PHP Login Customer Profile
Hi Experts. I am creating a fairly simple php mysql customer login portal for my website. Currently, I have it so that users can login and it checks to ensure the password/username are correct with no problems. (I realize this script is not yet secure. I will be implementing security once it is all functioning properly.) Now I need to redirect certain user(names) to certain pages of my site (different URLS) so that when they log in they are taken to their “profile” page. I am still fairly new to this concept so if anyone has any resources or tutorials or can help me out with some code please let me know.
My code so far is attached below. phpMyAdmin db fields are ID, username, and password.
My code so far is attached below. phpMyAdmin db fields are ID, username, and password.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
mysql_select_db("xxxx") or die("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
//code to login
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
echo "IT FINALLY WORKED!";
}
else
echo "Incorrect password!";
}
else
die ("That user doesnt exist.");
}
else
die("Please enter username and password.");
?>
Cornelia Yoder
Depending on how you identify their profile page, you can add just add a field to the user table giving the URL of the profile for that user.
You could just add the profile for the user right in your if statement, since you are already retrieving the user's row from the database:
SELECT * FROM users WHERE username='$username'"
SELECT * FROM users WHERE username='$username'"
if($username==$dbusername&&$password==$dbpassword)
{
echo "IT FINALLY WORKED!";
//add all the user profile here.
}
ASKER
yodercm: that sounds simple enough... Ideally after the user has successfully logged in they will be redirected (so no extra click is required) to their personal "profile" page (mysite.com/customerlogin/
nanharbison: I need each user to be redirected to different pages... how could I make this code work so that each user sees a different page (content) when logged in?
nanharbison: I need each user to be redirected to different pages... how could I make this code work so that each user sees a different page (content) when logged in?
use session to save username and encripted password , in profile page you just check if
to check in other page you can use script like this
<?php
session_start();
if(!isset($_SESSION['usern
header('Location :./login.php');
}
// you script page here
?>
to check in other page you can use script like this
<?php
session_start();
if(!isset($_SESSION['usern
header('Location :./login.php');
}
// you script page here
?>
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("xxxx", "xxxx", "xxxx") or die("Connection Error!");
mysql_select_db("xxxx") or die("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
//code to login
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
echo "IT FINALLY WORKED!";
//save to session
$_SESSION['username'] =$username;
$_SESSION['password'] =md5($password);
}
else
echo "Incorrect password!";
}
else
die ("That user doesnt exist.");
}
else
die("Please enter username and password.");
?>
Can you explain more to us about what pages your users need to be redirected to? I thought you meant each user just needs to be redirected to his or her profile page.And is the log in a block of code on every page, or do they go to one specific page to log in? And what is the action on your log in form right now?
ASKER
Each user will log in from the same "customer login" page. from their - depending on the username they enter - they will be directed to a new page (different for each customer) with content specifically directed to each seperate client. All users must be able to log in from the same page. To view specific customer profile pages you must be logged in as that customer.... Does that help at all?
<form action="login.php" method='post'>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Log In" /><br />
</form>
<form action="login.php" method='post'>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Log In" /><br />
</form>
So you are processing the results of the form on the same page. You could say:
<form action = "login.php" method = "post" action = "customerprofile.php">
where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then get all the info for that user from the database based on the user login.
<form action = "login.php" method = "post" action = "customerprofile.php">
where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then get all the info for that user from the database based on the user login.
ASKER
I am not sure how to go about creating the "customerprofile.php" page... would this page have redirects on it?? if so how do i set this up to detect which customer has logged in? after the customer logs in i wont need to pull in any additional info from the database. each "profile" page will be created almost as a seperate site.
ASKER
i think i need some way of coding - If JOHN has logged in, redirect JOHN to johnspage.php....with how i have it set up now i cant seem to get it to work... I would like to be able to add users to the database without having to add more code later to redirect them to a different page. Is this possible?
You do NOT want to generate a new page for each user. For example, Amazon does not have a separate page for each of the millions of products that it offers. That becomes unmanageable quickly. You want to have ONE page set up and depending on the user log in, choose the row in your user table in the database that corresponds to the user who logged in. IN Amazon's case, they use the query string in the URL to choose the correct product to show you.
I am hoping this answers your question?
I am hoping this answers your question?
ASKER
That makes sense. I am still not sure how to do this - do you happen to know where I could find a tutorial/resource? I have googled it for a while and nothing seems to be what im looking for. I am not a pro in this area so any help would be great. Thanks.
ASKER
The reason I want each customer to have its own page is so that on that page i can have xml that will show all the files in a certain directory for each client... can this still be done if I have only one page the way you are explaining? I dont image we will have hundreds of clients so I am just looking for the simplest solution that will be secure at the same time...
Yes, you can add xml to show files for clients, drawing all of this in from the database on one page. You might want to hire a PHP coder to do this for you, it's not just a tutorial, there are so many pieces to what you want to do that it's a whole book.
Or, since you are a premium EE member, you could get help with chunks of this in several questions. What are all the fields in your users table? And where are the files to be shown in xml coming from?
ASKER
For the time being I just need to get the users redirected properly... I will get into the xml once that is functioning. I will no doubt have more questions at that time but for now I'm not sure how to get the login to take different users to different pages...
what is going to be on these different pages? Where is the content coming from?
You really need to be doing this:
<form action = "login.php" method = "post" action = "customerprofile.php">
where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then grab what goes on the individual users page.
<form action = "login.php" method = "post" action = "customerprofile.php">
where customerprofile.php is whatever your page is that you want your user to be directed to. And there you can check for the correct username and password and then grab what goes on the individual users page.
ASKER
Once the user is logged in they will have access to customer files (PDFs, invoices, etc). Ideally this info will come from an xml derived directory so that when files are added to the customers folder they will have access to it from their page without having to add more code. This info will not be stored in a database. Each page will likely be created seperately so that it can be fully customized for each customer. Im not sure if that answers your questions....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.