Hi Guys,

Would it be possible to make a login script so that depending on the username and password they would go to a different page?

Say you login as "Keith" correctly you would go to "keith.php" and nobody else would be able to see keith.php other than whoever is logged into that account.

Then if they login as "Dave" they will go to dave.php and so on and so forth?

I have no idea where to start with this but if anybody could point me in the right direction this would be great.

Thanks

Nick

Why wud u wanna do that?

you could use an if statement and show different things depending on whos logged in!

Basically I want to be able to give users access to their own area on my site.

Each user will basically log into the site and then it will show their details on there, which will be simple details about their company.

I dont want each user to see the others details.

Hey there,

I think rather that trying to direct everyone to a different page the best idea is to direct everyone to the same page, but base the content of the page off of the users id.

Where to start create a table for the users.

User Name, Password, and a User Key that is an auto increment integer.


Then when the user logs in you call the database for their key.

after you have gotten the key put it in a variable called $usrkey

This will be the code for the redirect.

Code:

header ('Location: http:www.mydomain.com/userpage?id=$usrkey');

What this does is it adds the users key to the end of the link making that page only available to the user. And now once you are on that page you can use the key that was passed to perform the sql queries to pull up that users information and diplay it on the screen.

I hope this helps.

But with that would it be possible to change the id from say 2 to 1 and see another user's page?

It's up to you to lock that.

Store in the session the authenticated user id, and make userpage.php callable without specifying any id.
The page just have to read the userId from the session.

that way, a user could only see his page, and no one else.

Instead of passing the user id as a url parameter you should keep all of the user's information (other than password) in session variables and then validate that info once they are redirected. Its a bit more secure than passing via url.


EDIT: Tripy barely beat me to it!

Quote:

Originally Posted by nickharper

But with that would it be possible to change the id from say 2 to 1 and see another user's page?

Good question. When they log in create a session that contains the user key as well, so that when you get to the page you check the session against the key in the url. If they don't match kick the user out to a log in screen.

Or you can do as stated above.

Yay !
I was the quicker !

So I have made a login script which works and now I am trying to get a Recordset on the index page using the username (thats also unique) so the PHP will drag the Record with the same username as the session variable.

The only problem is that I don't think the session variable is sent to the login page.

make sure you use session_start() before you try to access any session variables. You must use it to both create a session and access a session on other pages.

Thankyou

I think I have managed to do it now