Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 451
  • Last Modified:

PHP Login Customer Profile

Hi Experts. I am creating a fairly simple php mysql customer login portal for my website. Currently, I have it so that users can login and it checks to ensure the password/username are correct with no problems. (I realize this script is not yet secure. I will be implementing security once it is all functioning properly.) Now I need to redirect certain user(names) to certain pages of my site (different URLS) so that when they log in they are taken to their “profile” page. I am still fairly new to this concept so if anyone has any resources or tutorials or can help me out with some code please let me know.

My code so far is attached below. phpMyAdmin db fields are ID, username, and password.

<?php
$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
	$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
	mysql_select_db("xxxx") or die("Couldn't find db");
	$query = mysql_query("SELECT * FROM users WHERE username='$username'");
	$numrows = mysql_num_rows($query);
	if ($numrows!=0)
	{
		//code to login
		while ($row = mysql_fetch_assoc($query))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
	echo "IT FINALLY WORKED!";
}
else
echo "Incorrect password!";
	}	
	else
	die ("That user doesnt exist.");	
}
else
die("Please enter username and password.");
?>

Open in new window

0
brettsky07
Asked:
brettsky07
1 Solution
 
Cornelia YoderArtistCommented:
Depending on how you identify their profile page, you can add just add a field to the user table giving the URL of the profile for that user.  
0
 
nanharbisonCommented:
You could just add the profile for the user right in your if statement, since you are already retrieving the user's row from the database:
SELECT * FROM users WHERE username='$username'"
if($username==$dbusername&&$password==$dbpassword)
{
	echo "IT FINALLY WORKED!";
         //add all the user profile here.
}

Open in new window

0
 
brettsky07Author Commented:
yodercm: that sounds simple enough... Ideally after the user has successfully logged in they will be redirected (so no extra click is required) to their personal "profile" page (mysite.com/customerlogin/someuser.php - so it can be book marked). Is there a way I can add the URL to the table and reference it so the user is redirected?


nanharbison: I need each user to be redirected to different pages... how could I make this code work so that each user sees a different page (content) when logged in?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
yudohartonoCommented:
use session to save username and encripted password , in profile page you just check if
to check in other page you can use script like this
<?php
session_start();
if(!isset($_SESSION['username'])){
header('Location :./login.php');
}

// you script page here
?>

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{
	$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
	mysql_select_db("xxxx") or die("Couldn't find db");
	$query = mysql_query("SELECT * FROM users WHERE username='$username'");
	$numrows = mysql_num_rows($query);
	if ($numrows!=0)
	{
		//code to login
		while ($row = mysql_fetch_assoc($query))
{
	$dbusername = $row['username'];
	$dbpassword = $row['password'];
}

//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
	echo "IT FINALLY WORKED!";
//save to session
$_SESSION['username'] =$username;
$_SESSION['password'] =md5($password);

}
else
echo "Incorrect password!";
	}	
	else
	die ("That user doesnt exist.");	
}
else
die("Please enter username and password.");
?>

Open in new window

0
 
nanharbisonCommented:
Can you explain more to us about what pages your users need to be redirected to? I thought you meant each user just needs to be redirected to his or her profile page.And is the log in a block of code on every page, or do they go to one specific page to log in? And what is the action on your log in form right now?
0
 
brettsky07Author Commented:
Each user will log in from the same "customer login" page. from their - depending on the username they enter - they will be directed to a new page (different for each customer) with content specifically directed to each seperate client. All users must be able to log in from the same page. To view specific customer profile pages you must be logged in as that customer.... Does that help at all?

<form action="login.php" method='post'>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Log In" /><br />

</form>
0
 
nanharbisonCommented:
So you are processing the results of the form on the same page. You could say:
<form action = "login.php" method = "post" action = "customerprofile.php">

where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then get all the info for that user from the database based on the user login.
0
 
brettsky07Author Commented:
I am not sure how to go about creating the "customerprofile.php" page... would this page have redirects on it?? if so how do i set this up to detect which customer has logged in? after the customer logs in i wont need to pull in any additional info from the database. each "profile" page will be created almost as a seperate site.
0
 
brettsky07Author Commented:
i think i need some way of coding - If JOHN has logged in, redirect JOHN to johnspage.php....with how i have it set up now i cant seem to get it to work... I would like to be able to add users to the database without having to add more code later to redirect them to a different page. Is this possible?
0
 
nanharbisonCommented:
You do NOT want to generate a new page for each user. For example, Amazon does not have a separate page for each of the millions of products that it offers. That becomes unmanageable quickly. You want to have ONE page set up and depending on the user log in, choose the row in your user table in the database that corresponds to the user who logged in. IN Amazon's case, they use the query string in the URL to choose the correct product to show you.

I am hoping this answers your question?
0
 
brettsky07Author Commented:
That makes sense. I am still not sure how to do this - do you happen to know where I could find a tutorial/resource? I have googled it for a while and nothing seems to be what im looking for. I am not a pro in this area so any help would be great. Thanks.
0
 
brettsky07Author Commented:
The reason I want each customer to have its own page is so that on that page i can have xml that will show all the files in a certain directory for each client... can this still be done if I have only one page the way you are explaining? I dont image we will have hundreds of clients so I am just looking for the simplest solution that will be secure at the same time...
0
 
nanharbisonCommented:
Yes, you can add xml to show files for clients, drawing all of this in from the database on one page. You might want to hire a PHP coder to do this for you, it's not just a tutorial, there are so many pieces to what you want to do that it's a whole book.
0
 
nanharbisonCommented:
Or, since you are a premium EE member, you could get help with chunks of this in several questions. What are all the fields in your users table? And where are the  files to be shown in xml coming from?
0
 
brettsky07Author Commented:
For the time being I just need to get the users redirected properly... I will get into the xml once that is functioning. I will no doubt have more questions at that time but for now I'm not sure how to get the login to take different users to different pages...
0
 
nanharbisonCommented:
what is going to be on these different pages? Where is the content coming from?
0
 
nanharbisonCommented:
You really need to be doing this:

<form action = "login.php" method = "post" action = "customerprofile.php">

where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then grab what goes on the individual users page.
0
 
brettsky07Author Commented:
Once the user is logged in they will have access to customer files (PDFs, invoices, etc). Ideally this info will come from an xml derived directory so that when files are added to the customers folder they will have access to it from their page without having to add more code. This info will not be stored in a database. Each page will likely be created seperately so that it can be fully customized for each customer. Im not sure if that answers your questions....
0
 
nanharbisonCommented:
I think I understand better. You have very specific needs for each user, I think. How about this. You add a field to the user table which indicates which files they should have access to. For example, user 1 has access to file A, user 2 has access to file B, so the field in the user table is 1 for users who have access to file A, 2 for users who have access to file B, etc, And then based on the users level of access, you show them some files.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now