Solved

PHP Login Customer Profile

Posted on 2010-08-24
19
440 Views
Last Modified: 2013-12-13
Hi Experts. I am creating a fairly simple php mysql customer login portal for my website. Currently, I have it so that users can login and it checks to ensure the password/username are correct with no problems. (I realize this script is not yet secure. I will be implementing security once it is all functioning properly.) Now I need to redirect certain user(names) to certain pages of my site (different URLS) so that when they log in they are taken to their “profile” page. I am still fairly new to this concept so if anyone has any resources or tutorials or can help me out with some code please let me know.

My code so far is attached below. phpMyAdmin db fields are ID, username, and password.

<?php
$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
	$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
	mysql_select_db("xxxx") or die("Couldn't find db");
	$query = mysql_query("SELECT * FROM users WHERE username='$username'");
	$numrows = mysql_num_rows($query);
	if ($numrows!=0)
	{
		//code to login
		while ($row = mysql_fetch_assoc($query))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
	echo "IT FINALLY WORKED!";
}
else
echo "Incorrect password!";
	}	
	else
	die ("That user doesnt exist.");	
}
else
die("Please enter username and password.");
?>

Open in new window

0
Comment
Question by:brettsky07
19 Comments
 
LVL 27

Expert Comment

by:yodercm
ID: 33513393
Depending on how you identify their profile page, you can add just add a field to the user table giving the URL of the profile for that user.  
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33515170
You could just add the profile for the user right in your if statement, since you are already retrieving the user's row from the database:
SELECT * FROM users WHERE username='$username'"
if($username==$dbusername&&$password==$dbpassword)

{

	echo "IT FINALLY WORKED!";

         //add all the user profile here.

}

Open in new window

0
 

Author Comment

by:brettsky07
ID: 33515712
yodercm: that sounds simple enough... Ideally after the user has successfully logged in they will be redirected (so no extra click is required) to their personal "profile" page (mysite.com/customerlogin/someuser.php - so it can be book marked). Is there a way I can add the URL to the table and reference it so the user is redirected?


nanharbison: I need each user to be redirected to different pages... how could I make this code work so that each user sees a different page (content) when logged in?
0
 
LVL 3

Expert Comment

by:yudohartono
ID: 33517238
use session to save username and encripted password , in profile page you just check if
to check in other page you can use script like this
<?php
session_start();
if(!isset($_SESSION['username'])){
header('Location :./login.php');
}

// you script page here
?>

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
	$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
	mysql_select_db("xxxx") or die("Couldn't find db");
	$query = mysql_query("SELECT * FROM users WHERE username='$username'");
	$numrows = mysql_num_rows($query);
	if ($numrows!=0)
	{
		//code to login
		while ($row = mysql_fetch_assoc($query))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
	echo "IT FINALLY WORKED!";
//save to session
$_SESSION['username'] =$username;
$_SESSION['password'] =md5($password);

}
else
echo "Incorrect password!";
	}	
	else
	die ("That user doesnt exist.");	
}
else
die("Please enter username and password.");
?>

Open in new window

0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33519797
Can you explain more to us about what pages your users need to be redirected to? I thought you meant each user just needs to be redirected to his or her profile page.And is the log in a block of code on every page, or do they go to one specific page to log in? And what is the action on your log in form right now?
0
 

Author Comment

by:brettsky07
ID: 33521600
Each user will log in from the same "customer login" page. from their - depending on the username they enter - they will be directed to a new page (different for each customer) with content specifically directed to each seperate client. All users must be able to log in from the same page. To view specific customer profile pages you must be logged in as that customer.... Does that help at all?

<form action="login.php" method='post'>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Log In" /><br />

</form>
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33521721
So you are processing the results of the form on the same page. You could say:
<form action = "login.php" method = "post" action = "customerprofile.php">

where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then get all the info for that user from the database based on the user login.
0
 

Author Comment

by:brettsky07
ID: 33521862
I am not sure how to go about creating the "customerprofile.php" page... would this page have redirects on it?? if so how do i set this up to detect which customer has logged in? after the customer logs in i wont need to pull in any additional info from the database. each "profile" page will be created almost as a seperate site.
0
 

Author Comment

by:brettsky07
ID: 33521889
i think i need some way of coding - If JOHN has logged in, redirect JOHN to johnspage.php....with how i have it set up now i cant seem to get it to work... I would like to be able to add users to the database without having to add more code later to redirect them to a different page. Is this possible?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 17

Expert Comment

by:nanharbison
ID: 33522435
You do NOT want to generate a new page for each user. For example, Amazon does not have a separate page for each of the millions of products that it offers. That becomes unmanageable quickly. You want to have ONE page set up and depending on the user log in, choose the row in your user table in the database that corresponds to the user who logged in. IN Amazon's case, they use the query string in the URL to choose the correct product to show you.

I am hoping this answers your question?
0
 

Author Comment

by:brettsky07
ID: 33522588
That makes sense. I am still not sure how to do this - do you happen to know where I could find a tutorial/resource? I have googled it for a while and nothing seems to be what im looking for. I am not a pro in this area so any help would be great. Thanks.
0
 

Author Comment

by:brettsky07
ID: 33523899
The reason I want each customer to have its own page is so that on that page i can have xml that will show all the files in a certain directory for each client... can this still be done if I have only one page the way you are explaining? I dont image we will have hundreds of clients so I am just looking for the simplest solution that will be secure at the same time...
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33525561
Yes, you can add xml to show files for clients, drawing all of this in from the database on one page. You might want to hire a PHP coder to do this for you, it's not just a tutorial, there are so many pieces to what you want to do that it's a whole book.
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33525583
Or, since you are a premium EE member, you could get help with chunks of this in several questions. What are all the fields in your users table? And where are the  files to be shown in xml coming from?
0
 

Author Comment

by:brettsky07
ID: 33525654
For the time being I just need to get the users redirected properly... I will get into the xml once that is functioning. I will no doubt have more questions at that time but for now I'm not sure how to get the login to take different users to different pages...
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33526227
what is going to be on these different pages? Where is the content coming from?
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 33526426
You really need to be doing this:

<form action = "login.php" method = "post" action = "customerprofile.php">

where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then grab what goes on the individual users page.
0
 

Author Comment

by:brettsky07
ID: 33526806
Once the user is logged in they will have access to customer files (PDFs, invoices, etc). Ideally this info will come from an xml derived directory so that when files are added to the customers folder they will have access to it from their page without having to add more code. This info will not be stored in a database. Each page will likely be created seperately so that it can be fully customized for each customer. Im not sure if that answers your questions....
0
 
LVL 17

Accepted Solution

by:
nanharbison earned 500 total points
ID: 33526827
I think I understand better. You have very specific needs for each user, I think. How about this. You add a field to the user table which indicates which files they should have access to. For example, user 1 has access to file A, user 2 has access to file B, so the field in the user table is 1 for users who have access to file A, 2 for users who have access to file B, etc, And then based on the users level of access, you show them some files.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now