PHP Forum

**vixtay** · 05:04 PM

I have a login system on a website it works ok but there is one thing I need to add to the php and I do not know how to so could really do with some help.
After login the user is sent to myaccount.php. This is where I need the help.
All together I will have 4 users, each have there own seperate html page which I need them only to have access to. I don't know how to do this.
I somehow need to have a link on the myaccount.php page that they and only they can click to take them to their own page.
At the moment each user gets a welcome user message when they log in and that seems to work ok for the different users.
I will post the code to the login.php and myaccount.php below.
Can someone please take a look and see what I have to add to enable user1 to go to user1.html and user2 to go to user2.html and so on.
Many thanks in advance:

PHP Code:


			
<?php 

include 'dbc.php';

$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
    $data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";
    
}

    
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
            AND `banned` = '0'
            ") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 
    
    list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
    
    if(!$approved) {
    //$msg = urlencode("Account not activated. Please check your email for activation code");
    $err[] = "Account not activated. Please check your email for activation code";
    
    //header("Location: login.php?msg=$msg");
     //exit();
     }
     
        //check against salt
    if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
    if(empty($err)){            

     // this sets session and logs user in  
       session_start();
       session_regenerate_id (true); //prevent against session fixation attacks.

       // this sets variables in the session 
        $_SESSION['user_id']= $id;  
        $_SESSION['user_name'] = $full_name;
        $_SESSION['user_level'] = $user_level;
        $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
        
        //update the timestamp and key for cookie
        $stamp = time();
        $ckey = GenKey();
        mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
        
        //set a cookie 
        
       if(isset($_POST['remember'])){
                  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                   }
          header("Location: myaccount.php");
         }
        }
        else
        {
        //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
        $err[] = "Invalid Login. Please try again with correct user email and password.";
        //header("Location: login.php?msg=$msg");
        }
    } else {
        $err[] = "Error - Invalid login. No such user exists";
      }        
}
                     
                     

?>

And myaccount.php
<?php 
include 'dbc.php';
page_protect();


?>
<?php 
/*********************** MYACCOUNT MENU ****************************
This code shows my account menu only to logged in users. 
Copy this code till END and place it in a new html or php where
you want to show myaccount options. This is only visible to logged in users
*******************************************************************/
if (isset($_SESSION['user_id'])) {?>
<div class="myaccount">
  <p><strong>My Account</strong></p>
  <a href="myaccount.php">My Account</a><br>
  <a href="mysettings.php">Settings</a><br>
    <a href="logout.php">Logout</a></div>
<?php }
if (checkAdmin()) {
/*******************************END**************************/
?>
      <p> <a href="admin.php">Admin CP </a></p>
      <?php } ?>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="732" valign="top"><p>&nbsp;</p>
      <h3 class="titlehdr">Welcome <?php echo $_SESSION['user_name'];?></h3>  
      <?php    
      if (isset($_GET['msg'])) {
      echo "<div class=\"error\">$_GET[msg]</div>";
      }
            
      ?>

**vixtay** · 09-15-2010, 06:44 AM

61 views on no replies! Come on folks some of your php genius's must know the anser to this.
All I want to do is when a user1 logs in to take him to user1.php and when user2 logs in to take him to user2.php
How do I do this, do I add something to the header on the login.php page or maybe the myaccount.php file, maybe a redirect based on the username? Please help with this as this is all I need now for a very good login system.

Would it be something like this below? And if so, where do I put this:
if ($_SESSION['user_id'] == "1") {
include("user1.php");
} elseif ($_SESSION['user_id'] == "2") {
include("user2.php");
} elseif ($_SESSION['user_id'] == "3") {
include("user3.php");
} elseif ($_SESSION['user_id'] == "4") {
include("user4.php");
} elseif ($_SESSION['user_id'] == "5"){
include("user5.php");
} else {
include("login.php");
}

**smoseley** · 08:18 AM

Simple way to do it:

PHP Code:


			
$userId = (int) $_SESSION['user_id'];
if ($userId > 0) {
    header("Location: user{$userId}.php");
} else {
    include("login.php");
}

put it in place of:
header("Location: myaccount.php");
Not sure why you'd do it that way though.

**vixtay** · 09-15-2010, 08:09 PM

That is almost working except when I log in with user1 it is looking for user57.php and user2 is looking for user58.php! any suggestions?
Thanks

**rossyd** · 09:06 AM

Quote:

Originally Posted by vixtay

That is almost working except when I log in with user1 it is looking for user57.php and user2 is looking for user58.php! any suggestions?
Thanks

Hi,
it's not for definate but same has happened to me, maybe in your SQL database you have UserID set as auto increment so when you where first testing your DB out with different users, adding records etc its been totting up without you realising it. Use this code to check your DB table. You might want to add some code to close the database at the bottom aswell,I've not bothered pretty new to this PHP so not to sure on how important it actually is but it works fine.

PHP Code:


			
<?php
//Connect To Database
$con = mysql_connect("localhost","(insert userName)","(insert password)");
if (!$con)
{
    die('Could not connect: ' . mysql_error());
    echo ("error couldn't connect to database");
}
    mysql_select_db("(insert Database name)", $con);
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Untitled 1</title>
</head>
<body>
<table border="1">
<tr>
<?php
$table = "(insert table name here)";
echo $table;
 
    $show = mysql_query("SHOW COLUMNS FROM " . $table);
        $i = 0;
        while($roww = mysql_fetch_array($show))
        {
            echo "<td>" . $roww[0] . "</td>";
            $columnName[$i] = $roww[0];
            $i = $i + 1;
        } 
 
        echo "</tr>";
 
        $result = mysql_query("SELECT * FROM " . $table);
 
        while($row = mysql_fetch_array($result))
        {
            echo "<tr>";
 
                for ($j=0; $j<$i; $j++)
                {
                    echo "<td>" . $row[$j] . "</td>";                                   
                }
 
            echo "</tr>";
        }
?>
</table>
</body>
</html>

**miki86** · 09-21-2010, 08:11 AM

Quote:

Originally Posted by vixtay

each have there own seperate html page which I need them only to have access to.

You cant restrict access to users with html pages, it needs to be php

**smoseley** · 09-21-2010, 08:22 AM

The problem is in your Session code. You're getting the data from the last session instead of the current one.

**lynxus** · 09-21-2010, 08:24 AM

Or use Htaccess....

But yeh, If they each had a user1.php user2.php user3.php pages then you can do:

When they login, Set this var:
$_SESSION['userid'] = "1"; // or 2 or 3 or 4.

Then at the top of each page.

do this for example ( at the very top of userpage1.php )

session_start();
if ($_SESSION['userid'] != "1") {
die('Error, Your not allowed to view this page');

// Now put your pages content.

**vixtay** · 09-21-2010, 04:05 PM

I like the idea of this, where exactly will that fit in to my existing code please? what will it replace on the login.php?
Many thanks indeed for all your patience