Login Redirect from Db?

MikeNye

Hi all

Still new to php.....but getting there!

ive just built a login page which accesses an sql database for the info....all works ok, what im wanting to do now is when a user logs in have it redirect to their specific page.....this is where im stuck. I have a field in the database called URL this contains the page name to go to?

Im sure this is an easy one I just cant get me brain around it 😕

Any help or advice greatly welcome!

cheers
Mike

djjjozsi

You get the url's value, with all the data of the user:

<?
include("connection_to_the_database.php");
$un=mysql_real_escape_string($_POST["username"]);
$pass=mysql_real_escape_string($_POST["password"]);
$sql=" SELECT * FROM users WHERE username='".$un."' AND password='".$pass." LIMIT 1'";
$result=mysql_query($sql);

if(mysql_num_rows($result)>0)
{
$row=mysql_fetch_assoc($result);
header("Location:". $row["redirect_url"]);
}
else
print "No match...";
?>

bye,
jjozsi

MikeNye;10889899 wrote:
Hi all

Still new to php.....but getting there!

ive just built a login page which accesses an sql database for the info....all works ok, what im wanting to do now is when a user logs in have it redirect to their specific page.....this is where im stuck. I have a field in the database called URL this contains the page name to go to?

Im sure this is an easy one I just cant get me brain around it 😕

Any help or advice greatly welcome!

cheers
Mike

MikeNye

djjjozsi;10889903 wrote:

You get the url's value, with all the data of the user:

<?
include("connection_to_the_database.php");
$un=mysql_real_escape_string($_POST["username"]);
$pass=mysql_real_escape_string($_POST["password"]);
$sql=" SELECT * FROM users WHERE username='".$un."' AND password='".$pass." LIMIT 1'";
$result=mysql_query($sql);

if(mysql_num_rows($result)>0)
{
$row=mysql_fetch_assoc($result);
header("Location:". $row["redirect_url"]);
}
else
print "No match...";
?>

bye,
jjozsi

Brilliant! just had to tweak this line I already had!
header("Location:". $row["url"]);

Thanks alot!
Mike

laserlight

You'll need a little more than that though, otherwise users may be able to access other users' pages. For example, you might want to start a session if the user successfully logs in, perhaps setting the user id as a session variable, and then check for this session and id in the user's page.

Oh, and it is good practice to use [man]die[/man] or [man]exit[/man] right after sending a location header. Also, you only need to SELECT COUNT(), not SELECT , to authenticate the user. However, I would rather use a hashed password, then SELECT pass_hash, pass_salt, and then compute the hash of the user supplied password and see if it matches the password stored.