Hi guys i have seen many tutorials on how to create a password protected page with username and password for php. But i need to create many passwords for many users. The idea is when each user logs in they go and see their pages so for example... www.website.com/user1 When the user visit their own page (user1) they are prompted for a password before they can go any further. Only once they have put in a password they are able to access their section only. So... The user entering his password into www.website.com/user1 will only access his profile and nobody elses. Any way the database can check which password was used and where to redirect the user giving them access to their pages only and not anybody elses? Cheers
you have to make sessions in order to restrict the users from viewing other user's profile. For example after the user1 logged on, a session has to be created that indicates that the user will have the access to his/her section only. Session maybe the ID of the user that can be used to query from database with the particular data of the user. Other user will not be able to see other profile because session is a per-connection basis.
Hi leunamer thank you for your input, yes i have created sessions and i am using them well. But the problem is this, other users can log into another users profile with their username and password. Everytime a username and password is validated through the MySQL dartabase it gives the session now with this session they can access the profile even if i have different sessions. Here is what i am using now <?php // Require the information from the includes.php page require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION['user1'] = $username; // store session data //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> PHP: This works fine, i then have the secret page member.php <?php session_start(); if (!$_SESSION['user1']){ header("Location: login.php"); }else{ print "its working!"; } ?> <html> <body> Login Successful </body> </html> PHP: Each user has a login page with different session user1/login.php user2/login.php each user has different session in each login. But they have their usernames and passwords from 1 database. So if user 1 logs into user2/login.php it will have access because it is verified with the database and is given the session. Do you see my dillema? Any help would be appreciated.
Are you trying to create a different folder for each user? user1/login.php user2/login.php This is not advisable to have different user's folder for their profile. All you need to do is make one login page that serves all the user, after loggin in create a session and query all the data for that particular user. Now, in user profile page print or show all queried data for the particular session. What are the restrictions for the user?