Jump to content
etopal

PHP login system fetch username and redirect issue

Recommended Posts

Is there a way to get current logged in username and based on that redirect to a different page?

I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/

Now I’m looking to redirect each logged in user to their personalized page.

But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users.

This code redirects to the latter address, but the username based redirect is not working:

<?php

session_start();

if ($_SESSION["username"]==User1){

header("location: user1content.php");

exit;

} else {

header("location: generalcontent.php");

exit;

}

{ ?>

<?php } ?>

So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine.
I know there’s something missing, but what that might be… Have been trying different things without success.

Share this post


Link to post
Share on other sites
Posted (edited)

Or another viable option would be to show content based on username:

<?php
session_start();

if ($_SESSION["username"]=='User1'){ ?>


SHOW USER1 CONTENT HERE


<?php } ?>

But this has the same issue; not sure how to fetch the logged in username...

Edited by etopal

Share this post


Link to post
Share on other sites

Have you checked if $_SESSION contains what you are expecting it to contain?

Share this post


Link to post
Share on other sites
6 minutes ago, Barand said:

Have you checked if $_SESSION contains what you are expecting it to contain?

I have not 🤔 (I'm not very familiar with php, just dabbling with it... )

The second redirect (to generalcontent.php) works, so I'm guessing the $_SESSION doesn't contain what I'm looking for, as it just gets skipped 😬

Share this post


Link to post
Share on other sites

try

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

That will show the contents of $_SESSION.

If it's doesn't contain the expected values you need to trace backwards to where the values should be set and work out why it isn't happening.

Share this post


Link to post
Share on other sites
Posted (edited)

Huzzah! 🤩
I think the end solution was a very simple one, as it most of the cases seems to be:
```
<?php

require('_login.php');

if ($login_user === 'User1') {
    header("Location: user1.php");
} else if ($login_user === 'User2') {
    header("Location: user2.php");
} else if ($login_user === 'User3') {
    header("Location: user3.php");
} else {
    header("Location: generalcontent.php");
}

?>

```

As a note, if anyone else ever struggles with a similar problem.

Edited by etopal

Share this post


Link to post
Share on other sites
2 hours ago, etopal said:

I think the end solution was a very simple one

Except that isn't the solution. For one, if you dont kill the script after a header redirect, the rest of the code still runs. Using a sequential numbering of pages points to a serious design flaw. If you have a million users, are you really going to have and maintain a million pages?

Share this post


Link to post
Share on other sites

It surely is not the perfect solution. But seems to work for what I need 🤔 If I ever had a million users, I surely would need a better login system as well.. Might have to look into your points though.

Share this post


Link to post
Share on other sites
Posted (edited)

Not to be a debbie downer, but the specific login script you mention uses MD5. If your website's password security is important, to you, please read "no one should be using MD5 anymore" at https://en.wikipedia.org/wiki/MD5 (MD5 is broken).

From what I understand, php's built in "password_hash" function is much, much better than MD5.

If you please read the question and answer about the "password_hash" function here. you might be inclined to go ahead and use mySQL.

There are some pre-written login scripts on the net using "password_hash" that even I (a total PHP dumbo) can understand (just google "simple password_hash login scripts").

Just a thought.

 

 

Edited by StevenOliver
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.