...

View Full Version : PHP Login Redirect By User



Jager616
08-29-2011, 11:51 PM
Hi,

i have a basic login script that directs users to a page once logged in, i would like to direct different users to different pages based on their username

eg; user1 would log in and be directed to domain.com/user1
user2 would log in and be directed to domain.com/user2

also, user2 shouldn't be able to change the address to domain.com/user1 and be allowed access to that folder and so on.

the usernames and passwords are stored in a mysql db and there is no requirement for the users to be able to change them.

Am i right in thinking this is the bit of code i need to change?



function validate_user($un, $pwd) {
$mysql = New Mysql();
$ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd));

if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
header("location: index.php");
} else return "Please enter a correct username and password";

}


Please could someone offer some help/advice on how to implement this?

Thanks

GreenFanta
08-30-2011, 10:31 AM
Why don't you make the file with the MKDIR function and then create a meta-tag that redirects them when they log in?

BluePanther
08-30-2011, 10:58 AM
Why don't you make the file with the MKDIR function and then create a meta-tag that redirects them when they log in?

Odd way of doing it.

What you should do, in my opinion, is change the location header to (assuming $un is your username):


header('location: http://www.domain.com/'.$un);

That way, every time someone logs in as user1 they will be redirected to domain.com/user1. The code that handle's that url should check and compare the user and the URI to make sure the user is on the right page, and provide an error if they're on someone elses - or a public overview of that user.

Jager616
08-30-2011, 07:20 PM
BluePanther, thanks for your help.

I have implemented the $un into my code and now looks something like this



header("location: users/$un/index.php");


This is working well apart from being accessible by others when logged in.

If 'Batman' logs in he gets redirected to domain.com/users/batman/index.php
apart from then, you can change the address in the address bar to domain.com/users/superman/index.php and this loads. =(

on the index.php i have the following code



<?php

require_once '../../classes/Membership.php';
$membership = New Membership();

$membership->confirm_Member();

?>


is it possible to make this reference the username so only the right person can access it?

Thanks



Odd way of doing it.

What you should do, in my opinion, is change the location header to (assuming $un is your username):


header('location: http://www.domain.com/'.$un);

That way, every time someone logs in as user1 they will be redirected to domain.com/user1. The code that handle's that url should check and compare the user and the URI to make sure the user is on the right page, and provide an error if they're on someone elses - or a public overview of that user.

Fou-Lu
08-30-2011, 08:05 PM
Wait. Why are you making new pages for each user? The purpose of PHP is to handle dynamic data to do so as you see fit. There is no reason why a specific user requires a page of their own, rather you would create a page and provide it with input on WHAT data to process and go from there. So you wouldn't move to site.com/batman/index.php, you would move to site.com/index.php?user=batman. Proper controls in your management system for users will deem who can see what, and you needn't worry about access to directories at all (since you cannot control that with filesystem permissions).

Jager616
08-30-2011, 08:38 PM
To be honest my PHP knowledge is VERY limited, I have used what I am working on from following a tutorial.

What I am trying to do is create a login, so I can give out a user/pass and someone can log in and see a few HTML pages I have put together.

Fou-Lu
08-30-2011, 10:11 PM
These can still all be served in this manner.
In PHP, you can verify a login attempt and store the user in a session. This session can be re-established to determine if they have access to these files. What you then do is store all these files above the public_html of you're published directory, and serve them from PHP (a new script, say getfile.php, and provide which file they want to access). Its more complicated than a standard user directory structure, but saves tonnes of storage space and can actually be controlled.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum