PHP login system fetch username and redirect issue

[etopal]

Is there a way to get current logged in username and based on that redirect to a different page?

I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/

Now I’m looking to redirect each logged in user to their personalized page.

But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users.

This code redirects to the latter address, but the username based redirect is not working:

<?php

session_start();

if ($_SESSION["username"]==User1){

header("location: user1content.php");

exit;

} else {

header("location: generalcontent.php");

exit;

}

{ ?>

<?php } ?>

So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine.
I know there’s something missing, but what that might be… Have been trying different things without success.

[etopal]

Or another viable option would be to show content based on username:

<?php
session_start();

if ($_SESSION["username"]=='User1'){ ?>

SHOW USER1 CONTENT HERE

<?php } ?>

But this has the same issue; not sure how to fetch the logged in username...

Edited May 4, 2020 by etopal

[Barand]

Have you checked if $_SESSION contains what you are expecting it to contain?

[etopal]

6 minutes ago, Barand said:

Have you checked if $_SESSION contains what you are expecting it to contain?

I have not 🤔 (I'm not very familiar with php, just dabbling with it... )

The second redirect (to generalcontent.php) works, so I'm guessing the $_SESSION doesn't contain what I'm looking for, as it just gets skipped 😬

[Barand]

try

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

That will show the contents of $_SESSION.

If it's doesn't contain the expected values you need to trace backwards to where the values should be set and work out why it isn't happening.

[etopal]

Huzzah! 🤩
I think the end solution was a very simple one, as it most of the cases seems to be:
```
<?php

require('_login.php');

if ($login_user === 'User1') {
    header("Location: user1.php");
} else if ($login_user === 'User2') {
    header("Location: user2.php");
} else if ($login_user === 'User3') {
    header("Location: user3.php");
} else {
    header("Location: generalcontent.php");
}

?>

```

As a note, if anyone else ever struggles with a similar problem.

Edited May 4, 2020 by etopal

[benanamen]

2 hours ago, etopal said:

I think the end solution was a very simple one

Except that isn't the solution. For one, if you dont kill the script after a header redirect, the rest of the code still runs. Using a sequential numbering of pages points to a serious design flaw. If you have a million users, are you really going to have and maintain a million pages?

[etopal]

It surely is not the perfect solution. But seems to work for what I need 🤔 If I ever had a million users, I surely would need a better login system as well.. Might have to look into your points though.

[StevenOliver]

Not to be a debbie downer, but the specific login script you mention uses MD5. If your website's password security is important, to you, please read "no one should be using MD5 anymore" at https://en.wikipedia.org/wiki/MD5 (MD5 is broken).

From what I understand, php's built in "password_hash" function is much, much better than MD5.

If you please read the question and answer about the "password_hash" function here. you might be inclined to go ahead and use mySQL.

There are some pre-written login scripts on the net using "password_hash" that even I (a total PHP dumbo) can understand (just google "simple password_hash login scripts").

Just a thought.

 

 

Edited May 5, 2020 by StevenOliver