Need help altering a login script

General discussions related to php

Moderators: macek, egami, gesf

User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Postby Redcircle » Mon Feb 17, 2003 6:47 am

I would not reccomend using session_register. That is the old archaic way of doing sessions.

Code: Select all

session_start();
//put the password in the session
$_SESSION['pass'] = $_POST['password1'];

//put the username in the session
$_SESSION['id'] = $_POST['username1']; 
//go to the secured page.
header("Location: http://yourdomain.com/members/".$_SESSION['id'].".php");


In your header redirect you must include your full address of the redirect. Older browsers do not like to use a partial URL.

For more information on the super globals that I used above see http://www.php.net/manual/en/reserved.variables.php

User avatar
javjimb
New php-forum User
New php-forum User
Posts: 12
Joined: Mon Feb 17, 2003 12:44 pm
Location: Germany
Contact:

Postby javjimb » Mon Feb 17, 2003 12:55 pm

Hello everyone, I am new in php and new in this forum.

I always use session_register , but now that I read your message I would like to know why you don't recomend to use it.

Thanx

Hurkle
New php-forum User
New php-forum User
Posts: 36
Joined: Tue Jan 07, 2003 8:45 am
Location: Minnesota, USA

Postby Hurkle » Tue Feb 18, 2003 4:13 pm

to address the original question, I would suggest having a user database (you probably already do..) and doing something roughly like this..

in your user table, have fields for the username, password, and start page (plus whatever else)

once they've gone to the html login form, and (hopefully) entered their user name and password, you could do something a little like this..

Code: Select all


$str_user_sql = "SELECT fld_start_page FROM tbl_users WHERE fld_user_name = '" . $_POST['txt_user_name'] . "' AND fld_password = '" . $_POST['txt_password'] . "'";

$result = mysql_query($str_user_sql);

while ($row=mysql_fetcharray($result))


  {
  header.location ($row['fld_start_page']);
  }
else
  {
  header.location (frm_deny.php)
  }





Okay, I hope that gives you an idea.. that's probably very rough code, it's there as a suggestion for an approach, rather than cut and paste. The idea is that you do a mysql query on the entered user name and password. If the users stored start page is retrieved, send them there, else send them to a 'access denied' page. There are a few other things I would add.. i.e. don't even run the query if the entered values for username and or password are zero length; check to make sure there's one and only one match if not zero length; use ob_start() and ob_end_flush() to avoid head problems when trying to redirect

let me know if this makes any sense, best of luck.


Return to “PHP General”

Who is online

Users browsing this forum: Strider64 and 2 guests