473,322 Members | 1,504 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

PHP user auth help...

greetings -

I am very much new the PHP world and have what I believe to be a simple question..

I am using one of the Dreamweaver User Auth scripts with a mySQL database. I have the verification process down, but I would like to redirect each user to a different directory/page.

In the mySQL I have the data for where I would like to redirect each user, but I can't get it to translate properly.

Basically, I want a user to be able to login from a central page and be taken to their site/page automatically...

Here's the code.... The line in bold is where I believe I am doing something wrong. Please let me know if you have anythoughts!! Thanks!!


<?php require_once('../Connections/database.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user'])) {
$loginUsername=$_POST['user'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "/" & $_POST['redirect'] & "/index.html";
$MM_redirectLoginFailed = "http://clients.mysite.com";
$MM_redirecttoReferrer = false;
mysql_select_db($database_lp_database, $lp_database);

$LoginRS__query=sprintf("SELECT user, pass FROM authentication WHERE user='%s' AND pass='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $lp_database) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
Thanks in advance for any advice!
May 18 '06 #1
6 3433
I'm learning PHP myself but I think I see the problem. I believe this line is wrong.

[PHP]$MM_redirectLoginSuccess = "/" & $_POST['redirect'] & "/index.html";[/PHP]

Try changing it to this:

[PHP]$MM_redirectLoginSuccess = "/".$_POST['redirect']."/index.html";[/PHP]

or try this:

[PHP]$MM_redirectLoginSuccess = "../" . $_POST['redirect'] . "/index.html";[/PHP]
May 18 '06 #2
Thanks for that... at least now I don't have an error message. for some reason I am getting redirected to www.mysite.com//index.html (notice the 2 /'s) which makes be believe that the "." are the right way to go, but the function to call up the info from the database isn't working, etc.

any other thoughts?

-m
May 19 '06 #3
Thanks for that... at least now I don't have an error message. for some reason I am getting redirected to www.mysite.com//index.html (notice the 2 /'s) which makes be believe that the "." are the right way to go, but the function to call up the info from the database isn't working, etc.

any other thoughts?

-m
Are the users filling out a form with the $_POST['redirect'] code ?
I don't see this part being pulled from a database. You are trying to pull it from a form. If it's not being filled out in a form then that would be why the redirect information is missing or mispelled on the form perhaps.

[PHP]mysql_select_db($database_lp_database, $lp_database);[/PHP]

I also don't see where $database_lp_database is defined as a variable in this script. Is it a global variable in: <?php require_once('../Connections/database.php'); ?> some place ? If so you need to define the global variable before the mysql_select_db statement.

[PHP]global $database_lp_database;[/PHP]
May 19 '06 #4
good call on defining the database - caught that after I posted this.. but thanks!!

as for the redirect being pulled from a form, that is not what I was looking for.. .basically, if the user and password match, I want it to redirect them to a specifc directory - the name of which is already stored in the database.

Example

username | password | redirect |
-----------|---------------|-------------|
user1 | pass1 | user1dir |

so for user one, the would get redirected to www.mysite.com/user1dir


I think that I just need to make this..
$MM_redirectLoginSuccess = "../" . $_POST['redirect'] . "/index.html";

to pull from the database and not from a form. Still working on that part.. any ideas

thanks for your help so far!!! I really appreciate it!
May 22 '06 #5
I'm not real good at SQL yet but it would seem to me that you MIGHT (Not sure) need to change this line below to add in the user directory to your query. However I think you are still getting the whole table and putting it into $LoginRS

Expand|Select|Wrap|Line Numbers
  1. $LoginRS__query=sprintf("SELECT user, pass FROM authentication WHERE user='%s' AND pass='%s'",
  2. get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
Then after you get your results in the line below.

Expand|Select|Wrap|Line Numbers
  1. $LoginRS = mysql_query($LoginRS__query, $lp_database) or die(mysql_error());
You will then need to move this line below the line above and fill in the entry from the query for the redirect.

Expand|Select|Wrap|Line Numbers
  1. $MM_redirectLoginSuccess = "../" . $_POST['redirect'] . "/index.html";
That should give you the result your looking for. As for the exact query to make I'm just not sure I understand SQL well enough to attempt that one since I don't know what all the functions your calling are. As I said before you might already have read the entire table into $LoginRS so you could try moving the line and adding this line instead.

Expand|Select|Wrap|Line Numbers
  1. $MM_redirectLoginSuccess = "../" . $LoginRS['redirect'] . "/index.html";
May 24 '06 #6
After looking through the code again I think your query is fine as it is and you just need to move the one line and rewrite it to pull the data from $LoginRS like I said.

It seems to just be a simpla matter of moving the one line and getting the table information. You might also need to add another line similar to this but I'm not sure if it's needed or not.

$newArray = mysql_fetch_array($LoginRS);

Then change to this.

$MM_redirectLoginSuccess = "../" . $newArray['redirect'] . "/index.html";

That would make it look something like the code below. However I am also including a login sql/php script snipit that I used before to give you a more basic structure you can follow. You will notice I have left out a couple things from the code I use and I'm not sure if your code needs them or not.

I am talking about this section here.

if(mysql_num_rows($result) == 1){

while ($newArray = mysql_fetch_array($result)){
$userid = $newArray['userid'];
$name = $newArray['name'];
$password = $newArray['password'];
$security = $newArray['security'];
$email = $newArray['email'];
}
mysql_close();
Display_Main_Menu();
} else {


Your code should look something like what is below or add in the section I left out.

Expand|Select|Wrap|Line Numbers
  1. $LoginRS__query=sprintf("SELECT user, pass FROM authentication WHERE user='%s' AND pass='%s'",
  2. get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
  3.  
  4. $LoginRS = mysql_query($LoginRS__query, $lp_database) or die(mysql_error());
  5. $loginFoundUser = mysql_num_rows($LoginRS);
  6. $newArray = mysql_fetch_array($LoginRS);
  7. $MM_redirectLoginSuccess = "../" . $newArray['redirect'] . "/index.html";
Here is a little code snipit that I use for one of my php programs that might help you figure out the correct code syntax for the sql statement. It's not as complex as yours but should give you an idea of where to go if the above don't work. I'm kinda new to SQL and PHP so you might need to try and follow the format below that I know works and modify your code to fit it.

Expand|Select|Wrap|Line Numbers
  1.   $sql = "SELECT * FROM user where name = '$_POST['name']' AND password = password('$_POST['password']')";
  2.   $result = mysql_query($sql, $conn) or die(mysql_error());
  3.  
  4.   if(mysql_num_rows($result) == 1){
  5.  
  6.       while ($newArray = mysql_fetch_array($result)){
  7.         $userid = $newArray['userid'];
  8.         $name = $newArray['name'];
  9.         $password = $newArray['password'];
  10.         $security = $newArray['security'];
  11.         $email = $newArray['email']; 
  12.       }
  13.   mysql_close();
  14.   Display_Main_Menu();
  15.   } else {
  16.     // Display the login page.
  17.     mysql_close();
  18.     Login_Menu();
  19.   }
Sorry if I am confusing you but I am a little lost on this part myself. I do think you will need the part of the code I skipped over but I'm just not sure.
May 24 '06 #7

Sign in to post your reply or Sign up for a free account.

Similar topics

2
by: Buddy Ackerman | last post by:
If my web site is setup for NTLM authentication and the user is using IE the context.user.identity.name property is the domain user that is currently logged into the local client workstation. Wehen...
5
by: Buddy Ackerman | last post by:
My app is a .NET forms app that runs in the taskbar and periodically polls a web service. I have a client that wants the app to integrate with their Active Directory. They do not want the user to...
12
by: Michael | last post by:
Please Help me. I've got a .Net 2003 program that attaches to a SQL Server machine and I'm getting the above error when a user tries to log in. The SQL server is setup to use Windows Auth. and I...
18
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...
3
by: =?Utf-8?B?RHVrZSAoQU4yNDcp?= | last post by:
The majority of pages on our site need authentication (forms auth against the aspnetdb database). I created an '~/auth' folder with its own config file forcing authentication for any pages in the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.