Trying to redirect login user to specific url

Spent 3 days figuring out how this whole deal works with allowing a user to register a name and password, placing that information in a database, and allowing them to login and all that good stuff. Well, I'm stuck... I know how to create a database, I know how to create a table, and I know how to recall information from a table on a webpage. I even currently have it setup so that when a user logs in it takes them to a page where it displays their specified url. This is great, but what I'd like to happen is when they login to their account it takes them directly to their URL, rather than have them have to click on their account on the login successful screen... Make sense? My coding is very simple. This is my code for my login.php page...




FGMembersite is the PHP that checks the info... as you can see, it automatically redirects the user to "login-home.php". But, it is not checking what user is logged in and redirecting it to their own specified page. I feel like there's like one line of coding I could put in there in place of $fgmembersite->RedirectToURL("login-home.php"); to make this work, but maybe not? Pretty new to this, so I'm not able to fully understand everything. HELP PLEASE!

Why not use a redirect header?



You should be getting the member data within login-home.php

I've been seeing a redirect header everywhere, but I have no idea what file to place that in or how it works. I mean, I get what the header does, as in, it would redirect me to "login-home.php", but how does it know what user has logged in?

Like, I don't understand how it all works, but it only makes sense for their to be a way for once a user is logged in that there is a new url created for them specifically so that there can be personalized information... and you can recall a new table (or whatever) that is specific to that users information... am I making sense?

Personally I would save the data of the currently logged in user in a session.

You should create a session, redirect the user to login-home.php and then load the user data in login-home.php using the session you created.

Simply redirecting the user to a user-specific url would be a security risk.

That definitely makes sense, so that each user is specifically logged into their session... And I definitely don't want to be any security risks... Is there a good tutorial to recommend for how to do this?

Take a look at this tutorial

Edit: Just saw there is an updated version here

And yet an even better tutorial

You can use
1st method
header("location:login.php");

2nd method

<script>
window.location="login.php"
</script>

Where would I put this code? Also, how would it know which user is logging in if they are all being directed to "login.php"?

When you write your login script you want it to be something similar to this but specific to your variables.



This way after the user logs in their username is stored in $_SESSION['userName'] for future reference by other scripts during the duration of the session

Yes I realize their is SQL injection vulnerabilities in this code just trying to keep it as so to keep it simple and prefer using php rather than pseudo code for demonstration

C'mon, that's a poor excuse. If you don't know to write proper PHP (or you don't have the time for it or whatever), then do use pseudo code instead.

There's nothing worse than posting bad code snippets, because those are likely to be just copied and pasted. And you didn't even say anything about the security holes.

yes i apologize for that. I should have included or at least mentioned the need to validate the input from the user before including it in the MySQL query.

However on a side note mysql_query is not deprecated yet is it? or am i just that far behind? I am currently running php 5.3.2 and i know there is php 5.4.x available but as far as i am aware the mysql_query method is not deprecated until 5.5.x when the mysql improved extension will replace the former mysql extension. I have used this method for many years and was how i was taught in college. What are the benefits of the MySqlI or using a data object?

Thanks alot,
TJ

It wasn't until ~5.5 that they decided to make it officially deprecated, true. However there are no new features that suddenly made it so - the PHP devs finally acknowledged that the mysql extension was inferior to mysqli and PDO, both of which have been out for a while. Those better tools are available to everyone and they should be using it right now.

Alright thanks for the information. Which one is superior between the two other than the fact that PDO supports more database drivers. I am familliar with pdo for MsSQL connections

Are you kidding?
http://php.net/manual/en/mysqlinfo.api.choosing.php
(kind of funny to link a PHP moderator to the PHP reference)