December 30th, 2012, 05:19 PM
Trying to redirect login user to specific url
Spent 3 days figuring out how this whole deal works with allowing a user to register a name and password, placing that information in a database, and allowing them to login and all that good stuff. Well, I'm stuck... I know how to create a database, I know how to create a table, and I know how to recall information from a table on a webpage. I even currently have it setup so that when a user logs in it takes them to a page where it displays their specified url. This is great, but what I'd like to happen is when they login to their account it takes them directly to their URL, rather than have them have to click on their account on the login successful screen... Make sense? My coding is very simple. This is my code for my login.php page...
FGMembersite is the PHP that checks the info... as you can see, it automatically redirects the user to "login-home.php". But, it is not checking what user is logged in and redirecting it to their own specified page. I feel like there's like one line of coding I could put in there in place of $fgmembersite->RedirectToURL("login-home.php"); to make this work, but maybe not? Pretty new to this, so I'm not able to fully understand everything. HELP PLEASE!
December 30th, 2012, 05:59 PM
Why not use a redirect header?
You should be getting the member data within login-home.php
Last edited by Rhytz; December 30th, 2012 at 06:01 PM.
December 30th, 2012, 06:08 PM
I've been seeing this everywhere but where do I put that?
I've been seeing a redirect header everywhere, but I have no idea what file to place that in or how it works. I mean, I get what the header does, as in, it would redirect me to "login-home.php", but how does it know what user has logged in?
Like, I don't understand how it all works, but it only makes sense for their to be a way for once a user is logged in that there is a new url created for them specifically so that there can be personalized information... and you can recall a new table (or whatever) that is specific to that users information... am I making sense?
Originally Posted by Rhytz
December 30th, 2012, 06:28 PM
Personally I would save the data of the currently logged in user in a session.
You should create a session, redirect the user to login-home.php and then load the user data in login-home.php using the session you created.
Simply redirecting the user to a user-specific url would be a security risk.
December 30th, 2012, 06:36 PM
That definitely makes sense, so that each user is specifically logged into their session... And I definitely don't want to be any security risks... Is there a good tutorial to recommend for how to do this?
December 30th, 2012, 06:43 PM
December 31st, 2012, 02:02 AM
You can use
December 31st, 2012, 02:07 PM
Where would I put this code? Also, how would it know which user is logging in if they are all being directed to "login.php"?
Originally Posted by mukeshshiv
December 31st, 2012, 02:43 PM
When you write your login script you want it to be something similar to this but specific to your variables.
This way after the user logs in their username is stored in $_SESSION['userName'] for future reference by other scripts during the duration of the session
$result=mysql_query('SELECT * FROM userTable WHERE userName='$_POST[userName]');
Comments on this post
January 1st, 2013, 04:21 PM
Yes I realize their is SQL injection vulnerabilities in this code just trying to keep it as so to keep it simple and prefer using php rather than pseudo code for demonstration
January 1st, 2013, 08:37 PM
C'mon, that's a poor excuse. If you don't know to write proper PHP (or you don't have the time for it or whatever), then do use pseudo code instead.
Originally Posted by portcitysoftwar
There's nothing worse than posting bad code snippets, because those are likely to be just copied and pasted. And you didn't even say anything about the security holes.
January 1st, 2013, 10:46 PM
yes i apologize for that. I should have included or at least mentioned the need to validate the input from the user before including it in the MySQL query.
However on a side note mysql_query is not deprecated yet is it? or am i just that far behind? I am currently running php 5.3.2 and i know there is php 5.4.x available but as far as i am aware the mysql_query method is not deprecated until 5.5.x when the mysql improved extension will replace the former mysql extension. I have used this method for many years and was how i was taught in college. What are the benefits of the MySqlI or using a data object?
Originally Posted by Jacques1
January 1st, 2013, 11:31 PM
It wasn't until ~5.5 that they decided to make it officially deprecated, true. However there are no new features that suddenly made it so - the PHP devs finally acknowledged that the mysql extension was inferior to mysqli and PDO, both of which have been out for a while. Those better tools are available to everyone and they should be using it right now.
January 1st, 2013, 11:39 PM
Alright thanks for the information. Which one is superior between the two other than the fact that PDO supports more database drivers. I am familliar with pdo for MsSQL connections
Originally Posted by requinix
January 2nd, 2013, 12:16 AM