Jump to content

i need php code to direct users to their own private page after login. please help


Recommended Posts

here is my checklogin.php code so far.

 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row

if($password == $passwordtext)
{
$_SESSION["userid1"] = $id1;
header("Location: http://.htm"); // redirects
}
else
{
unset($_SESSION["userid1"]);
$_SESSION["msg"] = "<li>Login Info - Username
/Password:  Incorrect Combination try again</li>";
}

This code seems incomplete.  You don't check if you actually got a result from your query, yet proceed as if you did with some comment that suggests you know what to do but just haven't shown us.  Then you try to show a redirect header, but you have made no provision to complete the name of the script to be sent to.  And most importantly - you haven't expressed any sentiments about your problem and what you perceive to be the issue other than to suggest you have a problem in your title..

 

Help us out!

A couple other notes on your code first

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";

This tells me you are storing the actual password in your database. This a very bad idea. You should only store a hash of the password.

 

if($password == $passwordtext)

This makes no sense. For one $passwordtext has not been defined. Plus, your query already verifies that you are getting the correct record.

 

$_SESSION["userid1"] = $id1;

Same here. $id is not defined. It looks like you are assuming there will be variables from the results of the DB query without ever extracting them.

 

header("Location: http://.htm"); // redirects

Mkay, so you want to redirect them. To where? Do you have a page defined as the user's 'private page'? Do you want an actual URL for each user? You could just create a page such as 'http://www.mysite.com/user.php' and get the user id from the session data to show them their details.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.