Redirect to specific URL based on login

jdomes

This topic has been covered at some length on these forums. I know this because I have read pretty much every article. Unfortunately I still haven't found an answer that helps me. So here goes.

I have a basic login page that checks for a username and password from a mysql database and redirects to the current hompage. It works like a charm, but now I need to be able to redirect a user to their own idividual page of the website based on their user name and password. I've seen this done with an IF statement but it usually assumes only a few users, I will have at least 20 to start and much more over the next year. If someone could point me in the right direction a would be most appreciatve. I've seen several posts that tell you what to do but no code examples, so if someone could post some code or a link to some code that would be a lot of help too. Below is my current Login.php page.

<?php
/ Program: Login Page
Desc: Displays the login page for SKC Limited Clients.
*/
session_start();
include("./skclmtd_log.php");
switch (@$_GET['do'])
{
case "login":
$connection = mysql_connect($host, $user, $password)
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");

$sql = "SELECT loginName FROM Member
WHERE loginName='$POST[fusername]'";
$result = mysql_query($sql)
or die("Couldn't execute query");
$num = mysql_num_rows($result);
if ($num == 1) //login name was found
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$POST[fusername]'
AND password='$POST[fpassword]'";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
{
$SESSION['auth']="yes";
$logname=$POST['fusername'];
$SESSION['logname'] = $logname;
$today = date("Y-m-d hⓂs");
$sql = "INSERT INTO Login (loginName, loginTime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Couldn't execute query/");
header("Location: ./index.php");
}
else //password is not correct
{
unset($GET['do']);
$message="The Login Name, '$POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) //login name not found
{
unset($_GET['do']);
$message = "The Login Name you entered does not
exist! Please try again.<br>";
include("login_form.inc");
}
break;

default:
include("login_form.inc");
}
?>

leatherback

Assuming you have a record in the database with the location of the users homepage, you can just use that for the redirect.

something along the lines of:
header('location:".$row['userpage']."');

PS: If you really did read all the posts on redirects & user authentication, you should have been able to whip something together. Ah well. See whether this works for you.

jdomes

I gave it a try and got the following error

Parse error: parse error, unexpected T_STRING in /x/x/x/x/Login.php on line 38

any other suggestions.

leatherback

A parse error is just that.. An error when parsing the code. It helps if you show what you have done. Don't throw away the baby when the bathwater is dirty. Clean the water, keep the baby.

Furthermore: You should not let users know whether they have a correct username: It facilitates hacking into your database (Once I know the name is correct, I can put a script on the page to just force all password combos).

jdomes

I made a change to my PHP code
header("Location:$page");

which I thought would just reference the information from the SQL database but all it does is redirect me back to the hompage. All the other code is the same as above. Can anyone point out what I'm missing. Thanks

leatherback

You need to fill $page with the location of the page where you want te person to ber redirected to, which is why I used $row['userpage']
Without more information on your setup we cannot really tell you how to adjust your code to get the desired effect.