I've got some simple PHP code for a user log-in system. it checks to see if the username/pw is correct, if so it transfers you to universal 'gallery.php' page code below my question is, how can i specifiy which page gets loaded. if user A logs in correctly, he/she will get transferred to gallery_userA.php, and, if user B logs in correctly, he/she will get transferred to gallery_userB.php. etc. I don't need any special security features. just something basic so each user can have their own page. <?php ob_start(); $host="localhost"; // Host name $username="xxx"; // Mysql username $password="xxx"; // Mysql password $db_name="xxx"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:/gallery/"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> Code (markup):
if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); if ($myusername == "A") { header("location:/gallery/"); } elseif ($myusername == "B") { header("location:/gallery2/"); } }
Do you have each gallery marked by an ID or the user's name? <?php ob_start(); $host="localhost"; // Host name $username="xxx"; // Mysql username $password="xxx"; // Mysql password $db_name="xxx"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:/gallery/gallery.php?user=".$myusername); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> PHP: Maybe something like that, but you'd need to change your script accordingly. May I also make a quick suggestion, you should salt and hash your user passwords in case of security breech.
I like your method nick because I can add an index.php in each directory (gallery, gallery2) brad, with your method i would need to have each page called 'gallery.php', 'gallery2.php' etc right? that would be easier but i don't like the messy URL's also, i'm not sure what salt/hash mean but i will certainly google it. thanks!
What im recommending is you have one gallery script, gallery.php, that handles and outputs the galleries for each user. That way you can just pull the gallery info for each user from your database or filesystem or whatever your storing it in and automate the whole process, so you don't need to create new php files for every user. so, lets say user "fred123" logs in, he would be redirected to gallery.php?user=fred123. The gallery.php script would look for all the content belonging to fred123 and output it however you like. Do you understand what im suggesting? I don't have a problem helping you implant it either, if you need some extra code for your gallery.php.
brad, i was able to come up with this: if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("Location: /clients/".$myusername."/"); } else { echo "Wrong Username or Password"; } Code (markup):