shawndiggi Posted January 28, 2014 Share Posted January 28, 2014 here is my checklogin.php code so far. // Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");// username and password sent from form$username=$_POST['username'];$password=$_POST['password'];// To protect MySQL injection (more detail about MySQL injection)$username = stripslashes($username);$password = stripslashes($password);$username = mysql_real_escape_string($username);$password = mysql_real_escape_string($password);$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $username and $password, table row must be 1 rowif($password == $passwordtext){$_SESSION["userid1"] = $id1;header("Location: http://.htm"); // redirects}else{unset($_SESSION["userid1"]);$_SESSION["msg"] = "<li>Login Info - Username/Password: Incorrect Combination try again</li>";} Quote Link to comment https://forums.phpfreaks.com/topic/285734-i-need-php-code-to-direct-users-to-their-own-private-page-after-login-please-help/ Share on other sites More sharing options...
ginerjm Posted January 28, 2014 Share Posted January 28, 2014 This code seems incomplete. You don't check if you actually got a result from your query, yet proceed as if you did with some comment that suggests you know what to do but just haven't shown us. Then you try to show a redirect header, but you have made no provision to complete the name of the script to be sent to. And most importantly - you haven't expressed any sentiments about your problem and what you perceive to be the issue other than to suggest you have a problem in your title.. Help us out! Quote Link to comment https://forums.phpfreaks.com/topic/285734-i-need-php-code-to-direct-users-to-their-own-private-page-after-login-please-help/#findComment-1466860 Share on other sites More sharing options...
Psycho Posted January 28, 2014 Share Posted January 28, 2014 A couple other notes on your code first $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; This tells me you are storing the actual password in your database. This a very bad idea. You should only store a hash of the password. if($password == $passwordtext) This makes no sense. For one $passwordtext has not been defined. Plus, your query already verifies that you are getting the correct record. $_SESSION["userid1"] = $id1; Same here. $id is not defined. It looks like you are assuming there will be variables from the results of the DB query without ever extracting them. header("Location: http://.htm"); // redirects Mkay, so you want to redirect them. To where? Do you have a page defined as the user's 'private page'? Do you want an actual URL for each user? You could just create a page such as 'http://www.mysite.com/user.php' and get the user id from the session data to show them their details. Quote Link to comment https://forums.phpfreaks.com/topic/285734-i-need-php-code-to-direct-users-to-their-own-private-page-after-login-please-help/#findComment-1466861 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.