php tutorial for sessions

Look at the tutorial on the main site here for the Database Tutorial

 

I can't tell you want a novice can or can't do, since that is a relative term, but it's not difficult at all.

[Sarao]

where to place that code? The REG PAGE I did was help from en expert and I dont understand what all that mean. So you can take it as he was the  person who did all that and not me.

[revraz]

Again...

 

This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you.

[Ken2k7]

Sarao,

The overall code is very basic. Do you know any PHP whatsoever or at least know about sessions? If not, then revraz is correct. It won't be easy if you don't know PHP.

 

Sorry.  =[

[Sarao]

I just managed to get the log in page. Now what I need is to insert some redirect code, so they gets redirected to a pre-defined url

 

<?

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2). 
* On success it returns 0.
*/
function confirmUser($username, $password){
   global $conn;
   /* Add slashes if necessary (for query) */
   if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
   }

   /* Verify that user is in database */
   $q = "select password from users where username = '$username'";
   $result = mysql_query($q,$conn);
   if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
   }

   /* Retrieve password from result, strip slashes */
   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

   /* Validate that password is correct */
   if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
   }
   else{
      return 2; //Indicates password failure
   }
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's 
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}

/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
   global $logged_in;
   if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
   }
   else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?
   }
}


/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
   }
   /* Spruce up username, check length */
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   if($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   else if($result == 2){
      die('Incorrect password, please try again.');
   }

   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";
   return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

[Sarao]

Please help..

[Ken2k7]

Find:

echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";

 

Change to:

echo "<meta http-equiv=\"Refresh\" content=\"0;url=./" . $_SESSION['username'] . "\">";

 

That's the redirect, but any user can still visit those pages. You need to implement a security system so other users won't be able to view other pages. It's probably best to do that in .htaccess.

[Sarao]

I have got that, heres the code I will use on the pages I want to protect.

 

<? 
/* Include Files *********************/
session_start(); 
include("database.php");
include("login.php");
/*************************************/
?>

<html>
<title>title</title>
<body>

content
</body>
</html>

Where you have stated 'username' how would that redirect to a page pre-defined?

[Sarao]

Ken sir, please help

[nadeemshafi9]

put the id's or names into an array mapped against a url and then check against the array for teh username and redirect accordingly ;

[Sarao]

OK now the thing is, I got everything working. Login, redirection a nd logout. BUT now how to make the page inaccessible without login?

 

I mean is there any way to set it so that only logged in users can see the content and others get redirected to login page?

[nadeemshafi9]

OK now the thing is, I got everything working. Login, redirection a nd logout. BUT now how to make the page inaccessible without login?

 

I mean is there any way to set it so that only logged in users can see the content and others get redirected to login page?

 

when you login set a session variable to logged in and on every page check to see if it exists and if its true and when you log out set it to false

[Sarao]

n how to do that?

[nadeemshafi9]

session_start(); right at the top of any page u wish to use sessions on absolutly nothing can be outputed before thsi function so at teh top of teh page afte rteh first php tag with no spaces either.

 

now on that page u can do

 

//when u authenticate

$_SESSION['isloggedin'] = 1

 

 

 

on otherpages start the session

 

then you can do a if $_SESSION['isloggedin'] == 1 do nothing else header('location: login.php')

[nadeemshafi9]

all u need to know is a few of the global arrays that contain information about teh client and server and post get variables

 

and then you can use the functions from php.net to do what you like

 

you need to learn arrays

 

single dimensional , multidimentional and associative

[Sarao]

I got confused. On which page should I use

 

session_start(); and where

 

$_SESSION['isloggedin'] = 1
$_SESSION['isloggedin'] == 1 do nothing
else header('location: login.php')

[Ken2k7]

This is very doable, but if you don't know PHP, you would need to learn it first, or hire/have someone do it for you.

Sarao, nadeemshafi9 just explained the logic behind it. It's not code to copy and paste. Well some of it is, but not the way you have it there.

 

Quoting revraz, it's probably best for you to either spend a little time reading up basic PHP or get someone to write this for you. I know this post is counter-productive, but truth be told is that it's hard to explain something to you and have you fully understand it when you don't know the language. =(