Need help altering a login script

A

Anonymous

Guest
I would not reccomend using session_register. That is the old archaic way of doing sessions.
Code: 
session_start(); 
//put the password in the session 
$_SESSION['pass'] = $_POST['password1']; 

//put the username in the session 
$_SESSION['id'] = $_POST['username1'];  
//go to the secured page. 
header("Location: http://yourdomain.com/members/".$_SESSION['id'].".php");

In your header redirect you must include your full address of the redirect. Older browsers do not like to use a partial URL.

For more information on the super globals that I used above see http://www.php.net/manual/en/reserved.variables.php
 
Hello everyone, I am new in php and new in this forum.

I always use session_register , but now that I read your message I would like to know why you don't recomend to use it.

Thanx
 
to address the original question, I would suggest having a user database (you probably already do..) and doing something roughly like this..

in your user table, have fields for the username, password, and start page (plus whatever else)

once they've gone to the html login form, and (hopefully) entered their user name and password, you could do something a little like this..

Code: 
$str_user_sql = "SELECT fld_start_page FROM tbl_users WHERE fld_user_name = '" . $_POST['txt_user_name'] . "' AND fld_password = '" . $_POST['txt_password'] . "'";

$result = mysql_query($str_user_sql);

while ($row=mysql_fetcharray($result))


  {
  header.location ($row['fld_start_page']);
  }
else
  {
  header.location (frm_deny.php)
  }

Okay, I hope that gives you an idea.. that's probably very rough code, it's there as a suggestion for an approach, rather than cut and paste. The idea is that you do a mysql query on the entered user name and password. If the users stored start page is retrieved, send them there, else send them to a 'access denied' page. There are a few other things I would add.. i.e. don't even run the query if the entered values for username and or password are zero length; check to make sure there's one and only one match if not zero length; use ob_start() and ob_end_flush() to avoid head problems when trying to redirect

let me know if this makes any sense, best of luck.
 
You must log in or register to reply here.
Back
Top