Jump to content

i need php code to direct users to their own private page after login. please help

shawndiggi

By shawndiggi
in PHP Coding Help

 Share

Recommended Posts

shawndiggi Newbie

shawndiggi

Posted
Posted

here is my checklogin.php code so far.

 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row

if($password == $passwordtext)
{
$_SESSION["userid1"] = $id1;
header("Location: http://.htm"); // redirects
}
else
{
unset($_SESSION["userid1"]);
$_SESSION["msg"] = "<li>Login Info - Username
/Password:  Incorrect Combination try again</li>";
}

Link to comment
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted

This code seems incomplete.  You don't check if you actually got a result from your query, yet proceed as if you did with some comment that suggests you know what to do but just haven't shown us.  Then you try to show a redirect header, but you have made no provision to complete the name of the script to be sent to.  And most importantly - you haven't expressed any sentiments about your problem and what you perceive to be the issue other than to suggest you have a problem in your title..

 

Help us out!

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

A couple other notes on your code first

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";

This tells me you are storing the actual password in your database. This a very bad idea. You should only store a hash of the password.

 

if($password == $passwordtext)

This makes no sense. For one $passwordtext has not been defined. Plus, your query already verifies that you are getting the correct record.

 

$_SESSION["userid1"] = $id1;

Same here. $id is not defined. It looks like you are assuming there will be variables from the results of the DB query without ever extracting them.

 

header("Location: http://.htm"); // redirects

Mkay, so you want to redirect them. To where? Do you have a page defined as the user's 'private page'? Do you want an actual URL for each user? You could just create a page such as 'http://www.mysite.com/user.php' and get the user id from the session data to show them their details.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.