php auth to user page

whtnoise

i'm trying to build a auth form that will take a client to a specific page that lists files in a directory etc... i found an auth script on macromedia xchange for dreamweaver and it works great - but will take all authorized users to the same page, is there anyway to extract the url information from the sql db after the user has been authorized, so i have the user in column 1, pass in column 2, and url in column 3. feel like my head's about to explode, cannont figure this one out!!! 😕 here's the script:

<?php require_once('Connections/***.php'); ?>
<?php
// Start the session
session_start();
// Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".htmlentities($HTTP_SERVER_VARS['QUERY_STRING']);
if (isset($HTTP_POST_VARS['user'])) {
$FF_valUsername=$HTTP_POST_VARS['user'];
$FF_valPassword=$HTTP_POST_VARS['pass'];
$FF_fldUserAuthorization="";
$FF_redirectLoginSuccess=mysql_query('url', $);
$FF_redirectLoginFailed="noAuth.php";
$FF_rsUser_Source="SELECT user, pass ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM auth WHERE user='" . $FF_valUsername . "' AND pass='" . $FF_valPassword . "'";
mysql_select_db($database_bloomIndustrie, $);
$FF_rsUser=mysql_query($FF_rsUser_Source, $**) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;
}
?>

many thanks!!!

whtnoise

nobody???? this had gotta be easy for somebody??? 🙁

ajdegans

First put your code in a PHP tag next time like i did for you now 🙂

<?php require_once('Connections/******.php'); ?> 
<?php 
// *** Start the session 
session_start(); 
// *** Validate request to log in to this site. 
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF']; 
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".htmlentities($HTTP_SERVER_VARS['QUERY_STRING']); 
if (isset($HTTP_POST_VARS['user'])) { 
$FF_valUsername=$HTTP_POST_VARS['user']; 
$FF_valPassword=$HTTP_POST_VARS['pass']; 
$FF_fldUserAuthorization=""; 
$FF_redirectLoginSuccess=mysql_query('url', $******); 
$FF_redirectLoginFailed="noAuth.php"; 
$FF_rsUser_Source="SELECT user, pass "; 
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization; 
$FF_rsUser_Source .= " FROM auth WHERE user='" . $FF_valUsername . "' AND pass='" . $FF_valPassword . "'"; 
mysql_select_db($database_bloomIndustrie, $******); 
$FF_rsUser=mysql_query($FF_rsUser_Source, $*****) or die(mysql_error()); 
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser); 
if(mysql_num_rows($FF_rsUser) > 0) { 
// username and password match - this is a valid user 
$MM_Username=$FF_valUsername; 
session_register("MM_Username"); 
if ($FF_fldUserAuthorization != "") { 
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAu
thorization]; 
} else { 
$MM_UserAuthorization=""; 
} 
session_register("MM_UserAuthorization"); 
if (isset($accessdenied) && false) { 
$FF_redirectLoginSuccess = $accessdenied; 
} 
mysql_free_result($FF_rsUser); 
session_register("FF_login_failed"); 
$FF_login_failed = false; 
header ("Location: $FF_redirectLoginSuccess"); 
exit; 
} 
mysql_free_result($FF_rsUser); 
session_register("FF_login_failed"); 
$FF_login_failed = true; 
header ("Location: $FF_redirectLoginFailed"); 
exit; 
} 
?>

Second: if you look closely to your code you will notice the part where the script makes the diference between authorized people or declined (?) people.

mysql_free_result($FF_rsUser); 
session_register("FF_login_failed"); 
$FF_login_failed = false; 
header ("Location: $FF_redirectLoginSuccess"); 
exit; 
} 
mysql_free_result($FF_rsUser); 
session_register("FF_login_failed"); 
$FF_login_failed = true; 
header ("Location: $FF_redirectLoginFailed"); 
exit; 
}

There you will find the value:
$FF_redirectLoginSuccess

If you look back in the script you will find:
$FF_redirectLoginSuccess=mysql_query('url', $******);

Look where that goes. you might find something 🙂

success!:eek: