...

View Full Version : having login problem on my website



mfriedman24
03-15-2009, 02:02 AM
hi i have a site that members can login and view their profile page.
i am having a problem that when they login i can't get their user id so that i can redirect them to their profile page. this is the code on the login page. what am i doing wrong? what should it look like? - when they login it should get their id (ex. 12) and redirect them to /home.php?id=12 thanks for the help!


<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['email'])) {
$loginUsername=$_POST['email'];
$password=$_POST['password'];
$userid = $_REQUEST['id'];
$MM_fldUserAuthorization = "Access";
$MM_redirectLoginSuccess = "/home.php?id=$userid";
$MM_redirectLoginFailed = "/loginfail.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_SH, $SH);

$LoginRS__query=sprintf("SELECT Username, Password, Access FROM Signup WHERE Username=%s AND Password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $SH) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'Access');

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

mlseim
03-15-2009, 02:51 AM
Did this ever work?
Is this an existing script, or something you made up?

mfriedman24
03-15-2009, 02:57 AM
no it never worked, its brand new and i made it thru dreamweaver but its not working. what should i do?

student101
03-15-2009, 09:58 AM
Your problem is that you changed the login behaviour, don't change the code that an application created, UNLESS you know what and where to change

$userid = $_REQUEST['id'];
$MM_redirectLoginSuccess = "/home.php?id=$userid";
This is PHP and I found it harder to change what I needed since I am an ASP person.
You want to redirect based on id?


There is actaully a page on ADOBE for this, can't find it now (murphys law)
Anyways...
To do what you want I do in a two page process.
Consider the following:
login.php has the standard login behaviour that DW adds
process.php is the page that has the deciding factor and a field for the page that the user is directed to


//process.php
//connect to db...
//select statement
"select data,redirectpage from table where userid = session['MM_Username']"
//if any rows affected goto location else failed.php
if(mysql_num_rows($result) == 1) { //can't remember if it's two"==" or one"="
$logged_in_user = $user;
session_register("logged_in_user");
header("location: row['redirectpage']");
exit;
} else {
header("Location: failed.php");
exit;
}
//it's not rocket science but logical

The idea is let DW do what it does and you add your ideas as needed.

student101
03-15-2009, 12:15 PM
no it never worked, its brand new and i made it thru dreamweaver but its not working. what should i do?
Made this now:




///
//connect to db with connect file...
///

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['textfield'])) {
$loginUsername=$_POST['textfield'];
$password=$_POST['textfield2'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "1.php"; //this actually means nothing here.
$MM_redirectLoginFailed = "failed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_cnj, $cnj);

$LoginRS__query=sprintf("SELECT adminusername, adminpassword, destination_page FROM tbl_admin WHERE adminusername=%s AND adminpassword=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); //this is important


$LoginRS = mysql_query($LoginRS__query, $cnj) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

/// add select statement here
$colname_rsuser = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_rsuser = $_SESSION['MM_Username'];
}
mysql_select_db($database_cnj, $cnj);
$query_rsuser = sprintf("SELECT * FROM tbl_admin WHERE adminusername = %s", GetSQLValueString($colname_rsuser, "text"));
$rsuser = mysql_query($query_rsuser, $cnj) or die(mysql_error());
$row_rsuser = mysql_fetch_assoc($rsuser);
$totalRows_rsuser = mysql_num_rows($rsuser);
///

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
$MM_redirectLoginSuccess = $row_rsuser['destination_page']; //this is important

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
mysql_free_result($rsuser);
}
else {
header("Location: ". $MM_redirectLoginFailed );
mysql_free_result($rsuser);
}
}
?>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="frmlogin" id="frmlogin">
<p>
<input type="text" name="textfield" id="textfield" />
<br />
<input type="text" name="textfield2" id="textfield2" />
<br />
</p>
<p>
<input type="submit" name="button" id="button" value="Submit" />
</p>
</form>

It's not thoroughly tested!!!

Cheers



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum