PHP/MySQL Login Form Help

Limit · 10-01-2004, 09:40 AM

Hi i have a login form on my website which asks for the users username and password. I need help getting it to check if the user and password match, etc... and then to redirect to there folder which is there username.

the database table I created is called siteusers and has the following fields:-

ID
Username
Password (MD5)

What i need it to do is when a user types in the username and password it checks if the user exists and if the user does exist it will then check there password and redirect to there area on my domain. e.g http://www.domain.co.uk/username.

however i'm cannot seem to do this in PHP any ideas how i can?

**LazyJim** · 10-01-2004, 03:15 PM

obviously you've tried, so which bit isn't working?
Or post the likely wrong parts of your script and we can try to spot errors?

Limit · 10-02-2004, 05:55 AM

this is what i have:-

Code:

<?
//set the cookie on this page and then go to logact.php
//echo "username = $username<br>";

$username = @$HTTP_POST_VARS["username"];
$password_temp = @$HTTP_POST_VARS["password"];
$password = md5($password_temp);
$intheform = @$HTTP_POST_VARS["intheform"];

IF (($username == "") AND ($password == "") AND ($intheform == "yes")):
   $error = "Please enter your username & password";
ELSE:
//   echo "came through 1 - contains 1 complete field<br>";
   IF (($username != "") && ($password != "")):
//      echo "came through 2 - both fields complete<br>";
      require "_inc/connect.php";
      $query   = "SELECT username, password FROM users WHERE username='$username'";
      $result   = @MYSQL_QUERY($query) OR DIE ("Failed to $query on line 5");
      $num   = MYSQL_NUMROWS($result);
      IF ($num > 0):
//         echo "came through 3 - found a user<br>";
         $sqlpassword = MYSQL_RESULT($result,0,password);
         IF ($sqlpassword == $password):
//            echo "came through 4 - user pwd match with db pwd<br>";

            setcookie("login",$username,0);

            echo "<SCRIPT>";
            echo "window.location = \"user\"</SCRIPT>";

         ELSE:
            $error = "Incorrect Password. Please try again.";
         ENDIF;
      ELSE:
         $error = "Username does not exist. Please try again.";
      ENDIF;
   ELSEIF (($username != "") || ($password != "")):
      $error = "Please complete the form before submitting.";
   ENDIF;
ENDIF;
?>

All that does it check the username and password but does not forward to the folder associated with that user in the database.

The fields for the database are:-

Username
Password (MD5)
Folder

What i need it to do is once it has checked the username and password i need it to forward to there own folder and prevent access to other peoples folders.

**LazyJim** · 10-02-2004, 07:34 AM

Ok the forwarding is easy, and as for blocking access to other folders, well you'll have to do check for either what folder they try and use, or create an interface that don't let them see what folder they're using and will only let the right person use the right folder.

Forwarding:

PHP Code:


		
			
<?php

$folder_path = "/whatever/";

header( "Location: $folder_path" );

exit;

?>