rich_traff Posted June 13, 2010 Share Posted June 13, 2010 Hi, this is a piece of code i have which is part of the first page a user see's after logging in. <h2>Welcome <?php echo $_SESSION['SESS_FIRST_NAME'];?></h2> <p>This is a password protected area.</p> <a href="user1.php">Access files</a> | <a href="logout.php">Logout</a> people can login as either; user1, user2, user3 etc - depending on which user logs in, i want the 'access files' link to go to a specific page - ie, if you log in as user1 - the access files link will point to user1.php, if you login as user2 it will point to user2.php etc... Can anyone tell me how i can use the 'SESS_FIRST_NAME' value to control where the 'access files' link points to? many thanks Richard Quote Link to comment Share on other sites More sharing options...
jd307 Posted June 13, 2010 Share Posted June 13, 2010 I assume that 'SESS_FIRST_NAME' contains the first name of a user? Do you have other details in a database that would be related to this? The reason I ask is because of the following: You can update a page name dynamically using your session name simply by doing something like: echo "<a href=\"" . $SESSION['SESS_FIRST_NAME'] . ".php\">Access files</a>"; If 'SESS_FIRST_NAME' contained 'Fred' (for example), you would see HTML code on your page that reads: <a href="Fred.php">Access files</a> So, of course if 'Jeff' logged in then SESS_FIRST_NAME would contain his name and would then change Fred.php to be Jeff.php. The problems occur here if you have a member Fred Bloggs sign up, then Fred Smith signs up to your website, both would have a first name of Fred... so each of them would both be linked to the exact same page. Some alternative methods you could explore would be adding a database entry for each member that lists their specific page name (so Fred may have fred001.php and the next Fred would then get fred002.php, etc.). Or assuming you store an ID number for each user you could output the user ID (as it should be unique) to ensure a unique page for every user. Finally, the most common method is just a static page but with dynamic content. This would mean that you open 'account.php' (for example) and you populate all of the data within this page from extracts from your database for the given user. Of course, I don't actually know what you are displaying in this section so maybe the unique pages are what you require... if so, the example is above. Hope this is useful. Quote Link to comment Share on other sites More sharing options...
rich_traff Posted June 14, 2010 Author Share Posted June 14, 2010 Hi jd307, thanks for your response. The 'SESS_FIRST_NAME' does relate to the first name of a user, but only because i hashed together a couple of other scripts id found (im fairly new to php). Theres no reason why it has to be the first name thats used to identify each page. At the moment the database entries made are 'first name' 'second name' 'username' & 'password' - however, the pages outputted do not need to relate to any new users and no new user will be signing up. What i am trying to do is create a backend file upload & download area for a client where he will have say 6 different directories that he can use for different clients at any one time. I've called them user1, user2 etc for now as im still building it, in reality they will likely be called 'file_vault1' 'file_vault2' or something similar. I can see how your example would work very well if all the files were kept in the same directory, however for this site, it is important that the php files to be loaded from each link be kept in its own directory. + as an added security measure i want to place each folder within another folder using a random name that wont be easily guessed. the file structure will be something like the following. client login login.php logout.php clientfiles aj3618fhs8 vault1 user1.php shc649tj16 vault2 user2.php gabd5386ld vault3 user3.php Its important that the files be structured in this way as the script i am using to upload/download files reads the files that are contained within the same folder it is in. ie - user1.php reads all the files that are uploaded to 'vault1'. Is it possible to adapt your example given to account for the directory structure? I realise an easy way to accomplish this would be to make 'SESS_FIRST_NAME' the whole file path. However the script i've used to create new database entries strips '/'s and im not confident enough with php to change this.... any thoughts would be greatly appreciated. Richard Quote Link to comment Share on other sites More sharing options...
jd307 Posted June 15, 2010 Share Posted June 15, 2010 Hi rich_traff, I can see what you are getting at. If it is only going to be static (e.g. 6 set users with no new users being added) then it would be fairly simple to do what you are proposing. What I would suggest, is within your randomly assigned folder structure is to make the URL point to the sub-directory 'vault' instead of 'vault1', 'vault2', etc. As you already have a random string for a folder name, adding the incrementing numbers to the vault folder doesn't really provide much extra security. With that in mind, it would be easier to then store the unique folder name into the database alongside the user details. This way you could do something like the following: // Assume the folder name has already been taken from the database and stored into a session as $SESSION['AUTH_DIR'] echo "<a href=\"" . $SESSION['AUTH_DIR'] . "\vault\" . $SESSION['SESS_FIRST_NAME'] . ".php\">Access files</a>"; For this to work you would have to extract the folder name (e.g. 'aj3618fhs8') from the database and in the example store it into a session. You can of course just keep it in a variable and replace $SESSION['AUTH_DIR'] with the variable name instead. As you can see, keeping 'vault' as a static entry instead of the incrementing numbers means that you do not need to worry about storing this value, you only need to store the FIRST_NAME and AUTH_DIR into the database and will update depending on which user is logged in. Quote Link to comment Share on other sites More sharing options...
rich_traff Posted June 16, 2010 Author Share Posted June 16, 2010 ok, I've tried what you said and renamed the folders accordingly. I've stored the random number folder name in the second name field of the database (as its already set up) and checked that this is outputted in a session as 'SESS_LAST_NAME' My code now looks like this; <h2>Welcome to <?php echo $_SESSION['SESS_FIRST_NAME'];?></h2> <p>This is a password protected area. </p> <?php echo "<a href=\"" . $SESSION['SESS_LAST_NAME'] . "\vault\" . $SESSION['SESS_FIRST_NAME'] . ".php\">Access files</a>";?> <a href="logout.php">Logout</a> which is using your example only changing ['AUTH_DIR'] to ['SESS_LAST_NAME'] when i load this page now though i get the following error Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home1/tweakmed/public_html/seeproductions/clientlogin/member-index.php on line 28 I've tripple checked the database through phpmyadmin that all folder names are correct and made sure the directory is correctly ordered but am unable to get around the error. Can you offer anymore advice? many thanks Quote Link to comment Share on other sites More sharing options...
TOA Posted June 16, 2010 Share Posted June 16, 2010 <?php echo "<a href=\"" . $SESSION['SESS_LAST_NAME'] . "\vault\" . $SESSION['SESS_FIRST_NAME'] . ".php\">Access files</a>";?> Looks like you're having issues with concatenation. You can't use a " inside a "" without escaping it first. I would rewrite it to look like this: <?php echo '<a href="'. $_SESSION['SESS_LAST_NAME'].'\vault\\'.$_SESSION['SESS_FIRST_NAME'].'.php\">Access files</a>'; Quote Link to comment Share on other sites More sharing options...
rich_traff Posted June 16, 2010 Author Share Posted June 16, 2010 Thanks DevilsAdvocate, that sorted the error problem but the link still didn't work, i had to slightly amend it to the following <?php echo '<a href="'. $_SESSION['SESS_LAST_NAME'].'/vault/'.$_SESSION['SESS_FIRST_NAME'].'.php">Access files</a>'; ?> Is now working great though, thanks jd307 for your help here also, fully appreciated! Quote Link to comment Share on other sites More sharing options...
TOA Posted June 16, 2010 Share Posted June 16, 2010 <?php echo '<a href="'. $_SESSION['SESS_LAST_NAME'].'/vault/'.$_SESSION['SESS_FIRST_NAME'].'.php">Access files</a>'; ?> Yeah, I was wondering what those "\"'s were doing in there, but you had them in there so I left them. Glad you got it working Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.