Jump to content

PHP script - Login and redirecting

florida_guy99

By florida_guy99
in PHP Coding Help

 Share

Recommended Posts

florida_guy99 Newbie

florida_guy99

Posted
Posted

Hello everyone,

 

First, I'd like to let everyone know that I know very little about PHP, I never really had the need to use it and now I sort of do, but I am so lost...so I am coming to the pros...

 

I will explain what I need and I would like to receive some advices as to how I should go about getting this done.

 

This is what I need to do, there will be a "LOGIN" button on the home page of the site, once a user clicks on that they go to a login page, once they login each individual user needs to be redirected to a specific page. So for instance, John will log in and he will see a page that was created for John only... There will be no more than 10 users. I dont need a registration page/form, I can create the users/passwords myself and then just give them out to each person... sounds like a simple thing, but I cant find anything only. I found one script but there were way too many options that I didnt need and it made the whole thing impossible for a beginner. I am not going to keep extremely sensitive and private info in there, so it doesnt need the highest level of security.

 

Is this even possible ? What's my best option ?

 

Thank you so much for any help ! It is truly appreciated.

Link to comment
https://forums.phpfreaks.com/topic/70765-php-script-login-and-redirecting/
Share on other sites
chocopi Regular Member

chocopi

Posted
Posted

what do you mean by different page

 

do you mean, something like bebo,myspace etc where all the information is just filled in on the same template or do you want a separate file for each

 

first method uses $_GET

 

http://www.somesite.com/login.php?user=john

 

or

 

http://www.somesite.com/users/john.php

 

~ Chocopi

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

By different pages I mean I will manually make individual pages with some flyers and some other information for each individual/specific person.

 

Like I said I am not familiar with PHP at all, so I am not sure where to begin... create a database with the login information and the page where those users should be redirected ? I am so lost !!

chocopi Regular Member

chocopi

Posted
Posted

The best way to do it would probably to create a folder called users and then have the subfolders with the users username eg users/chocopi

 

so you need your basic login to check if its valid redirect using a header.

 

<?php
if($_POST)
{
   $username = $_POST['username'];
   $password = $_POST['password'];
   $query = mysql_query("SELECT * username FORM tablename WHERE username='$username' & password='$password'") or die(mysql_error());
   $num_rows = mysql_num_rows($query) or die(mysql_error());
   if($num_rows != 0)
   {
      $location = "users/{$username}/index.php";
      header("Location: $location");
   }
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>

 

Something like that should work ;D

 

~ Chocopi

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

thank you sooooooo much for your help !! :)

 

So I will create the folders and subfolders now and then paste your code onto the login page...

 

And where do I set passwords/usernames and the URL where users should to be redirected to once they log in ?

 

Thank you and sorry if I am being too difficult..

mattal999 Regular Member

mattal999

Posted
Posted

you need to make a table in your database called tablename or clients or whatever (change this on the code aswell where it says "tablename"). create 2 fields, username and passsword. Input all the people. Make the users folder and subfolders of all the usernames. Ta da!

 

However, this is not a secure login man, anyone could go in the folder users/john/index.php!

 

U need to make a secure login.

 

where it says $location='blahblah';

 

add this line above it:

 

session_register("username");

 

and at the start, after the <? tags

 

<? session_start();

 

and then, in the users/{username}/index.php file add at the top:

 

<? session_start(); if(!ISSET($_SESSION['username'])) { die "You are not logged in!"; } ?>

 

hope that doesn't confuse you

 

there you go, sorted

chocopi Regular Member

chocopi

Posted
Posted
where do I set passwords/usernames

You set the username and password in the database and thats what the query checks against.

 

The URL where users should to be redirected to once they log in

Thats what the header does, it redirects the user to their folder:

 

$location = "users/{$username}/index.php";
header("Location: $location");

 

Thank you and sorry if I am being too difficult..

Not at all, I'm glad I could help ;)

 

The only problem with my code is that anyone could access the folder for any user, so the best way is to probably use sessions. Also, I think you should store a unique code for the user in the database and check that aswell so only they can login So you will need to use this code instead (I have commented it as much as possible):

 

<?php
error_reporting(E_ALL); // make sure all errors will be shown, if any
require_once("page_header.php");
if($_POST) // check to see if form has been submitted
{
$username = mysql_real_escape_string($_POST['username']); // get the posted username and set to variable
$password = mysql_real_escape_string$_POST['password']); // get the posted password and set to variable
$query = mysql_query("SELECT id,unique_code FORM tablename WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database
$num_rows = mysql_num_rows($query) or die(mysql_error()); // count the number of rows to check if no rows have been returned
if($num_rows != 0) // if the database finds nothing don't login
{
	$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
} else
	{
		echo "Your login was incorrect."; // if no match found echo error message
	}
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>

 

Then in page_header.php you should have you database connection

 

<?php
$db_host = "your_host";
$db_username = "your_username";
$db_password = "your_password";
$db_database = "your_database";

$db_con = mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_database) or die(mysql_error();
?>

 

On your user pages you should include a page called check which will make sure only the correct user can see those paeges

 

<?php
error_reporting(E_ALL); // show any errors, if any
require_once("page_header.php");
session_start(); // start the session
$page_username = "username"; // set the username for the file eg john for users/john/index.php
$id = $_SESSION['id']; // set the session id to a variable
$username = $_SESSION['username']; // set the session username to a variable
$password = $_SESSION['password']; // set the session password to a variable
$code = $_SESSION['code']; // set the session code to a variable
$query = mysql_query("SELECT username FROM tablename WHERE id='$id' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());
$row = mysql_fetch_assoc($query) or die(mysql_error());
$user = $row['username'];
if($user != $page_username)
{
die("You are not allowed to view this page!");
}
?>

So as long as you include this at the top of your user pages it should stop people from viewing, who shouldn't.

 

For this you will need a table structure like this:

 

CREATE TABLE `tablename` (
`id` INT(4) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(25) NOT NULL,
`password` VARCHAR(32) NOT NULL,
`uniquie_code` VARCHAR(32) NOT NULL,
INDEX (`id`),
UNIQUE (`id`)
);

The password and unique_code are set to a length of 32 because I am assuming you will use md5 on them.

 

Now that should be quite helpful for you ;D

But if you have any more problems here is a reference of everything from the manual

 

Header

Error Reporting

Post

Get

Require, Require_once, Include, Include_once

Sessions

Mysql Real Escape String

Mysql Query

Mysql Fetch Assoc

Mysql Connect

Mysql Select DB

Die

 

 

Now I think thats everything ;D

So that should help, but if you need any more help you know where to ask ;)

 

~ Chocopi

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

ok, sure enough I can't get the whole thing to work. I didnt want to be a pain in the butt here, but I didnt even know how to create a table, so I researched, researched and finally figured it out. I use 1and1.com to host my website, I created a table, created a login.php (where the login form is), created a page_header.php and created one individual folder with one individual page just for testing...

 

So I went on login.php and this is what I get:

 

Parse error: parse error, unexpected T_VARIABLE in /homepages/35/d88707459/htdocs/pibland/login.php on line 7

 

:( :(

 

chocopi Regular Member

chocopi

Posted
Posted

can you post your code for login.php. Its probably that your missing a ; or ) or

 

Yea all the info I gave you was just a base for you to build on.

 

Have you tried http://www.w3schools.com/ Its one hell of an awesome site for all the basic needs

 

~ Chocopi

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

Here we go. I am going to check out  http://www.w3schools.com/

 

Thank you so much !!

 

<?php
error_reporting(E_ALL);
require_once("page_header.php");
if($_POST) 
{
$username = mysql_real_escape_string($_POST['username']); // get the posted username and set to variable
$password = mysql_real_escape_string$_POST['password']); // get the posted password and set to variable
$query = mysql_query("SELECT id,unique_code FORM tablename WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database
$num_rows = mysql_num_rows($query) or die(mysql_error()); // count the number of rows to check if no rows have been returned
if($num_rows != 0) // if the database finds nothing don't login
{
	$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
} else
	{
		echo "Your login was incorrect."; // if no match found echo error message
	}
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>

BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

missing left paren:

 

$password = mysql_real_escape_string$_POST['password']);

 

should be

 

$password = mysql_real_escape_string($_POST['password']);

 

Parse error: parse error, unexpected T_VARIABLE in /homepages/35/d88707459/htdocs/pibland/login.php on line 7
florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

Hi Guys,

 

Thanks BlueSkyIS, that was the problem...

 

Now I am getting: Parse error: parse error, unexpected ';' in /homepages/35/d88707459/htdocs/pibland/page_header.php on line 8

 

This is line 8: 

$query = mysql_query("SELECT id,unique_code FORM tablename WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database

 

I bet it is something with the table that I created, I read all the documentation provided by the host (1and1.com) but maybe I slipped somewhere...

 

Thanks a lot..

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted (edited)

I am very unsure of what to do now... So I created the table (hopefully it's right), the page_header.php, the login.php and the individual user pages... and now I am getting this error:

 

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'tablename WHERE username='xxx' && password='xxx' at

Edited by ignace
florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

:) Thank you.

 

ok, this is the login.php

 

<?php
error_reporting(E_ALL);
require_once("page_header.php");
if($_POST) 
{
$username = mysql_real_escape_string($_POST['username']); // get the posted username and set to variable
$password = mysql_real_escape_string($_POST['password']); // get the posted password and set to variable
$query = mysql_query("SELECT id,unique_code FORM tablename WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database
$num_rows = mysql_num_rows($query) or die(mysql_error()); // count the number of rows to check if no rows have been returned
if($num_rows != 0) // if the database finds nothing don't login
{
	$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
} else
	{
		echo "Your login was incorrect."; // if no match found echo error message
	}
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>

 

This os page_header.php

 

<?php
$db_host = "XXXXXXXXXX";
$db_username = "XXXXXXXX";
$db_password = "XXXXXXXX";
$db_database = "XXXXXXXXX";

$db_con = mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_database) or die(mysql_error());
?>

 

and this is the individual user page

 

<?php
error_reporting(E_ALL); // show any errors, if any
require_once("page_header.php");
session_start(); // start the session
$page_username = "XXXXXX"; // set the username for the file eg john for users/john/index.php
$id = $_SESSION['1']; // set the session id to a variable
$username = $_SESSION['XXXXX']; // set the session username to a variable
$password = $_SESSION['XXXXX]; // set the session password to a variable
$code = $_SESSION['0001']; // set the session code to a variable
$query = mysql_query("SELECT username FROM tablename WHERE id='$id' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());
$row = mysql_fetch_assoc($query) or die(mysql_error());
$user = $row['username'];
if($user != $page_username)
{
die("You are not allowed to view this page!");
}
?>

 

What do you say ?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.