Have been working through a tutorial for user authentication with user names and passwords stored in a database. It works like a charm EXCEPT when the script validates the user name and password it redirects to a particular page. I was hoping to be able to direct different users to different parts of the site. For example, if User A logs in successfully then they are directed to Page X; User B goes to Page Y; and User C goes to Page Z etc. The offending code looks as follows: <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { include 'cinfig.php'; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; // check if the user id and password combination exist in database $sql = "SELECT user_id FROM tbl_auth_user WHERE user_id = '$userId' AND user_password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; // after login we move to the main page header('Location: main.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include 'closedb.php'; } ?> Any help figuring this out would be great. Cheers - mika17
Thanks SoKickit. I don't have an id field in the database. It was set up using the following: CREATE TABLE tbl_auth_user ( user_id VARCHAR(10) NOT NULL, user_password CHAR(32) NOT NULL, PRIMARY KEY (user_id) ); I tried to insert an id field BUT user_id is set as the primary field. Shouldn't the id field be set as the primary?
Sorry SoKickIt - and anyone else. Replacing the numbers with the user_id directs each user to the appropriate page. Thanks a lot for the help. mika confused: - who is often slow!)
It is all working well EXCEPT for the closedb.php include file. When an incorrect user id and password is entered the error message appears as it should BUT I also get the following error message: Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in....closedb.php on line 6 And this is what closedb.php looks like: <?php // an example of closedb.php // it does nothing but closing // a mysql database connection mysql_close($conn); ?> I put line 6 in bold. I can't figure this out for the life of me and I'm sure it is staring me right in the face. Any help, anyone? cheers mika
Try this: <?php // an example of closedb.php // it does nothing but closing // a mysql database connection if($conn) { mysql_close($conn); } ?>
This one just keeps coming back... So, I just discovered that once someone has successfully logged in and been directed to their private login page, they are logged in to every page on the site. Example: User 1 log in directs to page1.php User 2 log in directs to page2.php User 1 logs in and is directed to page1.php BUT if they had the idea of typing page2.php into their address bar then they would be directed there, and NOT back to the login page which is where I'd like them to go. Does wanting each user's login page(s) to be for their eyes only open a whole new can of worms? Any help, as ever, gratefully received. mika17
if you have user_id as number instead of hard coded redirect pages you could dynamically build the redirect pages $redirect = "main".$user_id.".php"; Code (markup): I am sure in each page you have at least a check if one is logged in. If you add the user_id to the session variables session_register("user_id"); $_SESSION['user_id'] = $user_id; Code (markup): You can check if the current script (php file) is matching with the user_id, and if not, redirect the thoughtful users back to their own page