Help creating PHP code

espfutbol98

espfutbol98

New Member
Messages
200
Reaction score
2
Points
0
I'm trying to use a script that has usernames, passwords, and ID numbers so when you login, it takes you to your index?[ID number]. I know how to make the id specific page itself (say /123.php) into /index?123 but I don't know how to send just that user there.
 
freecrm

freecrm

New Member
Messages
629
Reaction score
0
Points
0
I'm not sure you can name individual files simply, but a good shortcut would be the add a variable to the URL.

For instance, you could specify a redirect to a "home.php" page with a variable.

"home.php?id=123"

This means you only have to create one page and can alter that page, depending on the ID number in the URL.

In the "home.php" file, you could assign the ID number like this.

<?php

$id=$_GET['id'];

?>

Then the page can change depending on what $id equals.

This is how a lot of php sites are created, even though there is actually only one file.

e.g.

index.php is the file

index.php?p=login... refreshes but includes the login page code.

index.php?p=forum.. refreshes and includes the forum page code.


As an example..

<?php
$id=$_GET['id'];

if($id=="login"){
include("includes/login.php");
}elseif($id=="forum"){
include("includes/forum.php");
}

?>

The actual redirection script from your login would be something like

<?php
header("Location: whateverfile.php?id=".$memberid);
?>

__________

Alternatively, if you assign your id to a session, you can call that value at any time, rather than passing it in the URL.

i.e. $_SESSION['id']

Hope this helps a bit.
 
Last edited:
leafypiggy

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Very secure method:
PHP: 
<?php

if (isset($_GET[p]) && file_exists($_GET[p].".php"))
{

    $allowedpages = array("idx", "band");

    if (in_array($_GET[p],$allowedpages))
    {

        include($_GET[p].".php");

    }
    else
    {

        die("Hacking attempt");

    }

}
else
{

    include("idx.php");

}

?>

Brandon is a glorious beacon of light

Re: Help
I am sure some quickly written script like this is more secure than chris z's too

PHP Code:
<?php

if (isset($_GET[p]) && file_exists($_GET[p].".php"))
{

$allowedpages = array("idx", "band");

if (in_array($_GET[p],$allowedpages))
{

include($_GET[p].".php");

}
else
{

die("Hacking attempt");

}

}
else
{

include("idx.php");

}

?>
All you have to do is add the page name to the array, and it'll work, if it's not in the array then it won't.
 
espfutbol98

espfutbol98

New Member
Messages
200
Reaction score
2
Points
0
I figured it out. I had to add the user id from the MySQL table to the session cookie so it could be read with $_SESSION['user_id] outside of the database connection ($user_id). Here's the login page:
PHP: 
<?php
session_start();
?>
<?php
if (isset($_SESSION['user'])) {
header("Location: view.php?id=$user_id"); }
?>
<?php 
include 'dbc.php';

$user_name = mysql_real_escape_string($_POST['name']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name FROM users WHERE 
            user_name = '$user_name' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 
			
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
	   list($user_id,$user_name) = mysql_fetch_row($result);
		// this sets variables in the session 
		$_SESSION['user']= $user_name AND $_SESSION['user_id']= $id;  
		
			
		if (isset($_GET['ret']) && !empty($_GET['ret']))
		{
		header("Location: $_GET[ret]");
		} else
		{
		header("Location: view.php?id=$user_id");
		}
		//echo "Logged in...";
		exit();
    } 

header("Location: login.php?msg=ERROR: Incorrect username and password."); 
//echo "Error:";
exit();		
}

?>
 
xav0989

xav0989

Community Public Relation
Community Support
Messages
4,467
Reaction score
95
Points
0
You hade missed some points, and some variables wheren't initialized. Here is an updated script:
PHP: 
<?php
session_start();

if (isset($_SESSION['user'])) {
	header("Location: view.php?id=" . $_SESSION['user_id']);
	exit();
}

include 'dbc.php';

$user_name = mysql_real_escape_string($_POST['name']);

if (strtolower($_POST['Submit']) == 'login') {
	$md5pass = md5($_POST['pwd']);
	$sql = "SELECT id,user_name FROM users WHERE 
		user_name = '$user_name' AND 
		user_pwd = '$md5pass' AND user_activated='1'"; 
			
	$result = mysql_query($sql) or die (mysql_error()); 
	$num = mysql_num_rows($result);

	if ( $num != 0 ) { 
		list($user_id,$user_name) = mysql_fetch_row($result);
		// this sets variables in the session 
		$_SESSION['user']= $user_name
		$_SESSION['user_id']= $id;  
			
		if (isset($_GET['ret']) && !empty($_GET['ret'])) {
			header("Location: $_GET[ret]");
		} else {
			header("Location: view.php?id=$user_id");
		}
		exit();
	} 
	header("Location: login.php?msg=ERROR: Incorrect username and password."); 
	exit();		
}

?>
 
You must log in or register to reply here.
Top