Username/Login to Specified Directory

logisticdesigns

does anyone have a simple php code that does user/login page, once the user logs in, it goes to their specified html/php location.

For example:

username: phpuser1
password: phpscript1
default directory: http://www.phpuser.com/phpuser1/index.php

username: phpuser2
password: phpscript2
default directory: http://www.phpuser.com/phpuser2/index.php

username: phpuser3
password: phpscript3
default directory: http://www.phpuser.com/phpuser3/index.php

Something of that sort. I've searched everywhere and can find a simple code, I am new to php! If anyone can help, thanks alot.

slaya

im new to php so this may not work and i dont have acces to a computer right now that i can test the code on so try somthign like this

if(($user1 = "username") && ($pass1 = "pass1")) {
echo "Do whatever you want here, transfer him to the page";
} elseif(($user2 = "username") && ($pass2 = "pass2")) {
echo "Do whatever you want here, transfer him to the page";
}

something like that might work, you'll just need to enter a code to transfer them to the page instead of that echo. you could also use some type of user level type of thing so if theyre level is high enough it takes them to page1 or page 2 depending on there leval.

helz

if the usernames and passwords is in the database and the usernames are posted from a form you can use this:

extract($_POST);// converts $_POST['fieldname'] to $fieldname
$sql = "SELECT * FROM $tablename WHERE username = $username AND password = $password";
$query = mysql_query($sql) or die("QUERY ERROR: mysql_error()");
$check = mysql_num_rows($query);
if ($check!==0) {// user is logged in, redirect to own page
   echo "<meta http-equiv='refresh' content='0; URL=http://www.phpuser.com/$username/index.php'>";// redirects to users page
} else {// user did not log in
   echo "You entered an incorrect username/password combination!";
}

slaya

if you redirect it like that then anyone can get to the page by just going to the link..

pjleonhardt

would be simpler to use a .htaccess file then a php script to make sure they're logged in on everypage

BuzzLY

If you use a database to verify logins, then simply store the home directory in the database, and redirect them to that directory (which hopefully has an index.php in it, right?). Also, your user authentication routine that goes at the top of every page you design should check to make sure that the directory they are currently in is a child directory of the user's home directory. If not, redirect them to their home directory. This will take care of malicious users that think they can type in an address directly.

Of course, this level of security does not take care of true directory permissions. For example, the user could still browse any directory that isn't secure and doesn't have a default page. Any page without user authentication code will be accessible, and a user could download any non-php file or page.