Jump to content

php login form help needed please.


vixtay

Recommended Posts

Hi I am new to php and I have a login form for users that works ok with a mysql database table for users.

The problem I have is that it only takes all loggedin users to the same page and I want to take logged in users to their own page.

I should have no more than 5 users at anyone time and for example I will call them simply user1, user2, user3, user4 and user 5.

I want user1 to go to user1.php, user2 to go to user2.php and so on.

The login.php code is as follows, can someone please tell me in laymans terms how to change it to accommodate this:

<?php 
include 'dbc.php';

$err = array();

foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";
    
}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
		AND `banned` = '0'
		") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 

list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";

//header("Location: login.php?msg=$msg");
 //exit();
 }

	//check against salt
if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
if(empty($err)){			

     // this sets session and logs user in  
       session_start();
   session_regenerate_id (true); //prevent against session fixation attacks.

   // this sets variables in the session 
	$_SESSION['user_id']= $id;  
	$_SESSION['user_name'] = $full_name;
	$_SESSION['user_level'] = $user_level;
	$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

	//update the timestamp and key for cookie
	$stamp = time();
	$ckey = GenKey();
	mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

	//set a cookie 

   if(isset($_POST['remember'])){
			  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
			  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
			  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
			   }
	  header("Location: myaccount.php");
	 }
	}
	else
	{
	//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
	$err[] = "Invalid Login. Please try again with correct user email and password.";
	//header("Location: login.php?msg=$msg");
	}
} else {
	$err[] = "Error - Invalid login. No such user exists";
  }		
}



?>

Link to comment
Share on other sites

towards the end of your code you have a line that reads:

header("Location: myaccount.php");

this is whats forwarding the user to the page "myaccount.php"

if you want each user to have their own page to go to, set this to something like:

<?php
header("Location: ".$full_name.".php");
?>

 

that said, this really isn't the best way to handle the issue.

 

you should create your myaccount.php to check for who the logged in user is and load content as needed.

 

 

Link to comment
Share on other sites

Thank you Micah for the reply.

Basically each of the users will only have to access one page that is relevant only to them, i.e. their pictures.

Could you give me an example of how it would look with the usern names and page names as user1, user2, user3, user4 and user5 please linking to pages user1.php, user2.php, user3.php etc.

This would be a great help if I could just cup and paste it into my form. The account details in not necessary so would probably omit them from the user1.php actual page. All I want is that when user1 logs in he will get sent to user1.php and when user2 logs in he will be sent to user2.php instead of the current format that sends them to myaccount.php

Thank you very much for your help

Chris

Link to comment
Share on other sites

well, at what point in your code are you figuring out which user they are?  Like, how do you know that they are user1 or user2?

 

it looks like the user name they're providing is their email address. (I'm assuming this because I see the line that says: $user_cond = "user_name='$user_email'";  )

 

so, assuming that the variable $user_email is how you are uniquly identifying the user, you would change the previously mentioned header line to:

<?php
header("Location: ".$user_email.".php");
?>

 

if the person enter their username as "user1" and now the variable $user_email = "user1" then the above header() function will forward them to a page called "user1.php" 

 

if $user_email contains their actual e-mail address, then they'll be forwarded to a page like "email-name@domain.com.php"

 

 

 

Link to comment
Share on other sites

You don't want to forward them to a specific file based on their user account as then you have to create a php file for every user you have unless you're doing some type of mod_rewrite but I doubt it.

 

Stick with myaccount.php and pull the person data based on the session info. That's why you put it in there and then you only need one file to deal with all your user accounts.

Link to comment
Share on other sites

Thank you,

yes that would be good if it worked for me but it doesn't. All users same to come to the same myaccount page. They all have just 1 page of their own stuff that I want them to see instead of seeing other members stuff.

There would not be any more than 5 seperate users at any one time and they login with a username i.e. user1, user2 etc. and a password. I create these in the admin section when logged in, so in otherwords, I give them the username and password and activate them.

Link to comment
Share on other sites

You need to show the user info based off what's in their session.

 

ie. myaccount.php

 

//check for login
if(!isset($_SESSION['user_id'])){
//redirect to login area
}

//get user info from database based on the session userid

//display user data however you like

 

The myaccount page doesn't have any static data, which sounds like what you have on it. It generates data based on the user. If you're still having issues, post your myaccount page.

Link to comment
Share on other sites

All this is for is so that clients can login and select pictures from one page of their pictures on a normal html page.

All I want to do and I do not know how to is let them log straight to their page of pics. I do not know much about php and am using someones elses free php login system. It all works ok and logs people in but doesn't exactly do what I want it to do.

Link to comment
Share on other sites

here is the myaccount.php

<?php

include 'dbc.php';

page_protect();

 

 

?>

<html>

<head>

<title>My Account</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

 

<link href="styles.css" rel="stylesheet" type="text/css">

</head>

 

<body>

<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">

  <tr>

    <td colspan="3"> </td>

  </tr>

  <tr>

    <td width="160" valign="top">

<?php

/*********************** MYACCOUNT MENU ****************************

This code shows my account menu only to logged in users.

Copy this code till END and place it in a new html or php where

you want to show myaccount options. This is only visible to logged in users

*******************************************************************/

if (isset($_SESSION['user_id'])) {?>

<div class="myaccount">

  <p><strong>My Account</strong></p>

  <a href="myaccount.php">My Account</a><br>

  <a href="mysettings.php">Settings</a><br>

    <a href="logout.php">Logout </a>

 

  <p>You can add more links here for users</p></div>

<?php }

if (checkAdmin()) {

/*******************************END**************************/

?>

      <p> <a href="admin.php">Admin CP </a></p>

  <?php } ?>

      <p> </p>

      <p> </p>

      <p> </p></td>

    <td width="732" valign="top"><p> </p>

      <h3 class="titlehdr">Welcome <?php echo $_SESSION['user_name'];?></h3> 

  <?php

      if (isset($_GET['msg'])) {

  echo "<div class=\"error\">$_GET[msg]</div>";

  }

   

  ?>

      <p>This is the my account page</p>

 

 

      </td>

    <td width="196" valign="top"> </td>

  </tr>

  <tr>

    <td colspan="3"> </td>

  </tr>

</table>

 

</body>

</html>

 

Link to comment
Share on other sites

In the my account page i would just do something like this:

if ($_SESSION['user_id'] == "1") {
    include("user1.php");
} elseif ($_SESSION['user_id'] == "2") {
    include("user2.php");
} elseif ($_SESSION['user_id'] == "3") {
    include("user3.php");
} elseif ($_SESSION['user_id'] == "4") {
include("user4.php");
} elseif ($_SESSION['user_id'] == "5"){
include("user5.php");
} else  {
include("login.php");
}

or something like that

Link to comment
Share on other sites

Thank you WatsonN that does look more like it, where exatly would I put that in the myaccount.php code? is it here:I cant see where it would go.

Thank you

 

If I made 5 duplicate myaccount.php pages and named them user1.php, user2.php etc. wouldn't I be able to just put there individual stuff on each of those pages while maintaining there own personal welcome details? If so, the code you suggest above, would that go into the login.php script instead? if so where exactly please

 

Link to comment
Share on other sites

If you're gonna make everyone their own my account page I would put that code in the login file were you put the header redirect and have the login button do it based on te Id or something like that.

 

If I was on my computer and not my phone I would teat that idea for you but I can't.

 

Link to comment
Share on other sites

I tried it and it seemed to work for me:

Login.phpLine 68 down:

		//set a cookie 

   if(isset($_POST['remember'])){
			  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
			  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
			  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
			   }
	  if ($id== "1") {
    		include("user1.php");
	  } elseif ($id == "2") {
    		include("user2.php");
	  } elseif ($id == "3") {
   		 	include("user3.php");
	  } elseif ($id == "4") {
		include("user4.php");
	  } elseif ($id == "5"){
		include("user5.php");
	  } else  {
		include("login.php");
	  }
	 }
	}
	else
	{
	//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
	$err[] = "Invalid Login. Please try again with correct user email and password.";
	//header("Location: login.php?msg=$msg");
	}
} else {
	$err[] = "Error - Invalid login. No such user exists";
  }		
}



?>

Link to comment
Share on other sites

Thank you for your patience Nathan, really appreciate it. I am trying to learn php as I can see the great benefits of it.

Where would I put that, I really do not know mate I am sorry, I am a complete newbie to all this.

If it's easier for you I can show you the website and you can login yourself and see what it is I am trying to achieve.

Chris

Link to comment
Share on other sites

I would put it at 68. That should work I'm on my phone and can't see the code right now that should show you what Id is outputting

 

I'm still learning too, I think we all are. Just trying to help anyone anyway we can.

 

Let me know if that works or if I need to look and find a better place for it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.