Jump to content

Adapting login script so that each user has own private page


yiaggi

Recommended Posts

Hi guru's!

 

I am fairly new to PHP and the forum so you will have to excuse my ignorance! I am trying to learn PHP at the moment but my job often needs me to go a bit beyond what I completely understand ....

 

My problem is basically this: 

 

I have been using the same script to do member login pages for sometime now. It is very simple and just lets the user login - checks the details against the database and then if they pass - they go through to a protected page that all who have access can see.

 

That has been excellent in the past but now I have a new need!

 

I now need the same style of login - but instead of each person being able to view one main page - I need for them to go to their own area where there will be member specific information for them. They cant be able to go to each others pages.

 

I will add the script I use at the moment below. In the database I very simply use ID - NAME - USERNAME - PASSWORD. Would I be right in thinking the solution is within the database? 

 

Here goes for the login script:

 

<?php

session_start();

 

 

function dbconnect()

{

$link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

return($link);

}

?>

 

 

 

<?php

$link = dbconnect();

 

if(isset($_SESSION['loggedin']))

{

    header("Location: members2.php");

}

if(isset($_POST['submit']))

{

  $username = mysql_real_escape_string($_POST['username']);

  $password = mysql_real_escape_string($_POST['password']);

  $mysql = mysql_query("SELECT * FROM worker WHERE username = '{$username}' AND password = '{$password}'");

  if(mysql_num_rows($mysql) < 1)

  {

    die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");

  }

  $_SESSION['loggedin'] = "YES";

  $_SESSION['username'] = $username;

  header("Location: members2.php");

}

?>

 

 

AND IN THE HEAD OF EACH PROTECTED PAGE

 

<?php

session_start();

if(!isset($_SESSION['loggedin']))

{

 

 

Any help would be truly amazing! I'm scratching my head over this one and am a while away from learning it all properly. I have started right at the beginning as to get a better understanding. I do understand how this works etc  ......

 

Thanks in advance!

Link to comment
Share on other sites

it will depend upon where you have the user-unigue content stored and how you are able to 'tag' it by userid

--------

ie table with

 

id  userid  blobofcontent

-------

get $userid

 

select from table blobofcontent where userid = '$userid'

 

 

display the blobofcontent

 

-------

 

make sense?

 

Link to comment
Share on other sites

Hi.

As litebearer said, it depends where the unique user data is.

 

Do you want to link to a seperate page (that has already been created) for each user (eg. member1 links to member1.php, member2 links to member2.php etc), or do you want to draw the user data from a database and display it?

 

Zagga

Link to comment
Share on other sites

Hi guys,

 

Thank you for your answers!

 

It will work fine for me if they are taken to a page with there own details so like you said - 'Member 1' goes off to 'Member1.php' and 'Member 2' off to 'Member2.php' etc.

 

It does not have to call their details from a database as I will be adapting each page myself.

Link to comment
Share on other sites

Hi again yiaggi,

 

It's just a small change you need.

 

All you have to do is adjust the header request to include $username . . .

 

header("Location:" . strtolower($username) . ".php");

 

This changes the username to lowercase, adds ".php" to the end and uses the result as the location for the header request.

 

Hope this helps.

 

 

Zagga

Link to comment
Share on other sites

  • 1 month later...

I am trying to achieve the same thing. Once a user logs in they are redirected to their own individual page. As of right now when the user logs in they are sent to their own page, but that page is not loading anything for some reason, it just shows up blank when there is, in fact, content on the page. Here is the code for my checklogin.php:

 

<?php
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test_create_db"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("Location:" . strtolower($myusername) . ".php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

And here is the code that is placed in the head tags for each member's page:

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
?>

 

Please let me know if you need any other info as I am just beginning php and am unsure of what else may be causing this. Any help is greatly appreciated!

Link to comment
Share on other sites

Hi itsmillertime65,

If your code is redirecting to the users own pages correctly, it is probably something on the users page that isn't right.

 

Try changing this

session_register("myusername");
session_register("mypassword");
header("Location:" . strtolower($myusername) . ".php");

to this

session_register("myusername");
session_register("mypassword");
$myusername = "http://www.phpfreaks.com/forums/index";
header("Location:" . strtolower($myusername) . ".php");

and run the page, it should redirect to phpfreaks.

If you are redirected correctly, it is defiately a problem on the users page, and if you post that code we can have a look over it for you.

 

Hope this helps

Zagga

Link to comment
Share on other sites

Zagga,

 

When I used your code above it worked perfectly, so I tried adapting it to go to my members page, but no dice! It's still not loading anything, so it must be my members page like you said. Here is the members1.php code:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Title</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
?>

</head>

<body>

<div id="container">
<div id="shadowl">
    </div>
    
    <div id="shadowr">
</div>
    
<div id="wrapper">
<?php include ("sidebar.php"); ?>
    
    <div id="nav">
	<ul class="homebtn">
    		<li class="home"><a href="index.php" class="selected" title="Home"><span class="displace">Home</span></a></li>
    	</ul>
    
    	<ul class="aboutbtn">    
        	<li class="about"><a href="about.php" title="About Us"><span class="displace">About Us</span></a></li>
    	</ul>
        
    	<ul class="teambtn">
        	<li class="team"><a href="team.php" title="Team"><span class="displace">Team</span></a></li>
    	</ul>
    
    	<ul class="whybtn">    
        	<li class="why"><a href="whypartner.php" title="Why Partner?"><span class="displace">Why Partner?</span></a></li>
    	</ul>
    
    	<ul class="entbtn">
        	<li class="entrepreneurs"><a href="forentrepreneurs.php" title="For Entrepreneurs"><span class="displace">For Entrepreneurs</span></a></li>
    	</ul>
</div>
    
    <div id="flash">
    	<img src="images/PlaceholderImage.jpg" />
    </div>
    
    <div id="textarea" align="left">
    	<h1>Welcome Member 1</h1>
        <p>It, coterfeci sil vid in is hae adestem di cre fuistrae am num dius, sulicaete oca; nostrehente conclut orte virissi licatur acciptelica temus; notebus hos, que cepotia chuideporum fur. Anum mo esterem ditam perceps esulinum, num audeo ego urs hui in ideat diensus, vidinvere manum me quit; num nons considendum prari pl. Odienda chilic vis inte consultis, norit, cre no. Odienda chilic vis inte consultis, norit, cre no chilic vis.</p>

	<p>Timpliam et oc, Catumusque conlostimis? Nihiliq uonsil vivatquidit, teribus, quam. Sena, condactuus, ublistis. Ediendet; ne mactam cerfecr esimihilles publicu pimanditus imentique achilius it. Os cons la publis erfente scerimis istemus bondam nos se tam pari et publi, ses forbita opublicae culus, ta molto huconcl udertatam pracerem nos plicata vit, orsularis se nulostatus, atum, omaximus, Cas viri. Odienda chilic vis inte consultis.</p>
        
        <h1>Why Choose Us?</h1>
        <p>It, coterfeci sil vid in is hae adestem di cre fuistrae am num dius, sulicaete oca; nostrehente conclut orte virissi licatur acciptelica temus; notebus hos, que cepotia chuideporum fur. Anum mo esterem ditam perceps esulinum, num audeo ego urs hui in ideat diensus, vidinvere manum me quit; num nons considendum prari pl. Odienda chilic vis inte consultis, norit, cre no. Odienda chilic vis inte consultis, norit, cre no chilic vis.</p>
</div>
    
    <div id="block" align="left">
    	<span class="hblock">Submit Business Plan</span>

        <p class="pblock">Trying to get your business off the ground? We can help. Learn how you can kick start your 
business today!</p>
    </div>
    
    <div id="blockbot" align="right">
    	<span class="subbtn"><a href="submitplan.php" title="Submit Your Business Plan">Submit</a></span>
    </div>
    
    <div id="block" align="left">
    	<span class="hblock">Download Business<br /> Plan Template</span>

        <p class="pblock">Download our business plan template to help you get started!</p>
    </div>
    
    <div id="blockbot" align="right">
    	<span class="dwnldbtn"><a href="submitplan.php" title="Submit Your Business Plan">Download</a></span>
    </div>
    
</div>

<div id="shadowb">
    </div>

</div>

</body>
</html>

 

I'm pretty sure it's the following line of code that I have either in the wrong place or maybe it's just wrong.

 

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
?>

Link to comment
Share on other sites

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
?>

Is basically saying: "If the user is NOT logged in, show them this page.  This is the inverse of what you want.

 

But, rather than just removing the bang ( ! ) I would rewrite it to something like this:

if(!isset($_SESSION['loggedin'])) {
  header('Location: /login.php'); // If they are not logged in send them to the login page
  exit;
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  // Logged in user attempting to view someone else's page
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit;
}

 

Link to comment
Share on other sites

Alright, we're getting a little further. I now have the code below in the head of member1.php.

 

<?php
session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php'); // If they are not logged in send them to the login page
  exit;
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  // Logged in user attempting to view someone else's page
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit;
}
?>

 

The page is still not loading, but now instead of a blank white screen I get a blank screen showing my background color (grey). At least it's loading something now :)

Link to comment
Share on other sites

Ok. First, turn on error reporting.  It will REALLY help with resolving these types of problems.

 

Second, I apologize, I didn't look too clearly at your posted code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Title</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
<?php
session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php'); // If they are not logged in send them to the login page
  exit;
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  // Logged in user attempting to view someone else's page
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit;
}
?>

</head>

<body>

 

You can NOT do a session_start() AFTER sending ANYTHING to the browser.  You need to move that PHP code to the VERY top of the script file.

 

If you have already put it there, and are still getting a blank page, do two things:

 

1) In the browser, while looking at the blank page, select "View Source" from the menu (in Firefox you can press <CTRL>-U). See if there is any strange HTML code hiding your page.

 

2) Post your actual source code, starting at the top of the script, and at least running through to the BODY tag. We'll see what we can see.

Link to comment
Share on other sites

As DavidAM said, you must declare the session at the very top of your page.

The code in your members page works fine so if you put the session check at the top, your code should look like this . . .

 

<?php
session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php'); // If they are not logged in send them to the login page
  exit;
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  // Logged in user attempting to view someone else's page
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Title</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
</head>

<body>

<div id="container">
<div id="shadowl">
</div>

<div id="shadowr">
</div>

<div id="wrapper">
	<?php include ("sidebar.php"); ?>

    <div id="nav">
		<ul class="homebtn">
			<li class="home"><a href="index.php" class="selected" title="Home"><span class="displace">Home</span></a></li>
		</ul>

       		<ul class="aboutbtn">
			<li class="about"><a href="about.php" title="About Us"><span class="displace">About Us</span></a></li>
		</ul>

		<ul class="teambtn">
			<li class="team"><a href="team.php" title="Team"><span class="displace">Team</span></a></li>
		</ul>

       		<ul class="whybtn">
           		<li class="why"><a href="whypartner.php" title="Why Partner?"><span class="displace">Why Partner?</span></a></li>
       		</ul>

       		<ul class="entbtn">
           		<li class="entrepreneurs"><a href="forentrepreneurs.php" title="For Entrepreneurs"><span class="displace">For Entrepreneurs</span></a></li>
       		</ul>
   		</div>

    	<div id="flash">
       		<img src="images/PlaceholderImage.jpg" />
    	</div>

    	<div id="textarea" align="left">
       		<h1>Welcome Member 1</h1>
        	<p>It, coterfeci sil vid in is hae adestem di cre fuistrae am num dius, sulicaete oca; nostrehente conclut orte virissi licatur acciptelica temus; notebus hos, que cepotia chuideporum fur. Anum mo esterem ditam perceps esulinum, num audeo ego urs hui in ideat diensus, vidinvere manum me quit; num nons considendum prari pl. Odienda chilic vis inte consultis, norit, cre no. Odienda chilic vis inte consultis, norit, cre no chilic vis.</p>

      		<p>Timpliam et oc, Catumusque conlostimis? Nihiliq uonsil vivatquidit, teribus, quam. Sena, condactuus, ublistis. Ediendet; ne mactam cerfecr esimihilles publicu pimanditus imentique achilius it. Os cons la publis erfente scerimis istemus bondam nos se tam pari et publi, ses forbita opublicae culus, ta molto huconcl udertatam pracerem nos plicata vit, orsularis se nulostatus, atum, omaximus, Cas viri. Odienda chilic vis inte consultis.</p>

        	<h1>Why Choose Us?</h1>
        	<p>It, coterfeci sil vid in is hae adestem di cre fuistrae am num dius, sulicaete oca; nostrehente conclut orte virissi licatur acciptelica temus; notebus hos, que cepotia chuideporum fur. Anum mo esterem ditam perceps esulinum, num audeo ego urs hui in ideat diensus, vidinvere manum me quit; num nons considendum prari pl. Odienda chilic vis inte consultis, norit, cre no. Odienda chilic vis inte consultis, norit, cre no chilic vis.</p>
   		</div>

    	<div id="block" align="left">
       		<span class="hblock">Submit Business Plan</span>

        	<p class="pblock">Trying to get your business off the ground? We can help. Learn how you can kick start your
business today!</p>
    	</div>

    	<div id="blockbot" align="right">
       		<span class="subbtn"><a href="submitplan.php" title="Submit Your Business Plan">Submit</a></span>
    	</div>

	<div id="block" align="left">
       		<span class="hblock">Download Business<br /> Plan Template</span>

        	<p class="pblock">Download our business plan template to help you get started!</p>
    	</div>

    	<div id="blockbot" align="right">
       		<span class="dwnldbtn"><a href="submitplan.php" title="Submit Your Business Plan">Download</a></span>
    	</div>

</div>

   <div id="shadowb">
   </div>

</div>

</body>
</html>

 

Zagga

Link to comment
Share on other sites

I had tried putting the session check at the beginning of the entire code, but it automatically redirects back to the index (which is where the login is) even after typing in a successful username and password. If I try going directly to member1.php it also redirects to the index, which is good. I have posted my login code below, just in case there might be something wrong with it.

 

<div id="login">
<table width="190" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3" align="center"><h2>Client Login</h2></td>
</tr>
<tr>
<td width="61"><span class="logintxt">Username</span></td>
<td width="3"><span class="logintxt">:</span></td>
<td width="102"><input size="14" name="myusername" type="text" class="inputbox" id="myusername"></td>
</tr>
<tr>
<td><span class="logintxt">Password</span></td>
<td><span class="logintxt">:</span></td>
<td><input size="14" name="mypassword" type="text" class="inputbox" id="mypassword"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="image" name="Submit" src="images/login-btn.png" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</div>

 

My login is included in a sidebar, and the sidebar is then included in the index so that users can access the login directly from the index. If someone would like me to attach all of the files so that they can get a better look at what may be going on just let me know.

 

Also, I understand what part of the code is supposed to redirect back to the login/index if the user tries to enter a password restricted page, but it seems like something is wrong with the following line of code if it keeps redirecting back to the index no matter what. But once again, I am a php newbie.

 

session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php'); // If they are not logged in send them to the login page
  exit;
}

Link to comment
Share on other sites

Hi itsmillertime65.  I have commented the session code snippet so you can follow what it does a little better.

 

if(!isset($_SESSION['loggedin'])) { // If the $_SESSION variable 'loggedin' is not set (the exclamation mark means NOT).
  header('Location: /login.php'); // Redirect to the login page.
  exit; // Exit the script if the user manages to avoid the redirect (so they can't access the rest of the page).
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Elseif the $_SESSION variable 'myusername' is not equal to the address of the page (if the address is not 'user1.php' or 'user2.php' etc) 
  header("Location:" . strtolower($_SESSION['myusername']) . ".php"); // Redirect to the users page.
  exit; // Exit the script is the user has managed to avoid the redirect (so they can't access the rest of the page).
}

 

This piece of code is using 2 $_Session variables, so they must be declared in the login (or check login) page.

Don't forget that you must declare the SESSION at the very top of any page that uses it, including checklogin.php.

 

Hope this helps.

Zagga

Link to comment
Share on other sites

So my understanding of this is that I have to put the following code into checklogin.php, member1.php, and main_login.php.

 

if(!isset($_SESSION['loggedin'])) { // If the $_SESSION variable 'loggedin' is not set (the exclamation mark means NOT).
  header('Location: /login.php'); // Redirect to the login page.
  exit; // Exit the script if the user manages to avoid the redirect (so they can't access the rest of the page).
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Elseif the $_SESSION variable 'myusername' is not equal to the address of the page (if the address is not 'user1.php' or 'user2.php' etc) 
  header("Location:" . strtolower($_SESSION['myusername']) . ".php"); // Redirect to the users page.
  exit; // Exit the script is the user has managed to avoid the redirect (so they can't access the rest of the page).
}

 

If the main_login.php file is included in sidebar.php and sidebar.php is then included into index.php would I need the code at the top of index.php as well seeing that the actual login is technically in the index? This may sound a little confusing, so I will post my code thus far tomorrow when I have access to it. Thank you guys for all the help and patience with this newbie!

Link to comment
Share on other sites

Not quite.

It seems to be sessions that are causing the confusion so I'll try and explain them a bit.

 

 

On your website you need to protect some pages from being accessed by non members.

The pages that need to be protected are member1.php, member2.php, member3.php etc.

 

checklogin.php is where the session starts.  Once you have checked that the login details are correct you can start the session and declare the session variables.

session_start();
$_SESSION["loggedin"] = "Yes";
$_SESSION["myusername"] = $myusername;
header("Location:" . strtolower($myusername) . ".php");
exit();

The first line starts the session.

The second and third lines set the variables we need to carry as $_SESSION variables.

The fourth line redirects to the members own page.

The last line exits if the user has managed to circumvent the redirect.

 

 

Now to protect the member pages.

<?php
session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php');
  exit();
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit();
}
?>

The first line starts the session again.

The second, third and fourth lines redirect the user to index.php if they are not logged in.

The last 3 lines redirect the user to their own member page if they try to access another members page.

 

You also need to destroy the session when the user logs out so all the variable you have saved are destroyed with it.  Your log out page can start with this code.

<?php
session_start();
session_destroy();
?>

 

main_login.php, sidebar.php and index.php aren't involved in the session at all so you don't need to include any of the code on those pages.

 

 

Hope this helps

Zagga

Link to comment
Share on other sites

Now typing in anything into the username and password fields automatically redirects to /.php (http://localhost:8888/.php) instead of member1.php when the correct user and password are input. Here is checklogin.php

 

<?php
session_start();
$_SESSION["loggedin"] = "Yes";
$_SESSION["myusername"] = $myusername;
header("Location:" . strtolower($myusername) . ".php");
exit();

ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test_create_db"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("Location:" . strtolower($myusername) . ".php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

And here is the beginning of member1.php.

 

<?php
session_start();
if(!isset($_SESSION['loggedin'])) {
  header('Location: index.php');
  exit();
} elseif ($_SESSION['myusername'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {
  header("Location:" . strtolower($_SESSION['myusername']) . ".php");
  exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Girardeau Ventures</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
</head>

<body>

Link to comment
Share on other sites

For checklogin.php, see the comment I added to your code below:

<?php
session_start();

/*DAM - These four lines are too soon. You have not checked the user's input yet
$_SESSION["loggedin"] = "Yes";
$_SESSION["myusername"] = $myusername;
header("Location:" . strtolower($myusername) . ".php");
exit();
*/

ob_start();

Since $myusername has not been assigned yet, this header() call is redirecting you to "/.php". You have the redirect later in the code after checking their login, so you do not need it here.

 

Other comments:

  • As a rule using "or die" in an production application is not a good idea
  • You should check to see if the $_POST elements exist before blindly assigning them
  • You should not use stripslashes() on INCOMING data unless magic quotes is on
  • Turn on error_reporting() so you can see the errors and warnings to help you debug

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.