RE: [PHP] redirecting after login
[snip] A site I'm working on requires a login screen where various individuals will log into the site and add information for their various departments. Rather than setup a different script for each department, I was hoping to create one script that would either accept or deny a login based on the username/password stored in a database, then based on the username/password - redirect the individuals browser to a URL. [/snip] You need to take the script below and place it into a seperate file with NO OTHER INFORMATION. Your form action should state that this script is the action and method should be POST. Modify this script for access levels and redirect pages. email; $level = $dbuser->accesslevel; // //send the user to a page based on their user level switch($level) { case "level1": header("Location: level1.php"); exit; break; case "level2": header("Location: level2.php"); exit; break; case "level3": header("Location: level.php"); exit; break; case "level4": header("Location: level4.php"); exit; break; case "level5": header("Location: level5.php"); exit; break; default: header("Location: loginfail.php"); exit; } ?> HTH! Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirecting after login
> Umm...I hope register_globals is off... And if not. http://www.yourdomain.com/yourpage.php"; method="post"> Can be used from every server to login. Op dinsdag 23 juli 2002 12:42, schreef John Holmes: > > why don't u do something like > > > > if (!username) > > { you can not access this page > > } > > else > > { > > //page content > > } > > > > ? > > > > that's a quick fix but might be all you need to do.. > > Umm...I hope register_globals is off... > > www.yourdomain.com/yourpage.php?username=a_bad_user > > ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
> why don't u do something like > > if (!username) > { you can not access this page > } > else > { > //page content > } > > ? > > that's a quick fix but might be all you need to do.. Umm...I hope register_globals is off... www.yourdomain.com/yourpage.php?username=a_bad_user ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
> what doesn't work is after they login to Page 1, the > redirect sends them to > Page 2 and right back to Page 1 because the global session > isn't staying > registered. Are you putting session_start() at the top of each page where you want to be able to use the session stuff you've set? CYA, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
why don't u do something like if (!username) { you can not access this page } else { //page content } ? that's a quick fix but might be all you need to do.. > -Original Message- > From: Tim Thorburn [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 23 July 2002 5:01 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] redirecting after login > > > > > > >Once they've been redirected, can they just bookmark the resulting page > >and never have to log in again? > > > Actually, yes - after a couple hours of playing around with the login and > finally getting the Meta tags to work for me, I found that if the person > were to simply type in the URL of the protected page, they would > have full > access. Right now I'm playing with sessions and global sessions > to try and > correct this problem. Although its not working as well as I had hoped. > > Basically the plan is for all users to goto Page 1 - the login page, and > then be re-directed to their proper destination - Page 2. But, > if a clever > bad person were to simply type in the URL to Page 2 they could > have access > to the database and run amuck. So I added a line checking to see if the > session from Page 1 is registered, if not, goto Page 1. That > part works - > what doesn't work is after they login to Page 1, the redirect > sends them to > Page 2 and right back to Page 1 because the global session isn't staying > registered. > > Since its 2am I'm quitting for the nite ... but maybe some friendly > European people awake at this hour might have an idea on this > one? Or even > friendly caffeine addicts on the side of the pond :P > > Thanks > -Tim > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirecting after login
> >Once they've been redirected, can they just bookmark the resulting page >and never have to log in again? Actually, yes - after a couple hours of playing around with the login and finally getting the Meta tags to work for me, I found that if the person were to simply type in the URL of the protected page, they would have full access. Right now I'm playing with sessions and global sessions to try and correct this problem. Although its not working as well as I had hoped. Basically the plan is for all users to goto Page 1 - the login page, and then be re-directed to their proper destination - Page 2. But, if a clever bad person were to simply type in the URL to Page 2 they could have access to the database and run amuck. So I added a line checking to see if the session from Page 1 is registered, if not, goto Page 1. That part works - what doesn't work is after they login to Page 1, the redirect sends them to Page 2 and right back to Page 1 because the global session isn't staying registered. Since its 2am I'm quitting for the nite ... but maybe some friendly European people awake at this hour might have an idea on this one? Or even friendly caffeine addicts on the side of the pond :P Thanks -Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirecting after login
On Mon, 22 Jul 2002, Tim Thorburn wrote: > A site I'm working on requires a login screen where various individuals > will log into the site and add information for their various > departments. Rather than setup a different script for each department, I > was hoping to create one script that would either accept or deny a login > based on the username/password stored in a database, then based on the > username/password - redirect the individuals browser to a URL. > > I've got the login part working perfectly, and I can turn the URL into a > link on the page, but I'd rather have the script just automatically forward > the person to the page they're login gives them access to. > > I've tried using header(), but since the redirection takes place about > mid-script, it doesn't work. I've also tried using tag redirects, > but those don't seem to accept the PHP/MySQL combo. Once they've been redirected, can they just bookmark the resulting page and never have to log in again? miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
I forgot to tell you: This snippet is supposed to go at the very top of the login page (right after the -Original Message- > From: César Aracena [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 23, 2002 1:45 AM > To: 'Tim Thorburn'; [EMAIL PROTECTED] > Subject: RE: [PHP] redirecting after login > > Hi. Since I haven't used meta tags for years now (don't like them:) I > can't help you there, but instead, here's a typical login/redirect PHP > page of mine. As you can see, it doesn't matter if the login form is at > the bottom of the page, or even if it's after an included header file as > long the form points to $PHP_SELF: > > session_start(); > > if ($username && $pass) > { > $db_conn = mysql_connect("localhost", "admin", "password"); > > mysql_select_db("db_name", $db_conn); > > $query = "SELECT * FROM table_name WHERE username = '$username' > AND password = password('$pass')"; > > $result = mysql_query($query, $db_conn); > > if (mysql_num_rows($result) > 0) > { > $row = mysql_fetch_array($result); > if ($row['devlevel'] == '2') > { > $valid_admin = $row['devfirst']; > session_register("valid_admin"); > header("Location: ../admin/index.php"); > exit; > } > else if ($row['devlevel'] == '1') > { > $valid_user = $row['devid']; > session_register("valid_user"); > header("Location: index.php"); > exit; > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > } > else > { > header("Location: ../jumpto.php?fetch=devent"); > exit; > } > > Like this, I can diferenciate the users by fetching the "devlevel" > number from the same DB that the user was authenticated from. > > HTH, C. > > > > -Original Message- > > From: Tim Thorburn [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 23, 2002 1:00 AM > > To: [EMAIL PROTECTED] > > Subject: [PHP] redirecting after login > > > > Hi, > > > > A site I'm working on requires a login screen where various > individuals > > will log into the site and add information for their various > > departments. Rather than setup a different script for each > department, I > > was hoping to create one script that would either accept or deny a > login > > based on the username/password stored in a database, then based on the > > username/password - redirect the individuals browser to a URL. > > > > I've got the login part working perfectly, and I can turn the URL into > a > > link on the page, but I'd rather have the script just automatically > > forward > > the person to the page they're login gives them access to. > > > > I've tried using header(), but since the redirection takes place about > > mid-script, it doesn't work. I've also tried using tag > redirects, > > but those don't seem to accept the PHP/MySQL combo. > > > > Any ideas? > > > > Thanks > > -Tim > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
Hi. Since I haven't used meta tags for years now (don't like them:) I can't help you there, but instead, here's a typical login/redirect PHP page of mine. As you can see, it doesn't matter if the login form is at the bottom of the page, or even if it's after an included header file as long the form points to $PHP_SELF: session_start(); if ($username && $pass) { $db_conn = mysql_connect("localhost", "admin", "password"); mysql_select_db("db_name", $db_conn); $query = "SELECT * FROM table_name WHERE username = '$username' AND password = password('$pass')"; $result = mysql_query($query, $db_conn); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); if ($row['devlevel'] == '2') { $valid_admin = $row['devfirst']; session_register("valid_admin"); header("Location: ../admin/index.php"); exit; } else if ($row['devlevel'] == '1') { $valid_user = $row['devid']; session_register("valid_user"); header("Location: index.php"); exit; } else { header("Location: ../jumpto.php?fetch=devent"); exit; } } else { header("Location: ../jumpto.php?fetch=devent"); exit; } } else { header("Location: ../jumpto.php?fetch=devent"); exit; } Like this, I can diferenciate the users by fetching the "devlevel" number from the same DB that the user was authenticated from. HTH, C. > -Original Message- > From: Tim Thorburn [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 23, 2002 1:00 AM > To: [EMAIL PROTECTED] > Subject: [PHP] redirecting after login > > Hi, > > A site I'm working on requires a login screen where various individuals > will log into the site and add information for their various > departments. Rather than setup a different script for each department, I > was hoping to create one script that would either accept or deny a login > based on the username/password stored in a database, then based on the > username/password - redirect the individuals browser to a URL. > > I've got the login part working perfectly, and I can turn the URL into a > link on the page, but I'd rather have the script just automatically > forward > the person to the page they're login gives them access to. > > I've tried using header(), but since the redirection takes place about > mid-script, it doesn't work. I've also tried using tag redirects, > but those don't seem to accept the PHP/MySQL combo. > > Any ideas? > > Thanks > -Tim > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirecting after login
using header() should work if you don't output anything before it. If you can restructure your code so that you can remove any output until after the header(), then that'd be the way to go. You said the meta refresh didn't work - did you get the syntax right? Since I don't use it much, it's one of those tags that takes me ages to get the syntax right (I could chuck it into a code repository somewhere, but I'm too lazy to do that...) Failing the above two methods, you could put a hidden form that gets auto-submitted when the page loads HTH Martin -Original Message- From: Tim Thorburn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 2:00 PM To: [EMAIL PROTECTED] Subject: [PHP] redirecting after login Hi, A site I'm working on requires a login screen where various individuals will log into the site and add information for their various departments. Rather than setup a different script for each department, I was hoping to create one script that would either accept or deny a login based on the username/password stored in a database, then based on the username/password - redirect the individuals browser to a URL. I've got the login part working perfectly, and I can turn the URL into a link on the page, but I'd rather have the script just automatically forward the person to the page they're login gives them access to. I've tried using header(), but since the redirection takes place about mid-script, it doesn't work. I've also tried using tag redirects, but those don't seem to accept the PHP/MySQL combo. Any ideas? Thanks -Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php